last executing test programs: 8m8.940739444s ago: executing program 0 (id=2513): close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000600)='cgroup.kill\x00', 0x275a, 0x0) fchmod(r0, 0x80) 8m8.940166045s ago: executing program 0 (id=2514): r0 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'xfrm0\x00', 0x0}) sendto$packet(r0, &(0x7f0000000080)="4d01000000000000000100e50414090b0092000000000000005ee4cc040c1e5fcc2eae7fc0dacea9ed192143db2c8381a3e349d8", 0x43, 0x81, &(0x7f0000000340)={0x11, 0x0, r1, 0x1, 0xe, 0x6, @random="645bcc77540e"}, 0x14) 8m8.901614024s ago: executing program 0 (id=2515): r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000440)={0x0, 0x8, 0x0, 'queue1\x00', 0x4000001}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_INFO(r0, 0xc08c5335, &(0x7f00000001c0)={0x0, 0x80, 0x1, 'queue0\x00', 0xfffffffe}) 8m8.815178225s ago: executing program 0 (id=2516): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000080)={'\x00', 0x52d35ce30131f272}) ioctl$TUNGETFILTER(r0, 0x801054db, &(0x7f00000000c0)=""/123) 8m8.71155797s ago: executing program 0 (id=2517): r0 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f00000001c0)=0x10) mknodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file2\x00', 0x81c0, 0x0) 8m8.673355314s ago: executing program 0 (id=2518): mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x4, 0x0, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000480)='numa_maps\x00') read$FUSE(r0, &(0x7f0000000b40)={0x2020}, 0x2020) 7m53.531309738s ago: executing program 32 (id=2518): mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x4, 0x0, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000480)='numa_maps\x00') read$FUSE(r0, &(0x7f0000000b40)={0x2020}, 0x2020) 2m32.575516047s ago: executing program 4 (id=7796): r0 = syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x0) syz_usb_disconnect(r0) syz_usb_connect(0x4, 0x24, &(0x7f0000000540)=ANY=[], 0x0) ioctl$EVIOCRMFF(r0, 0x40095505, 0x0) 2m31.753946814s ago: executing program 4 (id=7812): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000480)={0x1, 0x0, [{0x40000084}]}) 2m31.560289914s ago: executing program 4 (id=7814): mkdirat(0xffffffffffffff9c, &(0x7f0000002000)='./file0\x00', 0x0) mount$tmpfs(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100), 0x80, &(0x7f00000003c0)=ANY=[@ANYBLOB='nr_inodes=E']) openat$dir(0xffffffffffffff9c, &(0x7f0000000080)='./file0/file1\x00', 0x181140, 0x80) linkat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0/file1\x00', 0xffffffffffffff9c, &(0x7f00000003c0)='./file0/file2\x00', 0x1000) 2m31.443560411s ago: executing program 4 (id=7816): r0 = memfd_create(&(0x7f00000005c0)='-B\xd5NI\xc5j\x9appp\xf0\b\x84\xa2m\x00\v\x18\x004\xa6Ey\xdb\xd1\xa7\xb1S\xf1:)\x00\xca\xd7Uw\x00\xbc\xfa2\xb3\xbb\x8d\xac\xacva}knh#\xcf)\x0f\xc8\xc0:\x9cc\x10`\xee\xa9\x8b\x06%\xb8G\xd1c\xe1$\xff\x97k\xde\xc5\xa96\xddU)\xc98M\xcd\xfb\xcc\x82n=\x7f=\xd9Jx\xaa\x8f~\xb94a\xa9\xb2\x04K\x98\x93=\xabQ\xf7\x05\x1d\xa1\xce\x8b\x19\xea\xef\xe3\xd6m\xf7@]iNP\xf1\x1d\xab\x13\xce\x152s\xb8\x85\x98\x84\xbf\x8c\x80{\x16\t\xd6\x17P3\xe9\xebGKL\xd3\x88\xd2\rLG\x8e\xd6\xa72\xf4\x92\xeb&\xa5\xcc\x14FZN\x98%[p\x989\xf6\xf5\xb6\xedk\xe6\xb0\xa1\x8f\x90\xdb\xd6h)\x0f6\x88\x03P\x8ak\xf9\xc9\x82`\xa7Ku\x99\xab\xd4\xb2\xaa1\x99O\x8b\x99-\xe3', 0x1) r1 = dup(r0) write$binfmt_elf64(r1, &(0x7f00000006c0)=ANY=[@ANYBLOB="7f454c4606ff78a33e0200000000000002003e00cd000000c9030000000000004000000000000000ea02000000000000000001000500380001000600b10600040300000081000000ff00000000000000f50f0000000000000500000000000000b8"], 0x134) execveat(r1, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000) 2m31.42254609s ago: executing program 4 (id=7817): r0 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000980)={0x802}, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)={0x14, 0x42, 0x201, 0x0, 0x0, {0xa}}, 0x14}}, 0x40044c4) syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), r0) 2m31.374430693s ago: executing program 4 (id=7818): r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/partitions\x00', 0x0, 0x0) r1 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/compact_memory\x00', 0x1, 0x0) sendfile(r1, r0, &(0x7f0000000180)=0x58, 0x3fffff) pselect6(0x40, &(0x7f0000000100)={0x7, 0x200400000007, 0x2, 0x7ffffffffffffbff, 0x2000000000000000, 0x0, 0x0, 0x2000000000000020}, 0x0, &(0x7f0000000240)={0x1f, 0x1, 0xffffffffffffffea, 0x0, 0x0, 0x200000, 0x4, 0x6}, &(0x7f0000000280)={0x0, 0x989680}, 0x0) 2m26.347656362s ago: executing program 2 (id=7839): r0 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000100), 0x8000) r1 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000040), 0x8002) write$binfmt_aout(r1, &(0x7f0000000380)=ANY=[@ANYBLOB="03070000b5"], 0xc8) close_range(r0, 0xffffffffffffffff, 0x0) 2m26.268848886s ago: executing program 2 (id=7840): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000100)={'wlan0\x00', 0x0}) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000400), 0xffffffffffffffff) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r0, &(0x7f0000000800)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f00000006c0)={0x2c, r2, 0x401, 0x70bd25, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r1}, @void}}, [@chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x1720}], @NL80211_ATTR_DURATION={0x8, 0x57, 0xa}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x80) 2m26.16662543s ago: executing program 2 (id=7842): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000440)={0x1, 0x0, [{0x345, 0x0, 0x2000000}]}) 2m25.983953273s ago: executing program 2 (id=7846): r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f00000002c0)=0x20) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0) rename(&(0x7f0000000280)='./file0\x00', &(0x7f0000000300)='./file1\x00') 2m25.927143857s ago: executing program 2 (id=7847): r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x3, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x3, 0x0, @loopback}, 0x1c) setsockopt$inet6_int(r0, 0x29, 0x43, &(0x7f0000000380)=0xffffffff, 0x4) 2m24.668000423s ago: executing program 2 (id=7852): r0 = syz_open_dev$vim2m(&(0x7f0000000140), 0x10002, 0x2) r1 = syz_open_dev$vim2m(&(0x7f0000000040), 0x8, 0x2) ioctl$vim2m_VIDIOC_REQBUFS(r1, 0xc0145608, &(0x7f0000000200)={0xfffffffb, 0x2, 0x1, 0x0, 0x4}) ioctl$vim2m_VIDIOC_STREAMOFF(r0, 0x40045612, &(0x7f0000000080)=0x2) 2m24.496884639s ago: executing program 33 (id=7852): r0 = syz_open_dev$vim2m(&(0x7f0000000140), 0x10002, 0x2) r1 = syz_open_dev$vim2m(&(0x7f0000000040), 0x8, 0x2) ioctl$vim2m_VIDIOC_REQBUFS(r1, 0xc0145608, &(0x7f0000000200)={0xfffffffb, 0x2, 0x1, 0x0, 0x4}) ioctl$vim2m_VIDIOC_STREAMOFF(r0, 0x40045612, &(0x7f0000000080)=0x2) 2m16.309743875s ago: executing program 34 (id=7818): r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/partitions\x00', 0x0, 0x0) r1 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/compact_memory\x00', 0x1, 0x0) sendfile(r1, r0, &(0x7f0000000180)=0x58, 0x3fffff) pselect6(0x40, &(0x7f0000000100)={0x7, 0x200400000007, 0x2, 0x7ffffffffffffbff, 0x2000000000000000, 0x0, 0x0, 0x2000000000000020}, 0x0, &(0x7f0000000240)={0x1f, 0x1, 0xffffffffffffffea, 0x0, 0x0, 0x200000, 0x4, 0x6}, &(0x7f0000000280)={0x0, 0x989680}, 0x0) 1.675464766s ago: executing program 1 (id=9874): r0 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000040)={0x802}, 0x10) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a"], 0x7c}}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="1c0000001a00010000000000000000001c"], 0x28}}, 0x0) 1.606422652s ago: executing program 1 (id=9876): setresgid(0x0, 0xee01, 0x0) prctl$PR_SET_SECUREBITS(0x1c, 0x1d) setuid(0xee01) openat$tcp_congestion(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) 1.462923872s ago: executing program 1 (id=9878): r0 = socket$l2tp(0x2, 0x2, 0x73) bind$l2tp(r0, &(0x7f0000000140), 0x10) sendto$l2tp(r0, &(0x7f0000000280)="e5786a0d000000000000003b", 0xc, 0x8000, &(0x7f0000000240)={0x2, 0x0, @loopback}, 0x10) ioctl$sock_TIOCINQ(r0, 0x541b, &(0x7f0000000300)) 1.268911956s ago: executing program 1 (id=9882): r0 = openat$vicodec0(0xffffffffffffff9c, &(0x7f00000004c0), 0x2, 0x0) write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x3, 0x2, 0x6, 0xfffa}, 0x3a, [0x8000, 0xc95a, 0x1, 0x8, 0x7fffffff, 0x2, 0x80007, 0x7f, 0x20000006, 0x4d, 0x6, 0x5f, 0x9, 0x5, 0xffff2d37, 0xffffff01, 0x7, 0x3, 0x0, 0x5, 0x24, 0x1, 0x7, 0x3c5b, 0x1, 0x24, 0x6, 0x1, 0x5, 0xffffffff, 0xe661, 0x4, 0x7, 0x89d2, 0x8, 0x4c74, 0x80000000, 0x40000, 0x3, 0xe, 0x0, 0x80008071, 0x7, 0x17, 0xd, 0x407, 0x5, 0x3e, 0x8f, 0x4006, 0x6, 0x80000000, 0x0, 0x4, 0x8, 0x400, 0x80, 0x0, 0x4, 0x7, 0x8, 0x4, 0xfffffffe, 0x40], [0x10000007, 0xf0000000, 0x8000012f, 0x8004, 0x5, 0x6, 0x129432e6, 0xc8, 0xf9, 0xe, 0x2bf, 0x6c7, 0x9, 0xfffffffc, 0x3, 0x0, 0x0, 0x5, 0x2f, 0x10, 0x312, 0xd, 0xea4, 0xffffffff, 0x4, 0x7, 0x7fff, 0x5a7c, 0x420, 0x401, 0x6, 0x0, 0xff, 0x1, 0x1000005, 0x5f31, 0xd, 0x4e0, 0x2, 0x4, 0xb, 0x4, 0x20009, 0x8, 0x9, 0x9, 0x47, 0x8000, 0x1, 0xfe000000, 0xffff, 0xfffffffe, 0x7, 0x9, 0x5, 0x3, 0x8, 0x1, 0x3, 0x6c0, 0xbc45, 0x48c93690, 0x42, 0x3], [0x7, 0x408, 0x8004, 0x5, 0xfffffffe, 0x100, 0x8d2, 0x9, 0x5, 0x7fff, 0x0, 0x5, 0xb, 0x4, 0x9, 0x5, 0x0, 0x1ef, 0x5, 0x8, 0x10000, 0x3, 0x5, 0x3e7, 0xb, 0x5, 0x2, 0x2, 0x3, 0x20000008, 0x4, 0x6d01, 0x6, 0x1, 0x800003, 0x200, 0x7e, 0x7, 0x4, 0x2950bfaf, 0xffe, 0xa2, 0x7, 0xa9, 0x5, 0x9, 0xac8, 0x2000af, 0x2, 0x3, 0x7ff, 0x12b, 0x4, 0x1, 0x0, 0x0, 0x5, 0x1c, 0x120000, 0x3, 0x2004, 0x80a2ed, 0x4, 0x25], [0x9, 0xbb33, 0x7, 0x8000b, 0x5, 0x938, 0x6, 0x6, 0x0, 0xb9, 0xce7, 0x9, 0x2, 0x57, 0x5, 0x3, 0x101, 0x10000, 0x4, 0x7fff, 0xffff, 0x2000a620, 0x2, 0x5, 0x1, 0x2, 0x5, 0xe7, 0x6, 0x16, 0xfffffffe, 0x80000003, 0x6, 0x4, 0xc8, 0x9, 0xfffff000, 0x10000, 0x3, 0x7e, 0xfd, 0x9602, 0x7, 0xaf, 0x8, 0x6, 0xffffffff, 0x5, 0x5, 0x8, 0x30b1d693, 0x5, 0xf40, 0x7, 0x1, 0x6c1b, 0x0, 0x4, 0x5, 0xb1e, 0xd7, 0x200, 0xffff3441, 0xfff]}, 0x45c) ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0) ioctl$VIDIOC_PREPARE_BUF(r0, 0xc058565d, &(0x7f0000000500)=@userptr={0x6, 0xa, 0x4, 0x1, 0x0, {0x0, 0x2710}, {0x1, 0xc, 0xd2, 0x6, 0x77, 0x6, "0080ca6f"}, 0xff, 0x2, {&(0x7f00000002c0)}, 0x6}) 1.242992423s ago: executing program 3 (id=9883): r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000240)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x44}}, 0x10) sendmmsg$inet(r0, &(0x7f00000001c0)=[{{&(0x7f0000000140)={0x2, 0x4e22, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000000180)=[@ip_retopts={{0x14, 0x0, 0x7, {[@ra={0x94, 0x4}]}}}], 0x18}}], 0x1, 0x44008004) write$binfmt_misc(r0, &(0x7f0000000300), 0xfdef) 1.079215712s ago: executing program 6 (id=9885): sendmsg$DEVLINK_CMD_RELOAD(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000200)=ANY=[@ANYBLOB="44010000", @ANYRES16, @ANYBLOB="000128bd7000fcdbdf2525000000080001007063690011000200303030303a30303a31302e300000000008008b00", @ANYRES32, @ANYBLOB="080001007063690011000200303030303a30303a31302e300000000008008b00", @ANYRES32, @ANYBLOB="0e0001006e657464657673696d0000000f000200"], 0x144}, 0x1, 0x0, 0x0, 0x81}, 0x48041) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000480), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_COALESCE_SET(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)=ANY=[@ANYBLOB='t\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000001400000018000180140002006e657464657673696d3000000000000005000c0001000000080007000100000008000600000100000800050002000000080013007cc4000008000d000400000005000b000400000008000e008100000008"], 0x74}, 0x1, 0x0, 0x0, 0x2400c000}, 0x0) 1.068858889s ago: executing program 3 (id=9887): r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000005c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_DEL_STATION(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)={0x34, r0, 0x121, 0x70bd2c, 0xfffffffe, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}]}, 0x34}, 0x1, 0x0, 0x0, 0x40}, 0x80) 951.807225ms ago: executing program 6 (id=9888): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x28880, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000100)={0x1, 0x0, [{0x40000093}]}) 895.649537ms ago: executing program 3 (id=9889): r0 = syz_open_dev$vim2m(&(0x7f0000000100), 0x2, 0x2) ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f00000000c0)={0x2, 0x1, 0x1}) ioctl$vim2m_VIDIOC_STREAMOFF(r0, 0x40045612, &(0x7f0000000000)=0x1) ioctl$vim2m_VIDIOC_STREAMOFF(r0, 0x40045612, &(0x7f0000000080)=0x1) 894.379583ms ago: executing program 1 (id=9897): pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$P9_RGETLOCK(r1, &(0x7f00000002c0)=ANY=[], 0x200002e6) read$FUSE(r0, &(0x7f0000001240)={0x2020}, 0x2020) fcntl$setpipe(r1, 0x407, 0x7000000) 886.674843ms ago: executing program 5 (id=9890): r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r0, 0x107, 0x17, &(0x7f0000000080)=0x1, 0x4) r1 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000580)=[{&(0x7f0000000000)="14", 0x1}], 0x1}, 0x0) 760.560435ms ago: executing program 5 (id=9891): r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) connect$bt_l2cap(r0, &(0x7f0000000040)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0xe) setsockopt$bt_BT_SECURITY(r0, 0x112, 0x4, &(0x7f0000000000)={0x3}, 0x2) sendmmsg$sock(r0, &(0x7f0000000a40)=[{{0x0, 0x0, 0x0}}], 0x1, 0x200080c0) 714.634549ms ago: executing program 3 (id=9892): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x1e, &(0x7f0000000180)=0x400000001, 0xc2) setsockopt$inet6_tcp_int(r0, 0x6, 0x2000000000000022, &(0x7f0000000340)=0x1, 0x4) connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @empty}, 0x1c) 629.921598ms ago: executing program 6 (id=9893): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x200, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_DEBUGREGS(r2, 0x4080aea2, 0x0) 612.369423ms ago: executing program 5 (id=9894): r0 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x204, 0x82) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1000002, 0x11012, r0, 0x0) ioctl$USBDEVFS_SUBMITURB(r0, 0x8038550a, &(0x7f0000000140)=@urb_type_control={0x2, {}, 0x20020009, 0x0, &(0x7f0000000240)={0x20, 0x0, 0xfffc, 0x360, 0x7}, 0x1a, 0x7, 0x60000000, 0x0, 0x4, 0x101, 0x0}) ioctl$USBDEVFS_REAPURBNDELAY(r0, 0x4008550d, &(0x7f0000000000)) 547.613319ms ago: executing program 3 (id=9895): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_XEN_HVM_CONFIG(r1, 0x4038ae7a, &(0x7f0000000000)={0x80, 0x40000105, 0x0, 0x0}) ioctl$KVM_XEN_HVM_CONFIG(r1, 0x4038ae7a, &(0x7f0000000280)={0x80, 0x400000b4, 0x0, 0x0}) 451.694442ms ago: executing program 5 (id=9896): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f0000000100)={'wpan0\x00', 0x0}) r2 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL802154_CMD_DEL_SEC_DEVKEY(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r2, 0x1, 0x70bd25, 0x25dfdbfd, {}, [@NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r1}]}, 0x24}, 0x1, 0x0, 0x0, 0x4000891}, 0x20000004) 369.944682ms ago: executing program 3 (id=9898): r0 = syz_io_uring_setup(0x2ea, &(0x7f00000000c0)={0x0, 0x0, 0x3010}, &(0x7f0000000040), &(0x7f0000000080)) r1 = openat$sndtimer(0xffffffffffffff9c, &(0x7f00000000c0), 0x0) read(r1, &(0x7f00000003c0)=""/4096, 0x1000) poll(&(0x7f0000000000)=[{r0, 0xd010}], 0x1, 0x9) 349.981255ms ago: executing program 6 (id=9899): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a4c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc080003400000001408000c4000000e45400000000c0a010100000000000000000a0000060900020073797a31000000000900010073797a310000000014000380100000800c00018006000100d103000014000000110001"], 0xb4}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x3}}, [@NFT_MSG_NEWSETELEM={0x4c, 0xc, 0xa, 0x101, 0x0, 0x0, {0xa, 0x0, 0x6}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x20, 0x3, 0x0, 0x1, [{0x1c, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0xc, 0x1, 0x0, 0x1, [@NFTA_DATA_VALUE={0x6, 0x1, "d103"}]}, @NFTA_SET_ELEM_TIMEOUT={0xc, 0x4, 0x1, 0x0, 0x2df31ab3}]}]}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x74}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) 295.877961ms ago: executing program 5 (id=9900): rseq(&(0x7f0000000040)={0x0, 0x0, 0x0, 0x3}, 0x20, 0x0, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r0, 0x0) rseq(&(0x7f0000000040)={0x0, 0x0, 0x0, 0x7}, 0x20, 0x1, 0x0) 168.475156ms ago: executing program 6 (id=9901): r0 = socket$xdp(0x2c, 0x3, 0x0) capset(&(0x7f0000000040)={0x19980330}, &(0x7f00000012c0)={0x3, 0x3, 0xfffffffd, 0x101, 0x5, 0x41000000}) setrlimit(0x40000000000008, &(0x7f0000000000)={0x20, 0x200000}) setsockopt$XDP_UMEM_REG(r0, 0x11b, 0x4, &(0x7f00000000c0)={0x0, 0x328000, 0x1000}, 0x20) 133.199217ms ago: executing program 5 (id=9902): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x28880, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000100)={0x1, 0x0, [{0x40000093}]}) 38.427619ms ago: executing program 6 (id=9903): r0 = socket$alg(0x26, 0x5, 0x0) mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x1) openat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x80101, 0x101) close_range(r0, 0xffffffffffffffff, 0x0) 0s ago: executing program 1 (id=9904): r0 = userfaultfd(0x80001) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000140)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x1}) ioctl$UFFDIO_COPY(r0, 0xc028aa05, &(0x7f0000000040)={&(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000000/0x3000)=nil, 0x3000, 0x3}) kernel console output (not intermixed with test programs): 0x1001 length: 249 > 9 [ 571.857987][ T5833] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 571.865630][ T5833] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 571.963809][ T52] Bluetooth: hci2: command tx timeout [ 572.362757][T23493] chnl_net:caif_netlink_parms(): no params data found [ 572.451769][T23510] tap0: tun_chr_ioctl cmd 1074025676 [ 572.465032][T23510] tap0: owner set to 0 [ 572.573772][T23493] bridge0: port 1(bridge_slave_0) entered blocking state [ 572.597672][T23493] bridge0: port 1(bridge_slave_0) entered disabled state [ 572.604972][T23493] bridge_slave_0: entered allmulticast mode [ 572.653710][T23493] bridge_slave_0: entered promiscuous mode [ 572.668912][T23493] bridge0: port 2(bridge_slave_1) entered blocking state [ 572.678236][T23493] bridge0: port 2(bridge_slave_1) entered disabled state [ 572.685507][T23493] bridge_slave_1: entered allmulticast mode [ 572.701620][T23493] bridge_slave_1: entered promiscuous mode [ 572.862653][T23493] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 572.909829][T23493] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 573.056387][T23493] team0: Port device team_slave_0 added [ 573.097536][T23493] team0: Port device team_slave_1 added [ 573.278297][T23493] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 573.297047][T23493] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 573.366919][T23493] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 573.463712][T23493] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 573.487167][T23493] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 573.548918][T23493] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 573.673687][T23493] hsr_slave_0: entered promiscuous mode [ 573.704659][T23493] hsr_slave_1: entered promiscuous mode [ 573.712420][T23493] debugfs: 'hsr0' already exists in 'hsr' [ 573.718499][T23493] Cannot create hsr debugfs directory [ 573.957635][ T52] Bluetooth: hci3: command tx timeout [ 574.377707][T23493] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 574.406391][T23493] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 574.429225][T23493] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 574.444358][T23493] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 574.733892][T23493] 8021q: adding VLAN 0 to HW filter on device bond0 [ 574.776239][T23493] 8021q: adding VLAN 0 to HW filter on device team0 [ 574.847602][ T2991] bridge0: port 1(bridge_slave_0) entered blocking state [ 574.854810][ T2991] bridge0: port 1(bridge_slave_0) entered forwarding state [ 574.938566][ T2991] bridge0: port 2(bridge_slave_1) entered blocking state [ 574.945771][ T2991] bridge0: port 2(bridge_slave_1) entered forwarding state [ 575.205037][T23589] netlink: 64 bytes leftover after parsing attributes in process `syz.3.7978'. [ 575.314368][T23591] binder: 23590:23591 ioctl c018620c 200000000580 returned -22 [ 575.332402][T23596] netlink: 4 bytes leftover after parsing attributes in process `syz.5.7981'. [ 575.389094][T23598] netlink: 4 bytes leftover after parsing attributes in process `syz.5.7981'. [ 575.464711][T23493] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 576.009204][T23493] veth0_vlan: entered promiscuous mode [ 576.037219][ T52] Bluetooth: hci3: command tx timeout [ 576.062188][T23493] veth1_vlan: entered promiscuous mode [ 576.125070][T23493] veth0_macvtap: entered promiscuous mode [ 576.144105][T23493] veth1_macvtap: entered promiscuous mode [ 576.186719][T23493] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 576.220523][T23493] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 576.250521][ T2991] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 576.275045][ T2991] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 576.298245][ T2991] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 576.324833][ T2991] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 576.443589][ T4444] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 576.462377][ T4444] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 576.510858][ T4444] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 576.523818][ T4444] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 576.571093][T23651] netlink: 180 bytes leftover after parsing attributes in process `syz.5.8003'. [ 576.725084][T23653] netlink: 'syz.5.8004': attribute type 83 has an invalid length. [ 576.940980][T23659] kvm: kvm [23658]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0xc0010007) = 0x6 [ 577.125243][T23669] netlink: 'syz.5.8011': attribute type 10 has an invalid length. [ 577.150385][T23669] netlink: 40 bytes leftover after parsing attributes in process `syz.5.8011'. [ 577.179226][T23669] net veth1_virt_wifi virt_wifi0: entered promiscuous mode [ 577.206763][T23669] net veth1_virt_wifi virt_wifi0: entered allmulticast mode [ 577.221287][T23669] A link change request failed with some changes committed already. Interface virt_wifi0 may have been left with an inconsistent configuration, please check. [ 577.450017][T23684] delete_channel: no stack [ 577.525547][ T24] hid_parser_main: 904 callbacks suppressed [ 577.525569][ T24] hid-generic 0000:0000:0000.0093: unknown main item tag 0x0 [ 577.553301][ T24] hid-generic 0000:0000:0000.0093: hidraw0: HID v0.00 Device [syz1] on syz0 [ 577.982299][T23706] loop8: detected capacity change from 0 to 7 [ 577.997716][T23706] loop8: [CUMANA/ADFS] p1 [Linux] p2 [ADFS] p1 [Linux] p2 [ 578.006279][T23706] loop8: partition table partially beyond EOD, truncated [ 578.017899][T23708] syz_tun: entered allmulticast mode [ 578.027691][T23706] loop8: p1 size 3651402975 extends beyond EOD, truncated [ 578.035397][T23707] syz_tun: left allmulticast mode [ 578.042715][T23706] loop8: p2 start 956478 is beyond EOD, truncated [ 578.117795][ T52] Bluetooth: hci3: command tx timeout [ 578.175421][ T6626] udevd[6626]: inotify_add_watch(7, /dev/loop8p1, 10) failed: No such file or directory [ 579.253997][T23761] netlink: 212368 bytes leftover after parsing attributes in process `syz.6.8055'. [ 579.586789][T23781] netlink: 16 bytes leftover after parsing attributes in process `syz.3.8064'. [ 580.046977][ T24] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 580.198829][ T52] Bluetooth: hci3: command tx timeout [ 580.214146][ T24] usb 6-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 580.238882][ T24] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 580.252416][ T24] usb 6-1: Product: syz [ 580.257004][ T24] usb 6-1: Manufacturer: syz [ 580.262071][ T24] usb 6-1: SerialNumber: syz [ 580.275328][ T24] usb 6-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 580.347993][T11288] usb 6-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 580.717025][ T50] usb 2-1: new high-speed USB device number 113 using dummy_hcd [ 580.887005][ T50] usb 2-1: Using ep0 maxpacket: 32 [ 580.900780][ T50] usb 2-1: config index 0 descriptor too short (expected 6683, got 27) [ 580.921410][ T50] usb 2-1: config 0 has an invalid interface number: 85 but max is 0 [ 580.930350][ T50] usb 2-1: config 0 has no interface number 0 [ 580.936560][ T50] usb 2-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 580.948364][ T50] usb 2-1: config 0 interface 85 has no altsetting 0 [ 580.963420][ T50] usb 2-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72 [ 580.973869][ T50] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 580.995055][ T24] usb 6-1: USB disconnect, device number 4 [ 581.011703][ T50] usb 2-1: Product: syz [ 581.015960][ T50] usb 2-1: Manufacturer: syz [ 581.024058][ T50] usb 2-1: SerialNumber: syz [ 581.039115][ T50] usb 2-1: config 0 descriptor?? [ 581.282890][T23828] netlink: 56 bytes leftover after parsing attributes in process `syz.3.8085'. [ 581.341030][T23830] netlink: 8 bytes leftover after parsing attributes in process `syz.6.8086'. [ 581.511815][T23837] netlink: 'syz.6.8089': attribute type 83 has an invalid length. [ 581.616852][T23841] loop5: detected capacity change from 0 to 7 [ 581.637667][T11288] usb 6-1: Service connection timeout for: 256 [ 581.644741][T11288] ath9k_htc 6-1:1.0: ath9k_htc: Unable to initialize HTC services [ 581.651772][T18114] Dev loop5: unable to read RDB block 7 [ 581.653835][T11288] ath9k_htc: Failed to initialize the device [ 581.659482][T18114] loop5: unable to read partition table [ 581.664727][ T50] appletouch 2-1:0.85: Geyser mode initialized. [ 581.676297][T18114] loop5: partition table beyond EOD, truncated [ 581.677939][ T24] usb 6-1: ath9k_htc: USB layer deinitialized [ 581.693015][ T50] input: appletouch as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.85/input/input59 [ 581.725525][T23841] Dev loop5: unable to read RDB block 7 [ 581.731811][T23841] loop5: unable to read partition table [ 581.739021][T23841] loop5: partition table beyond EOD, truncated [ 581.747513][T23841] loop_reread_partitions: partition scan of loop5 (gCj̖P=!MX %`搘ȵ4FLQk݊5) failed (rc=-5) [ 581.805826][T23842] Dev loop5: unable to read RDB block 7 [ 581.821500][T23842] loop5: unable to read partition table [ 581.833580][T23842] loop5: partition table beyond EOD, truncated [ 581.948616][ T24] usb 2-1: USB disconnect, device number 113 [ 582.016285][ T24] appletouch 2-1:0.85: input: appletouch disconnected [ 582.281471][ T42] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 582.403069][T23861] netlink: 40 bytes leftover after parsing attributes in process `syz.6.8100'. [ 582.422487][T23861] netlink: 4 bytes leftover after parsing attributes in process `syz.6.8100'. [ 583.207805][T23890] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(3) [ 583.214367][T23890] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 583.226826][T23890] vhci_hcd vhci_hcd.0: Device attached [ 583.252641][T23890] vhci_hcd vhci_hcd.0: pdev(3) rhport(1) sockfd(5) [ 583.259190][T23890] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 583.272155][T23890] vhci_hcd vhci_hcd.0: Device attached [ 583.284743][T23890] vhci_hcd vhci_hcd.0: pdev(3) rhport(2) sockfd(7) [ 583.291286][T23890] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 583.302184][T23890] vhci_hcd vhci_hcd.0: Device attached [ 583.323222][T23890] vhci_hcd vhci_hcd.0: pdev(3) rhport(3) sockfd(9) [ 583.329768][T23890] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 583.361406][T23890] vhci_hcd vhci_hcd.0: Device attached [ 583.375376][T23897] vhci_hcd: connection closed [ 583.376678][T23893] vhci_hcd: connection closed [ 583.381519][T13101] vhci_hcd vhci_hcd.3: stop threads [ 583.400504][T23891] vhci_hcd: connection closed [ 583.400861][T13101] vhci_hcd vhci_hcd.3: release socket [ 583.409677][T23901] vhci_hcd: connection closed [ 583.411759][T11288] vhci_hcd vhci_hcd.3: vhci_device speed not set [ 583.432558][T13101] vhci_hcd vhci_hcd.3: disconnect device [ 583.439630][T13101] vhci_hcd vhci_hcd.3: stop threads [ 583.444854][T13101] vhci_hcd vhci_hcd.3: release socket [ 583.462279][T13101] vhci_hcd vhci_hcd.3: disconnect device [ 583.480413][T13101] vhci_hcd vhci_hcd.3: stop threads [ 583.485652][T13101] vhci_hcd vhci_hcd.3: release socket [ 583.491516][T11288] usb 39-1: new full-speed USB device number 2 using vhci_hcd [ 583.509231][T11288] usb 39-1: enqueue for inactive port 0 [ 583.524976][T13101] vhci_hcd vhci_hcd.3: disconnect device [ 583.532636][T13101] vhci_hcd vhci_hcd.3: stop threads [ 583.538311][T13101] vhci_hcd vhci_hcd.3: release socket [ 583.544914][T13101] vhci_hcd vhci_hcd.3: disconnect device [ 583.578066][T23908] netlink: 8 bytes leftover after parsing attributes in process `syz.5.8119'. [ 583.598530][T11288] vhci_hcd vhci_hcd.3: vhci_device speed not set [ 584.059053][T23932] netlink: 160 bytes leftover after parsing attributes in process `syz.6.8131'. [ 584.305224][ T10] Process accounting resumed [ 585.295202][T23995] netlink: 'syz.3.8161': attribute type 2 has an invalid length. [ 585.303332][T23995] netlink: 'syz.3.8161': attribute type 4 has an invalid length. [ 585.737014][ T5828] usb 2-1: new high-speed USB device number 114 using dummy_hcd [ 585.900473][ T5828] usb 2-1: config 0 has no interfaces? [ 585.918120][ T5828] usb 2-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b [ 585.932105][ T5828] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 585.947093][ T5828] usb 2-1: Product: syz [ 585.954852][ T5828] usb 2-1: Manufacturer: syz [ 585.971704][ T5828] usb 2-1: SerialNumber: syz [ 585.998048][ T5828] usb 2-1: config 0 descriptor?? [ 586.240485][ T5828] usb 2-1: USB disconnect, device number 114 [ 587.566993][ T10] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 587.718973][ T10] usb 6-1: config 0 interface 0 has no altsetting 0 [ 587.725613][ T10] usb 6-1: New USB device found, idVendor=046d, idProduct=c225, bcdDevice= 0.00 [ 587.734881][ T10] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 587.745865][ T10] usb 6-1: config 0 descriptor?? [ 588.165412][ T10] lg-g15 0003:046D:C225.0094: unknown main item tag 0x0 [ 588.176801][ T10] lg-g15 0003:046D:C225.0094: unknown main item tag 0x0 [ 588.184052][ T10] lg-g15 0003:046D:C225.0094: unknown main item tag 0x0 [ 588.191116][ T10] lg-g15 0003:046D:C225.0094: unknown main item tag 0x0 [ 588.199297][ T10] lg-g15 0003:046D:C225.0094: unknown main item tag 0x0 [ 588.206301][ T10] lg-g15 0003:046D:C225.0094: unknown main item tag 0x0 [ 588.214112][ T10] lg-g15 0003:046D:C225.0094: unknown main item tag 0x0 [ 588.224415][ T10] lg-g15 0003:046D:C225.0094: hidraw0: USB HID v0.00 Device [HID 046d:c225] on usb-dummy_hcd.5-1/input0 [ 588.379298][ T5897] usb 6-1: USB disconnect, device number 5 [ 588.925549][T24075] netlink: 104 bytes leftover after parsing attributes in process `syz.3.8198'. [ 589.347029][ T5897] usb 4-1: new high-speed USB device number 106 using dummy_hcd [ 589.347039][T22704] usb 2-1: new high-speed USB device number 115 using dummy_hcd [ 589.362760][T11288] usb 6-1: new high-speed USB device number 6 using dummy_hcd [ 589.498415][T22704] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 589.510074][T22704] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 589.519914][T22704] usb 2-1: New USB device found, idVendor=1e7d, idProduct=30d4, bcdDevice= 0.00 [ 589.526969][T11288] usb 6-1: Using ep0 maxpacket: 32 [ 589.529026][T22704] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 589.534301][ T5897] usb 4-1: Using ep0 maxpacket: 16 [ 589.550009][T11288] usb 6-1: config 0 has an invalid interface number: 126 but max is 0 [ 589.550158][T22704] usb 2-1: config 0 descriptor?? [ 589.560476][T11288] usb 6-1: config 0 has no interface number 0 [ 589.571546][T11288] usb 6-1: config 0 interface 126 altsetting 16 bulk endpoint 0x6 has invalid maxpacket 1023 [ 589.584062][ T5897] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 589.596005][T11288] usb 6-1: config 0 interface 126 altsetting 16 bulk endpoint 0x82 has invalid maxpacket 8 [ 589.606227][ T5897] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 589.616468][T11288] usb 6-1: config 0 interface 126 has no altsetting 0 [ 589.623446][ T5897] usb 4-1: New USB device found, idVendor=17ef, idProduct=60a3, bcdDevice= 0.00 [ 589.635176][ T5897] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 589.645724][T11288] usb 6-1: New USB device found, idVendor=09c4, idProduct=0011, bcdDevice=b0.1c [ 589.656301][T11288] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 589.665427][ T5897] usb 4-1: config 0 descriptor?? [ 589.670743][T11288] usb 6-1: Product: syz [ 589.674990][T11288] usb 6-1: Manufacturer: syz [ 589.682880][T11288] usb 6-1: SerialNumber: syz [ 589.691512][T11288] usb 6-1: config 0 descriptor?? [ 589.699243][T24087] raw-gadget.2 gadget.5: fail, usb_ep_enable returned -22 [ 589.706680][T24087] raw-gadget.2 gadget.5: fail, usb_ep_enable returned -22 [ 589.992708][T22704] arvo 0003:1E7D:30D4.0095: unknown main item tag 0x0 [ 590.014023][T22704] arvo 0003:1E7D:30D4.0095: unknown main item tag 0x0 [ 590.036136][T22704] arvo 0003:1E7D:30D4.0095: collection stack underflow [ 590.054316][T22704] arvo 0003:1E7D:30D4.0095: item 0 0 0 12 parsing failed [ 590.064544][T22704] arvo 0003:1E7D:30D4.0095: parse failed [ 590.074066][T22704] arvo 0003:1E7D:30D4.0095: probe with driver arvo failed with error -22 [ 590.103465][ T5897] lenovo 0003:17EF:60A3.0096: hidraw0: USB HID v0.05 Device [HID 17ef:60a3] on usb-dummy_hcd.3-1/input0 [ 590.138820][T11288] ir_usb 6-1:0.126: IR Dongle converter detected [ 590.243614][T22704] usb 2-1: USB disconnect, device number 115 [ 590.333299][ T10] usb 4-1: USB disconnect, device number 106 [ 590.346667][T11288] usb 6-1: IRDA class descriptor not found, device not bound [ 590.560936][ T10] usb 6-1: USB disconnect, device number 6 [ 590.791218][T24104] netlink: 104 bytes leftover after parsing attributes in process `syz.1.8213'. [ 591.121224][T11288] usb 2-1: new high-speed USB device number 116 using dummy_hcd [ 591.157280][T22704] usb 4-1: new high-speed USB device number 107 using dummy_hcd [ 591.283709][T11288] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 591.297401][T11288] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 591.306254][T11288] usb 2-1: Product: syz [ 591.316662][T11288] usb 2-1: Manufacturer: syz [ 591.320196][T24117] netlink: 400 bytes leftover after parsing attributes in process `syz.5.8219'. [ 591.326516][T11288] usb 2-1: SerialNumber: syz [ 591.336056][T22704] usb 4-1: Using ep0 maxpacket: 16 [ 591.347304][T22704] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 591.363341][T22704] usb 4-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 591.373724][T22704] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 591.382285][T22704] usb 4-1: Product: syz [ 591.387272][T22704] usb 4-1: Manufacturer: syz [ 591.391885][T22704] usb 4-1: SerialNumber: syz [ 591.402539][T22704] usb 4-1: config 0 descriptor?? [ 591.419364][T22704] em28xx 4-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 591.430293][T22704] em28xx 4-1:0.0: DVB interface 0 found: bulk [ 591.687400][T22704] em28xx 4-1:0.0: unknown em28xx chip ID (0) [ 591.764515][T22704] em28xx 4-1:0.0: reading from i2c device at 0xa0 failed (error=-5) [ 591.772667][T22704] em28xx 4-1:0.0: board has no eeprom [ 591.832571][T24110] em28xx 4-1:0.0: reading from i2c device at 0x6 failed (error=-5) [ 591.848249][T22704] em28xx 4-1:0.0: Identified as PCTV tripleStick (292e) (card=94) [ 591.857700][T22704] em28xx 4-1:0.0: dvb set to bulk mode. [ 591.863785][ T10] em28xx 4-1:0.0: Binding DVB extension [ 591.878503][T22704] usb 4-1: USB disconnect, device number 107 [ 591.899303][T22704] em28xx 4-1:0.0: Disconnecting em28xx [ 591.944938][ T10] em28xx 4-1:0.0: Registering input extension [ 591.955664][T22704] em28xx 4-1:0.0: Closing input extension [ 591.998432][T22704] em28xx 4-1:0.0: Freeing device [ 592.173897][T11288] cdc_ncm 2-1:1.0: SET_CRC_MODE failed [ 592.202931][T11288] cdc_ncm 2-1:1.0: bind() failure [ 592.211627][T11288] cdc_ncm 2-1:1.1: CDC Union missing and no IAD found [ 592.220230][T11288] cdc_ncm 2-1:1.1: bind() failure [ 592.232701][T11288] usb 2-1: USB disconnect, device number 116 [ 592.397186][T22704] usb 6-1: new high-speed USB device number 7 using dummy_hcd [ 592.557702][T22704] usb 6-1: too many configurations: 9, using maximum allowed: 8 [ 592.566367][T22704] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 592.575387][T22704] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 592.586679][T22704] usb 6-1: config 0 interface 0 has no altsetting 0 [ 592.594401][T22704] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 592.607856][T22704] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 592.619081][ T25] block nbd1: Possible stuck request ffff8880263a0000: control (read@0,1024B). Runtime 60 seconds [ 592.619159][T22704] usb 6-1: config 0 interface 0 has no altsetting 0 [ 592.632347][ T25] block nbd1: Possible stuck request ffff8880263a0200: control (read@1024,1024B). Runtime 60 seconds [ 592.638303][T22704] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 592.647880][ T25] block nbd1: Possible stuck request ffff8880263a0400: control (read@2048,1024B). Runtime 60 seconds [ 592.668517][ T25] block nbd1: Possible stuck request ffff8880263a0600: control (read@3072,1024B). Runtime 60 seconds [ 592.681727][T22704] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 592.692813][T22704] usb 6-1: config 0 interface 0 has no altsetting 0 [ 592.700815][T22704] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 592.710753][T22704] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 592.723461][T22704] usb 6-1: config 0 interface 0 has no altsetting 0 [ 592.732748][T22704] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 592.742114][T22704] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 592.754204][T22704] usb 6-1: config 0 interface 0 has no altsetting 0 [ 592.764072][T22704] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 592.784059][T24140] netlink: 116 bytes leftover after parsing attributes in process `syz.3.8230'. [ 592.806082][T22704] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 592.820668][T22704] usb 6-1: config 0 interface 0 has no altsetting 0 [ 592.848651][T22704] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 592.879766][T22704] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 592.910593][T22704] usb 6-1: config 0 interface 0 has no altsetting 0 [ 592.920133][T22704] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 592.931399][T22704] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 592.942693][T22704] usb 6-1: config 0 interface 0 has no altsetting 0 [ 592.958771][T22704] usb 6-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 592.977598][T22704] usb 6-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 592.994691][T22704] usb 6-1: Product: syz [ 593.002167][T22704] usb 6-1: Manufacturer: syz [ 593.006781][T22704] usb 6-1: SerialNumber: syz [ 593.026441][T22704] usb 6-1: config 0 descriptor?? [ 593.049083][T22704] yurex 6-1:0.0: USB YUREX device now attached to Yurex #0 [ 593.096416][T24153] netlink: 4 bytes leftover after parsing attributes in process `syz.1.8235'. [ 593.162918][T24155] pimreg: tun_chr_ioctl cmd 1074025672 [ 593.169632][T24155] pimreg: ignored: set checksum enabled [ 593.243543][ T5897] usb 4-1: new high-speed USB device number 108 using dummy_hcd [ 593.354621][ C0] usb 6-1: yurex_control_callback - control failed: -71 [ 593.355844][T11288] usb 6-1: USB disconnect, device number 7 [ 593.375990][T11288] yurex 6-1:0.0: USB YUREX #0 now disconnected [ 593.427040][ T5897] usb 4-1: Using ep0 maxpacket: 16 [ 593.435314][ T5897] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 593.447800][ T5897] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 593.461802][ T5897] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 593.472607][ T5897] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 593.484576][ T5897] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 593.503936][ T5897] usb 4-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 593.513959][ T5897] usb 4-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 593.523387][ T5897] usb 4-1: Manufacturer: syz [ 593.531519][ T5897] usb 4-1: config 0 descriptor?? [ 593.867011][ T5897] rc_core: IR keymap rc-hauppauge not found [ 593.873145][T24176] netlink: 4 bytes leftover after parsing attributes in process `syz.6.8245'. [ 593.892776][ T5897] Registered IR keymap rc-empty [ 593.898420][ T5897] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 593.917995][ T5897] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 593.939399][ T5897] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0 [ 593.971654][ T5897] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0/input61 [ 593.995931][ T52] Bluetooth: hci3: Invalid handle: 0xfe00 > 0x0eff [ 594.006254][ T5897] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 594.030144][ T5897] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 594.057232][ T5897] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 594.077020][ T5897] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 594.097059][ T5897] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 594.121854][ T5897] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 594.147663][ T5897] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 594.177829][ T5897] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 594.197446][ T5897] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 594.227633][ T5897] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 594.260341][ T5897] mceusb 4-1:0.0: Registered 424242424242 with mce emulator interface version 1 [ 594.284747][ T5897] mceusb 4-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 594.315346][ T5897] usb 4-1: USB disconnect, device number 108 [ 594.428721][T24191] kvm_intel: kvm [24190]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0x1d9) = 0x1 [ 594.831376][T24205] netlink: 4 bytes leftover after parsing attributes in process `syz.5.8260'. [ 595.015106][ T52] Bluetooth: hci2: Invalid handle: 0xfe00 > 0x0eff [ 595.232925][ T5828] usb 4-1: new high-speed USB device number 109 using dummy_hcd [ 595.399111][ T5828] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 595.410124][ T5828] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 595.420913][ T5828] usb 4-1: New USB device found, idVendor=28bd, idProduct=0934, bcdDevice= 0.00 [ 595.430128][ T5828] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 595.440300][ T5828] usb 4-1: config 0 descriptor?? [ 595.798762][ T5897] usb 2-1: new high-speed USB device number 117 using dummy_hcd [ 595.859115][ T5828] input: HID 28bd:0934 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:28BD:0934.0097/input/input62 [ 595.880665][ T5828] uclogic 0003:28BD:0934.0097: input,hidraw0: USB HID v0.00 Mouse [HID 28bd:0934] on usb-dummy_hcd.3-1/input0 [ 595.966979][ T5897] usb 2-1: Using ep0 maxpacket: 8 [ 595.976124][ T5897] usb 2-1: config 168 descriptor has 1 excess byte, ignoring [ 595.997515][ T5897] usb 2-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30 [ 596.012271][ T5897] usb 2-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 596.029388][ T5897] usb 2-1: config 168 interface 0 altsetting 188 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 596.054802][ T5897] usb 2-1: config 168 interface 0 altsetting 188 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 596.066676][ T5897] usb 2-1: config 168 interface 0 altsetting 188 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 596.079692][ T5897] usb 2-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100 [ 596.093670][ T5897] usb 2-1: config 168 interface 0 has no altsetting 0 [ 596.101780][ T5828] usb 4-1: USB disconnect, device number 109 [ 596.101985][ T5897] usb 2-1: config 168 descriptor has 1 excess byte, ignoring [ 596.123003][ T5897] usb 2-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30 [ 596.135338][ T5897] usb 2-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 596.153526][ T5897] usb 2-1: config 168 interface 0 altsetting 188 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 596.169566][ T5897] usb 2-1: config 168 interface 0 altsetting 188 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 596.182097][ T5897] usb 2-1: config 168 interface 0 altsetting 188 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 596.195231][ T5897] usb 2-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100 [ 596.211495][ T5897] usb 2-1: config 168 interface 0 has no altsetting 0 [ 596.220515][ T5897] usb 2-1: config 168 descriptor has 1 excess byte, ignoring [ 596.230702][ T5897] usb 2-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30 [ 596.243975][ T5897] usb 2-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 596.255687][ T5897] usb 2-1: config 168 interface 0 altsetting 188 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 596.267955][ T5897] usb 2-1: config 168 interface 0 altsetting 188 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 596.281717][ T5897] usb 2-1: config 168 interface 0 altsetting 188 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 596.294166][ T5897] usb 2-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100 [ 596.308923][ T5897] usb 2-1: config 168 interface 0 has no altsetting 0 [ 596.322363][ T5897] usb 2-1: string descriptor 0 read error: -22 [ 596.328939][ T5897] usb 2-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 596.342472][ T5897] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 596.366438][ T5897] adutux 2-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 596.599736][ T5828] usb 2-1: USB disconnect, device number 117 [ 596.794662][T24262] syzkaller1: tun_chr_ioctl cmd 1074025677 [ 596.802579][T24262] syzkaller1: linktype set to 786 [ 596.813706][T24227] adutux: No device or device unplugged -19 [ 596.954591][T24268] netlink: 64 bytes leftover after parsing attributes in process `syz.3.8290'. [ 597.573243][T24291] netlink: 64 bytes leftover after parsing attributes in process `syz.1.8299'. [ 597.627349][T24294] program syz.1.8301 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 597.735783][T24297] tap0: tun_chr_ioctl cmd 1074025676 [ 597.741185][T24297] tap0: owner set to 0 [ 598.115765][ T30] audit: type=1326 audit(2000000542.714:69): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24276 comm="syz.5.8293" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3e8918f749 code=0x7fc00000 [ 598.167203][ T30] audit: type=1326 audit(2000000542.744:70): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24276 comm="syz.5.8293" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f3e8918f749 code=0x7fc00000 [ 598.206522][ T30] audit: type=1326 audit(2000000542.744:71): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24276 comm="syz.5.8293" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3e8918f749 code=0x7fc00000 [ 598.289233][ T30] audit: type=1326 audit(2000000542.744:72): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24276 comm="syz.5.8293" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3e8918f749 code=0x7fc00000 [ 598.379420][ T30] audit: type=1326 audit(2000000542.744:73): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24276 comm="syz.5.8293" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3e8918f749 code=0x7fc00000 [ 598.404634][T24314] program syz.3.8311 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 598.422006][ T30] audit: type=1326 audit(2000000542.744:74): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24276 comm="syz.5.8293" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3e8918f749 code=0x7fc00000 [ 598.507269][ T30] audit: type=1326 audit(2000000542.744:75): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24276 comm="syz.5.8293" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3e8918f749 code=0x7fc00000 [ 598.558259][ T30] audit: type=1326 audit(2000000542.744:76): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24276 comm="syz.5.8293" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3e8918f749 code=0x7fc00000 [ 598.650473][ T30] audit: type=1326 audit(2000000542.744:77): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24276 comm="syz.5.8293" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3e8918f749 code=0x7fc00000 [ 598.728530][ T30] audit: type=1326 audit(2000000542.744:78): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24276 comm="syz.5.8293" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3e8918f749 code=0x7fc00000 [ 598.771029][ C1] IPv4: Oversized IP packet from 172.20.20.24 [ 599.391437][T24358] netlink: 164 bytes leftover after parsing attributes in process `syz.3.8332'. [ 599.899791][ C1] IPv4: Oversized IP packet from 172.20.20.24 [ 600.497438][ T10] usb 2-1: new high-speed USB device number 118 using dummy_hcd [ 600.678185][ T10] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 600.696917][ T10] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 600.706707][ T10] usb 2-1: New USB device found, idVendor=28bd, idProduct=0934, bcdDevice= 0.00 [ 600.737010][ T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 600.758371][ T10] usb 2-1: config 0 descriptor?? [ 601.108547][T24417] binder: 24416:24417 ioctl c018620c 200000000580 returned -22 [ 601.197278][ T10] input: HID 28bd:0934 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:28BD:0934.0098/input/input63 [ 601.332607][ T10] uclogic 0003:28BD:0934.0098: input,hidraw0: USB HID v0.00 Mouse [HID 28bd:0934] on usb-dummy_hcd.1-1/input0 [ 601.400780][ T10] usb 2-1: USB disconnect, device number 118 [ 601.472945][T24428] fido_id[24428]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory [ 602.141011][T11288] IPVS: starting estimator thread 0... [ 602.236988][T24446] IPVS: using max 29 ests per chain, 69600 per kthread [ 602.246040][T24451] netlink: 'syz.1.8369': attribute type 83 has an invalid length. [ 602.340694][T24455] kvm: kvm [24454]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0xc0010007) = 0x6 [ 602.656970][T11288] usb 4-1: new high-speed USB device number 110 using dummy_hcd [ 602.817123][T11288] usb 4-1: Using ep0 maxpacket: 32 [ 602.823930][T11288] usb 4-1: config index 0 descriptor too short (expected 35577, got 27) [ 602.832483][T11288] usb 4-1: config 1 has too many interfaces: 92, using maximum allowed: 32 [ 602.843686][T11288] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 92 [ 602.847510][T16360] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 602.853418][T11288] usb 4-1: config 1 has no interface number 0 [ 602.870132][T11288] usb 4-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 602.881416][T11288] usb 4-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17 [ 602.895326][T11288] usb 4-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8 [ 602.904800][T11288] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 602.923114][T11288] snd_usb_pod 4-1:1.1: Line 6 Pocket POD found [ 603.127418][T11288] snd_usb_pod 4-1:1.1: Line 6 Pocket POD now attached [ 603.566126][ T24] usb 4-1: USB disconnect, device number 110 [ 603.577463][ T24] snd_usb_pod 4-1:1.1: Line 6 Pocket POD now disconnected [ 604.189551][ T30] kauditd_printk_skb: 15 callbacks suppressed [ 604.189569][ T30] audit: type=1800 audit(2000000548.794:94): pid=24475 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.6.8381" name="file0" dev="tmpfs" ino=421 res=0 errno=0 [ 604.367467][ T5828] usb 2-1: new high-speed USB device number 119 using dummy_hcd [ 604.531040][ T5828] usb 2-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a [ 604.541374][ T5828] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 604.550960][ T5828] usb 2-1: Product: syz [ 604.555244][ T5828] usb 2-1: Manufacturer: syz [ 604.560537][ T5828] usb 2-1: SerialNumber: syz [ 604.570403][ T5828] usb 2-1: config 0 descriptor?? [ 604.983420][T24536] netlink: 16 bytes leftover after parsing attributes in process `syz.5.8410'. [ 604.993669][ T5828] usb 2-1: Firmware: major: 0, minor: 113, hardware type: ATUSB (0) [ 605.202187][ T5828] usb 2-1: failed to fetch extended address, random address set [ 605.287247][ T5828] usb 2-1: USB disconnect, device number 119 [ 605.681178][T24564] bridge0: port 1(bridge_slave_0) entered disabled state [ 605.721141][T24564] bridge0: port 1(bridge_slave_0) entered blocking state [ 605.728396][T24564] bridge0: port 1(bridge_slave_0) entered forwarding state [ 606.009137][T24578] netlink: 8 bytes leftover after parsing attributes in process `syz.3.8430'. [ 606.024754][ T52] Bluetooth: hci3: unknown advertising packet type: 0x75 [ 606.024791][ T52] Bluetooth: hci3: Dropping invalid advertising data [ 606.041037][ T52] Bluetooth: hci3: Malformed LE Event: 0x02 [ 606.303522][T24596] usb usb8: usbfs: process 24596 (syz.1.8439) did not claim interface 0 before use [ 606.387055][T11288] usb 4-1: new high-speed USB device number 111 using dummy_hcd [ 606.462256][T24606] netlink: 'syz.5.8444': attribute type 83 has an invalid length. [ 606.563253][T11288] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 606.593089][T11288] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 606.614588][T11288] usb 4-1: Product: syz [ 606.620157][T11288] usb 4-1: Manufacturer: syz [ 606.624857][T11288] usb 4-1: SerialNumber: syz [ 606.645641][T11288] usb 4-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 606.671442][ T24] usb 4-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 607.080952][T24631] netlink: 'syz.6.8455': attribute type 83 has an invalid length. [ 607.316619][T11288] usb 4-1: USB disconnect, device number 111 [ 607.957640][ T24] usb 4-1: Service connection timeout for: 256 [ 607.963847][ T24] ath9k_htc 4-1:1.0: ath9k_htc: Unable to initialize HTC services [ 607.990348][ T24] ath9k_htc: Failed to initialize the device [ 607.996733][T11288] usb 4-1: ath9k_htc: USB layer deinitialized [ 608.132084][T24656] tipc: Enabling of bearer rejected, failed to enable media [ 608.182480][T24658] loop8: detected capacity change from 0 to 1 [ 608.191396][ T6626] Dev loop8: unable to read RDB block 1 [ 608.204150][ T6626] loop8: unable to read partition table [ 608.217323][ T6626] loop8: partition table beyond EOD, truncated [ 608.226229][T24658] Dev loop8: unable to read RDB block 1 [ 608.235424][T24658] loop8: unable to read partition table [ 608.242403][T24658] loop8: partition table beyond EOD, truncated [ 608.256982][T24658] loop_reread_partitions: partition scan of loop8 (被x^> ) failed (rc=-5) [ 608.352446][T24661] netlink: 160 bytes leftover after parsing attributes in process `syz.5.8477'. [ 608.393390][T24663] netlink: 8 bytes leftover after parsing attributes in process `syz.3.8469'. [ 608.816984][T22636] usb 4-1: new high-speed USB device number 112 using dummy_hcd [ 608.970727][T22636] usb 4-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a [ 608.981665][T22636] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 608.991722][T22636] usb 4-1: Product: syz [ 608.995917][T22636] usb 4-1: Manufacturer: syz [ 609.001524][T22636] usb 4-1: SerialNumber: syz [ 609.014134][T22636] usb 4-1: config 0 descriptor?? [ 609.430357][T22636] usb 4-1: Firmware: major: 0, minor: 113, hardware type: ATUSB (0) [ 609.631434][T22636] usb 4-1: failed to fetch extended address, random address set [ 609.692304][T22636] usb 4-1: USB disconnect, device number 112 [ 609.954801][T24706] netlink: 20 bytes leftover after parsing attributes in process `syz.5.8488'. [ 610.075987][T24714] loop8: detected capacity change from 0 to 1 [ 610.084575][T24714] Dev loop8: unable to read RDB block 1 [ 610.092009][T24714] loop8: unable to read partition table [ 610.098197][T24714] loop8: partition table beyond EOD, truncated [ 610.104469][T24714] loop_reread_partitions: partition scan of loop8 (被x^> ) failed (rc=-5) [ 611.237514][ T30] audit: type=1326 audit(2000000555.834:95): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24771 comm="syz.1.8522" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f747958f749 code=0x7ffc0000 [ 611.315660][ T30] audit: type=1326 audit(2000000555.834:96): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24771 comm="syz.1.8522" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f747958f749 code=0x7ffc0000 [ 611.383273][ T30] audit: type=1326 audit(2000000555.834:97): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24771 comm="syz.1.8522" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f747958f749 code=0x7ffc0000 [ 611.461736][ T30] audit: type=1326 audit(2000000555.834:98): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24771 comm="syz.1.8522" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f747958f749 code=0x7ffc0000 [ 611.474740][T24783] sctp: [Deprecated]: syz.1.8527 (pid 24783) Use of int in max_burst socket option. [ 611.474740][T24783] Use struct sctp_assoc_value instead [ 611.491883][ T30] audit: type=1326 audit(2000000555.854:99): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24771 comm="syz.1.8522" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f747958df90 code=0x7ffc0000 [ 611.563433][ T30] audit: type=1326 audit(2000000555.854:100): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24771 comm="syz.1.8522" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f747958f749 code=0x7ffc0000 [ 611.676615][ T30] audit: type=1326 audit(2000000555.854:101): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24771 comm="syz.1.8522" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f747958f749 code=0x7ffc0000 [ 611.726793][ T30] audit: type=1326 audit(2000000555.854:102): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24771 comm="syz.1.8522" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f747958f749 code=0x7ffc0000 [ 611.750366][ T30] audit: type=1326 audit(2000000555.854:103): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24771 comm="syz.1.8522" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f747958f749 code=0x7ffc0000 [ 611.778856][ T30] audit: type=1326 audit(2000000555.864:104): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24771 comm="syz.1.8522" exe="/root/syz-executor" sig=0 arch=c000003e syscall=10 compat=0 ip=0x7f747958f749 code=0x7ffc0000 [ 611.857432][T22636] usb 4-1: new high-speed USB device number 113 using dummy_hcd [ 612.017828][T22636] usb 4-1: Using ep0 maxpacket: 8 [ 612.033690][T22636] usb 4-1: New USB device found, idVendor=0ccd, idProduct=10a3, bcdDevice=23.a2 [ 612.067389][T22636] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 612.095797][T22636] usb 4-1: Product: syz [ 612.105922][T22636] usb 4-1: Manufacturer: syz [ 612.116042][T22636] usb 4-1: SerialNumber: syz [ 612.149974][T22636] usb 4-1: config 0 descriptor?? [ 612.294543][T24817] netlink: 12 bytes leftover after parsing attributes in process `syz.5.8544'. [ 612.304122][T24817] netlink: 12 bytes leftover after parsing attributes in process `syz.5.8544'. [ 612.313873][T24817] netlink: 40 bytes leftover after parsing attributes in process `syz.5.8544'. [ 612.374290][T22636] usb 4-1: dvb_usb_v2: found a 'Terratec H7' in warm state [ 612.553729][T24827] netlink: 4 bytes leftover after parsing attributes in process `syz.1.8549'. [ 612.827110][ T5828] usb 6-1: new high-speed USB device number 8 using dummy_hcd [ 612.968832][T22636] usb write operation failed. (-71) [ 612.989477][ T5828] usb 6-1: Using ep0 maxpacket: 16 [ 612.991305][T22636] usb 4-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 613.002153][ T5828] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 613.022418][T22636] dvbdev: DVB: registering new adapter (Terratec H7) [ 613.029254][ T5828] usb 6-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 613.029281][ T5828] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 613.052579][ T5828] usb 6-1: config 0 descriptor?? [ 613.057689][T22636] usb 4-1: media controller created [ 613.058081][T22636] usb read operation failed. (-71) [ 613.099923][T22636] usb write operation failed. (-71) [ 613.132128][T22636] dvb_usb_az6007 4-1:0.0: probe with driver dvb_usb_az6007 failed with error -5 [ 613.150390][T22636] usb 4-1: USB disconnect, device number 113 [ 613.160399][ T52] Bluetooth: hci3: command tx timeout [ 613.308784][ T1157] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 613.427559][ T24] usb 2-1: new high-speed USB device number 120 using dummy_hcd [ 613.519382][ T5828] mcp2221 0003:04D8:00DD.0099: USB HID v0.05 Device [HID 04d8:00dd] on usb-dummy_hcd.5-1/input0 [ 613.577573][ T24] usb 2-1: Using ep0 maxpacket: 16 [ 613.588614][ T24] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 613.627416][ T24] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 613.656827][ T24] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 613.672373][ T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 613.681444][ T24] usb 2-1: Product: syz [ 613.685629][ T24] usb 2-1: Manufacturer: syz [ 613.691572][ T24] usb 2-1: SerialNumber: syz [ 613.907389][ T24] usb 2-1: 0:2 : does not exist [ 613.924416][ T24] usb 2-1: 5:0: failed to get current value for ch 0 (-22) [ 613.941968][ T5828] usb 6-1: USB disconnect, device number 8 [ 613.974281][ T24] usb 2-1: USB disconnect, device number 120 [ 614.042975][ T6626] udevd[6626]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 614.336982][ T5828] usb 4-1: new high-speed USB device number 114 using dummy_hcd [ 614.523225][ T5828] usb 4-1: Using ep0 maxpacket: 16 [ 614.533308][ T5828] usb 4-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 614.556954][ T5828] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 614.565053][ T5828] usb 4-1: Product: syz [ 614.579073][ T5828] usb 4-1: Manufacturer: syz [ 614.583686][ T5828] usb 4-1: SerialNumber: syz [ 614.607453][ T5828] r8152-cfgselector 4-1: Unknown version 0x0000 [ 614.613745][ T5828] r8152-cfgselector 4-1: config 0 descriptor?? [ 614.876792][ T5828] r8152-cfgselector 4-1: Needed 2 retries to read version [ 614.897112][ T5828] r8152-cfgselector 4-1: Unknown version 0x0000 [ 614.909488][ T5828] r8152-cfgselector 4-1: bad CDC descriptors [ 615.011905][T24891] Bluetooth: hci1: too big key_count value 16385 [ 615.079332][ T5828] r8152-cfgselector 4-1: USB disconnect, device number 114 [ 615.934426][T24943] vivid-001: disconnect [ 615.940326][T24943] vivid-001: reconnect [ 616.366609][T24960] loop8: detected capacity change from 0 to 1 [ 616.389515][T24960] loop8: [POWERTEC] p1 p2 p3 p4 p5 p6 p7 p8 p9 p10 p11 p12 [ 616.408767][T24960] loop8: p1 start 540042604 is beyond EOD, truncated [ 616.416151][T24960] loop8: p2 start 1640453368 is beyond EOD, truncated [ 616.432084][T24960] loop8: p3 start 1935506780 is beyond EOD, truncated [ 616.446352][T24960] loop8: p4 start 3893138939 is beyond EOD, truncated [ 616.461135][T24960] loop8: p5 start 287485722 is beyond EOD, truncated [ 616.476943][T24960] loop8: p6 start 3376667143 is beyond EOD, truncated [ 616.492475][T24960] loop8: p7 start 2111012381 is beyond EOD, truncated [ 616.499979][T24960] loop8: p8 start 3147612238 is beyond EOD, truncated [ 616.507211][T24960] loop8: p9 start 2252824347 is beyond EOD, truncated [ 616.515299][T24960] loop8: p10 start 489633540 is beyond EOD, truncated [ 616.533535][T24960] loop8: p11 start 1985099615 is beyond EOD, truncated [ 616.545219][T24960] loop8: p12 start 2132828001 is beyond EOD, truncated [ 617.097227][ T5917] usb 6-1: new high-speed USB device number 9 using dummy_hcd [ 617.257312][ T5917] usb 6-1: Using ep0 maxpacket: 32 [ 617.281601][ T5917] usb 6-1: config 0 has an invalid interface number: 196 but max is 0 [ 617.297017][ T5917] usb 6-1: config 0 has no interface number 0 [ 617.303827][ T5917] usb 6-1: config 0 interface 196 altsetting 1 bulk endpoint 0x2 has invalid maxpacket 528 [ 617.328133][ T5917] usb 6-1: config 0 interface 196 has no altsetting 0 [ 617.350034][ T5917] usb 6-1: New USB device found, idVendor=05ac, idProduct=77c2, bcdDevice=eb.3a [ 617.360877][ T5917] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 617.371566][ T5917] usb 6-1: Product: syz [ 617.397075][ T5917] usb 6-1: Manufacturer: syz [ 617.401717][ T5917] usb 6-1: SerialNumber: syz [ 617.417837][ T5917] usb 6-1: config 0 descriptor?? [ 617.430499][T24976] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 618.054701][ T5917] ipheth 6-1:0.196: ipheth_enable_ncm: usb_control_msg: -71 [ 618.082969][ T5917] ipheth 6-1:0.196: Apple iPhone USB Ethernet device attached [ 618.101736][ T5917] usb 6-1: USB disconnect, device number 9 [ 618.169072][ T5917] ipheth 6-1:0.196: Apple iPhone USB Ethernet now disconnected [ 618.917162][ T24] usb 2-1: new high-speed USB device number 121 using dummy_hcd [ 619.057021][T22704] usb 6-1: new high-speed USB device number 10 using dummy_hcd [ 619.067125][ T24] usb 2-1: Using ep0 maxpacket: 32 [ 619.079326][ T24] usb 2-1: config 0 has an invalid interface number: 124 but max is 0 [ 619.087785][ T24] usb 2-1: config 0 has no interface number 0 [ 619.093928][ T24] usb 2-1: config 0 interface 124 has no altsetting 0 [ 619.104605][ T24] usb 2-1: New USB device found, idVendor=0424, idProduct=cf18, bcdDevice=88.47 [ 619.116207][ T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 619.125208][ T24] usb 2-1: Product: syz [ 619.129799][ T24] usb 2-1: Manufacturer: syz [ 619.134568][ T24] usb 2-1: SerialNumber: syz [ 619.143759][ T24] usb 2-1: config 0 descriptor?? [ 619.247209][T22704] usb 6-1: Using ep0 maxpacket: 16 [ 619.253962][T22704] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 619.277074][T22704] usb 6-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 619.296905][T22704] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 619.317960][T22704] usb 6-1: config 0 descriptor?? [ 619.738742][T22704] mcp2221 0003:04D8:00DD.009A: USB HID v0.05 Device [HID 04d8:00dd] on usb-dummy_hcd.5-1/input0 [ 620.147829][T22704] usb 6-1: USB disconnect, device number 10 [ 620.855211][ T30] kauditd_printk_skb: 30 callbacks suppressed [ 620.855228][ T30] audit: type=1326 audit(2000000565.454:135): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25065 comm="syz.3.8658" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f3efff8f749 code=0x0 [ 620.861321][T25070] Bluetooth: MGMT ver 1.23 [ 621.084426][T25079] tipc: Started in network mode [ 621.096941][T25079] tipc: Node identity ac14140f, cluster identity 4711 [ 621.103931][T25079] tipc: New replicast peer: 255.255.255.255 [ 621.111539][T25079] tipc: Enabled bearer , priority 10 [ 621.167030][ T10] usb 6-1: new high-speed USB device number 11 using dummy_hcd [ 621.326941][ T10] usb 6-1: Using ep0 maxpacket: 16 [ 621.334093][ T10] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 621.345629][ T10] usb 6-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 621.355038][ T10] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 621.365073][ T10] usb 6-1: config 0 descriptor?? [ 621.697354][ T24] usb 2-1: USB disconnect, device number 121 [ 621.794195][ T10] mcp2221 0003:04D8:00DD.009B: USB HID v0.05 Device [HID 04d8:00dd] on usb-dummy_hcd.5-1/input0 [ 622.107082][ T5828] tipc: Node number set to 2886997007 [ 622.211459][T25110] macvlan0: mtu less than device minimum [ 622.250928][ T24] usb 6-1: USB disconnect, device number 11 [ 622.696430][ T25] block nbd1: Possible stuck request ffff8880263a0000: control (read@0,1024B). Runtime 90 seconds [ 622.713378][ T25] block nbd1: Possible stuck request ffff8880263a0200: control (read@1024,1024B). Runtime 90 seconds [ 622.724563][ T25] block nbd1: Possible stuck request ffff8880263a0400: control (read@2048,1024B). Runtime 90 seconds [ 622.736118][ T25] block nbd1: Possible stuck request ffff8880263a0600: control (read@3072,1024B). Runtime 90 seconds [ 623.080249][ T10] usb 4-1: new high-speed USB device number 115 using dummy_hcd [ 623.248544][ T10] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 623.287376][ T10] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 623.326173][ T10] usb 4-1: New USB device found, idVendor=046d, idProduct=c29c, bcdDevice= 0.00 [ 623.349237][ T10] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 623.376000][ T10] usb 4-1: config 0 descriptor?? [ 623.851942][ T10] logitech 0003:046D:C29C.009C: hidraw0: USB HID v0.00 Device [HID 046d:c29c] on usb-dummy_hcd.3-1/input0 [ 623.964056][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 624.221131][ T10] logitech 0003:046D:C29C.009C: no inputs found [ 624.246568][ T10] usb 4-1: USB disconnect, device number 115 [ 624.495155][T25199] netlink: 212368 bytes leftover after parsing attributes in process `syz.1.8707'. [ 625.500000][T25246] netlink: 8 bytes leftover after parsing attributes in process `syz.5.8729'. [ 625.891132][T25269] netlink: 8 bytes leftover after parsing attributes in process `syz.1.8740'. [ 626.017005][ T5917] usb 6-1: new high-speed USB device number 12 using dummy_hcd [ 626.181633][ T5917] usb 6-1: config 220 has an invalid interface number: 76 but max is 2 [ 626.193812][ T5917] usb 6-1: config 220 contains an unexpected descriptor of type 0x2, skipping [ 626.203630][ T5917] usb 6-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config [ 626.221296][ T5917] usb 6-1: config 220 has no interface number 2 [ 626.227784][ T5917] usb 6-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12 [ 626.241058][ T5917] usb 6-1: config 220 interface 0 has no altsetting 0 [ 626.249393][ T5917] usb 6-1: config 220 interface 76 has no altsetting 0 [ 626.256280][ T5917] usb 6-1: config 220 interface 1 has no altsetting 0 [ 626.270115][ T5917] usb 6-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 626.279440][ T5917] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 626.289994][ T5917] usb 6-1: Product: syz [ 626.294404][ T5917] usb 6-1: Manufacturer: syz [ 626.300238][ T5917] usb 6-1: SerialNumber: syz [ 626.339484][T25288] netlink: 8 bytes leftover after parsing attributes in process `syz.1.8748'. [ 626.528386][ T5917] usb 6-1: selecting invalid altsetting 0 [ 626.539234][ T5917] uvcvideo 6-1:220.0: Found UVC 7.01 device syz (8086:0b07) [ 626.558106][ T5917] uvcvideo 6-1:220.0: No valid video chain found. [ 626.578234][ T5917] usb 6-1: selecting invalid altsetting 0 [ 626.584058][ T5917] usbtest 6-1:220.1: probe with driver usbtest failed with error -22 [ 626.606341][ T5917] usb 6-1: USB disconnect, device number 12 [ 626.727014][ T10] usb 4-1: new high-speed USB device number 116 using dummy_hcd [ 626.887001][ T10] usb 4-1: Using ep0 maxpacket: 16 [ 626.895563][ T10] usb 4-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 626.917519][ T10] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 626.928328][ T10] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 626.968287][ T10] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 626.988041][ T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 627.004661][ T10] usb 4-1: Product: syz [ 627.010465][ T10] usb 4-1: Manufacturer: syz [ 627.015087][ T10] usb 4-1: SerialNumber: syz [ 627.152505][T25321] batadv_slave_0: entered promiscuous mode [ 627.161169][T25320] batadv_slave_0: left promiscuous mode [ 627.464537][ T10] usb 4-1: 0:2 : does not exist [ 627.810917][T25348] sp0: Synchronizing with TNC [ 627.869036][ T10] usb 4-1: 1:0: cannot get min/max values for control 4 (id 1) [ 627.915776][T25354] netlink: 4 bytes leftover after parsing attributes in process `syz.6.8778'. [ 627.944887][ T10] usb 4-1: USB disconnect, device number 116 [ 627.996332][ T6626] udevd[6626]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 628.108898][T25360] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 628.115873][T25360] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 628.438679][T22704] usb 6-1: new high-speed USB device number 13 using dummy_hcd [ 628.538566][T25378] batadv_slave_0: entered promiscuous mode [ 628.545620][T25377] batadv_slave_0: left promiscuous mode [ 628.621630][T22704] usb 6-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 628.631214][T22704] usb 6-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 628.641901][T22704] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 628.651064][T22704] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9 [ 628.673248][T22704] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024 [ 628.692631][T22704] usb 6-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 628.704364][T22704] usb 6-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 628.713085][T22704] usb 6-1: Product: syz [ 628.723556][T22704] usb 6-1: Manufacturer: syz [ 628.739195][T22704] cdc_wdm 6-1:1.0: skipping garbage [ 628.761787][T22704] cdc_wdm 6-1:1.0: skipping garbage [ 628.773094][T22704] cdc_wdm 6-1:1.0: cdc-wdm0: USB WDM device [ 628.782860][T22704] cdc_wdm 6-1:1.0: Unknown control protocol [ 628.850016][T25388] netlink: 8 bytes leftover after parsing attributes in process `syz.3.8794'. [ 628.955232][ T24] usb 6-1: USB disconnect, device number 13 [ 629.606978][ T5828] usb 2-1: new high-speed USB device number 122 using dummy_hcd [ 629.777079][ T5828] usb 2-1: Using ep0 maxpacket: 8 [ 629.788425][ T5828] usb 2-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b [ 629.798941][ T5828] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 629.818402][ T5828] pvrusb2: Hardware description: Terratec Grabster AV400 [ 629.836323][ T5828] pvrusb2: ********** [ 629.847114][ T5828] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental. [ 629.858368][ T5828] pvrusb2: Important functionality might not be entirely working. [ 629.866360][ T5828] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver. [ 629.878916][ T5828] pvrusb2: ********** [ 630.017371][ T2344] pvrusb2: Invalid write control endpoint [ 630.082954][ T2344] pvrusb2: Invalid write control endpoint [ 630.088914][ T2344] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work. [ 630.100006][ T2344] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device. [ 630.113092][ T2344] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups. [ 630.123245][ T2344] pvrusb2: Device being rendered inoperable [ 630.131223][ T2344] cx25840 1-0044: Unable to detect h/w, assuming cx23887 [ 630.141827][ T2344] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_b) [ 630.155775][ T2344] pvrusb2: Attached sub-driver cx25840 [ 630.163085][ T2344] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 630.175961][ T2344] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 630.225612][ T5917] usb 2-1: USB disconnect, device number 122 [ 630.322711][T25451] netlink: 4 bytes leftover after parsing attributes in process `syz.5.8824'. [ 630.546972][ T10] usb 4-1: new high-speed USB device number 117 using dummy_hcd [ 630.716978][ T10] usb 4-1: Using ep0 maxpacket: 8 [ 630.741860][ T10] usb 4-1: config 32 has an invalid descriptor of length 0, skipping remainder of the config [ 630.764056][ T10] usb 4-1: New USB device found, idVendor=19b5, idProduct=0021, bcdDevice=98.c7 [ 630.808265][ T10] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 630.825494][ T10] hub 4-1:32.0: bad descriptor, ignoring hub [ 630.844385][ T10] hub 4-1:32.0: probe with driver hub failed with error -5 [ 631.313191][T11288] usb 4-1: reset high-speed USB device number 117 using dummy_hcd [ 632.369374][ T10] usb 4-1: USB disconnect, device number 117 [ 633.145988][T25518] netlink: 8 bytes leftover after parsing attributes in process `syz.3.8854'. [ 633.324402][T25528] netlink: 64 bytes leftover after parsing attributes in process `syz.1.8859'. [ 633.502332][T25536] netlink: 'syz.5.8863': attribute type 6 has an invalid length. [ 633.666019][T25547] netlink: 8 bytes leftover after parsing attributes in process `syz.3.8868'. [ 633.774041][T25556] netlink: 112 bytes leftover after parsing attributes in process `syz.3.8872'. [ 633.939791][T25556] syz.3.8872 (25556) used greatest stack depth: 17592 bytes left [ 634.790483][T25605] loop8: detected capacity change from 0 to 1 [ 634.799057][T25605] Dev loop8: unable to read RDB block 1 [ 634.804659][T25605] loop8: unable to read partition table [ 634.810692][T25605] loop8: partition table beyond EOD, truncated [ 634.818060][T25605] loop_reread_partitions: partition scan of loop8 (被x^> ) failed (rc=-5) [ 634.844181][ T2991] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 634.887055][ T24] usb 2-1: new high-speed USB device number 123 using dummy_hcd [ 635.036983][ T24] usb 2-1: Using ep0 maxpacket: 16 [ 635.043697][ T24] usb 2-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 635.053321][ T24] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 635.063569][ T24] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 635.075584][ T24] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 635.085103][ T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 635.093290][ T24] usb 2-1: Product: syz [ 635.099538][ T24] usb 2-1: Manufacturer: syz [ 635.104459][ T24] usb 2-1: SerialNumber: syz [ 635.254337][T25615] netlink: 8 bytes leftover after parsing attributes in process `syz.5.8897'. [ 635.538334][ T24] usb 2-1: 0:2 : does not exist [ 635.897218][ T10] usb 6-1: new high-speed USB device number 14 using dummy_hcd [ 635.944460][ T24] usb 2-1: 1:0: cannot get min/max values for control 4 (id 1) [ 635.976122][ T24] usb 2-1: USB disconnect, device number 123 [ 636.001402][ T6626] udevd[6626]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 636.060482][ T10] usb 6-1: config 0 interface 0 has no altsetting 0 [ 636.092354][ T10] usb 6-1: New USB device found, idVendor=172f, idProduct=0500, bcdDevice= 0.00 [ 636.122925][ T10] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 636.149358][ T10] usb 6-1: config 0 descriptor?? [ 636.591043][ T10] waltop 0003:172F:0500.009D: unknown main item tag 0x0 [ 636.608209][ T10] waltop 0003:172F:0500.009D: item fetching failed at offset 3/5 [ 636.628358][ T10] waltop 0003:172F:0500.009D: probe with driver waltop failed with error -22 [ 636.790813][ T10] usb 6-1: USB disconnect, device number 14 [ 637.390512][T25690] binder: 25689:25690 ioctl c018620c 200000000340 returned -1 [ 637.574594][T25700] loop8: detected capacity change from 0 to 1 [ 637.581894][T25700] Dev loop8: unable to read RDB block 1 [ 637.588021][T25700] loop8: unable to read partition table [ 637.593917][T25700] loop8: partition table beyond EOD, truncated [ 637.600569][T25700] loop_reread_partitions: partition scan of loop8 (被x^> ) failed (rc=-5) [ 637.702539][ T10] usb 6-1: new high-speed USB device number 15 using dummy_hcd [ 637.857054][ T10] usb 6-1: Using ep0 maxpacket: 8 [ 637.864666][ T10] usb 6-1: config 32 has an invalid descriptor of length 0, skipping remainder of the config [ 637.876201][ T10] usb 6-1: New USB device found, idVendor=19b5, idProduct=0021, bcdDevice=98.c7 [ 637.886516][ T10] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 637.896459][T22704] usb 4-1: new high-speed USB device number 118 using dummy_hcd [ 637.920286][ T10] hub 6-1:32.0: bad descriptor, ignoring hub [ 637.926505][ T10] hub 6-1:32.0: probe with driver hub failed with error -5 [ 638.067004][T22704] usb 4-1: Using ep0 maxpacket: 16 [ 638.074517][T22704] usb 4-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 8 [ 638.084751][T22704] usb 4-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 638.101286][T22704] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 638.111751][T22704] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 638.122624][T22704] usb 4-1: SerialNumber: syz [ 638.155076][T25692] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22 [ 638.379408][T22704] cdc_ether 4-1:1.0: probe with driver cdc_ether failed with error -71 [ 638.390570][T22704] usb 4-1: USB disconnect, device number 118 [ 638.419017][ T5917] usb 6-1: reset high-speed USB device number 15 using dummy_hcd [ 639.122363][ T5917] hid-generic 0000:0000:0000.009E: unknown main item tag 0x0 [ 639.151896][ T5917] hid-generic 0000:0000:0000.009E: hidraw0: HID v0.00 Device [syz1] on syz0 [ 639.418573][ T5917] usb 6-1: USB disconnect, device number 15 [ 639.777048][ T5828] usb 4-1: new high-speed USB device number 119 using dummy_hcd [ 639.961858][ T5828] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 1023 [ 639.972509][ T5828] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBA, changing to 0x8A [ 639.984524][ T5828] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8A has invalid maxpacket 121 [ 639.996698][ T5828] usb 4-1: New USB device found, idVendor=2294, idProduct=425b, bcdDevice=a2.10 [ 640.006160][ T5828] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 640.014294][ T5828] usb 4-1: Product: syz [ 640.018654][ T5828] usb 4-1: Manufacturer: syz [ 640.023238][ T5828] usb 4-1: SerialNumber: syz [ 640.030770][ T5828] usb 4-1: config 0 descriptor?? [ 640.036790][T25753] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 640.044544][T25753] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 640.054060][ T5828] usb 4-1: ucan: probing device on interface #0 [ 640.661545][ T5828] ucan 4-1:0.0: probe with driver ucan failed with error -22 [ 640.868925][ T10] usb 4-1: USB disconnect, device number 119 [ 641.967649][T25818] kvm: apic: phys broadcast and lowest prio [ 642.002885][ T5917] usb 2-1: new high-speed USB device number 124 using dummy_hcd [ 642.140512][T25826] add_ndev_hash(bond0) on ffff888042aac000 done [ 642.160505][T25826] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 642.178150][ T5917] usb 2-1: Using ep0 maxpacket: 16 [ 642.189863][ T5917] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 642.207099][T25826] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98 [ 642.214372][ T5917] usb 2-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 642.257501][ T5917] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 642.278153][ T5917] usb 2-1: config 0 descriptor?? [ 642.443153][ T24] hid-generic 0000:0000:0000.009F: unknown main item tag 0x0 [ 642.469380][ T24] hid-generic 0000:0000:0000.009F: hidraw0: HID v0.00 Device [syz1] on syz0 [ 642.713431][ T5917] mcp2221 0003:04D8:00DD.00A0: USB HID v0.05 Device [HID 04d8:00dd] on usb-dummy_hcd.1-1/input0 [ 642.884462][T25858] tap0: tun_chr_ioctl cmd 1074025675 [ 642.889907][T25858] tap0: persist enabled [ 642.890110][T25860] input: syz0 as /devices/virtual/input/input65 [ 643.136338][ T5917] usb 2-1: USB disconnect, device number 124 [ 643.287015][T22704] usb 6-1: new high-speed USB device number 16 using dummy_hcd [ 643.446949][T22704] usb 6-1: Using ep0 maxpacket: 16 [ 643.462638][T22704] usb 6-1: config 0 has an invalid interface number: 8 but max is 0 [ 643.472788][ T30] audit: type=1326 audit(2000000588.084:136): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25848 comm="syz.3.9006" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3efff8f749 code=0x7fc00000 [ 643.516543][T22704] usb 6-1: config 0 has no interface number 0 [ 643.531698][T22704] usb 6-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 643.555955][T22704] usb 6-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 643.580140][T22704] usb 6-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f [ 643.591745][T22704] usb 6-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3 [ 643.602765][T22704] usb 6-1: Product: syz [ 643.607290][T22704] usb 6-1: SerialNumber: syz [ 643.624765][T22704] usb 6-1: config 0 descriptor?? [ 643.652081][T22704] cm109 6-1:0.8: invalid payload size 0, expected 4 [ 643.673112][T22704] input: CM109 USB driver as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.8/input/input66 [ 643.882791][ C0] cm109 6-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 643.882959][ T5917] usb 6-1: USB disconnect, device number 16 [ 643.890047][ C0] cm109 6-1:0.8: cm109_submit_buzz_toggle: usb_submit_urb (urb_ctl) failed -19 [ 643.918880][ T5917] cm109 6-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19 [ 644.062505][T25893] kvm: kvm [25892]: vcpu1, guest rIP: 0xfff0 Unhandled WRMSR(0x4000006e) = 0x8004 [ 644.335906][ T2991] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 644.440042][ T5917] usb 4-1: new high-speed USB device number 120 using dummy_hcd [ 644.517361][ T24] usb 2-1: new high-speed USB device number 125 using dummy_hcd [ 644.623086][ T5917] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 644.632961][ T5917] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 644.643225][ T5917] usb 4-1: Product: syz [ 644.651420][ T5917] usb 4-1: Manufacturer: syz [ 644.656217][ T5917] usb 4-1: SerialNumber: syz [ 644.675961][ T5917] usb 4-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 644.686675][ T24] usb 2-1: config 0 interface 0 has no altsetting 0 [ 644.700504][ T24] usb 2-1: New USB device found, idVendor=172f, idProduct=0500, bcdDevice= 0.00 [ 644.730592][T22635] usb 4-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 644.747149][ T24] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 644.770532][ T24] usb 2-1: config 0 descriptor?? [ 645.218430][ T24] waltop 0003:172F:0500.00A1: unknown main item tag 0x0 [ 645.257197][ T24] waltop 0003:172F:0500.00A1: item fetching failed at offset 3/5 [ 645.289884][ T24] waltop 0003:172F:0500.00A1: probe with driver waltop failed with error -22 [ 645.351997][ T10] usb 4-1: USB disconnect, device number 120 [ 645.419101][ T24] usb 2-1: USB disconnect, device number 125 [ 645.974268][T22635] usb 4-1: Service connection timeout for: 256 [ 645.992792][T22635] ath9k_htc 4-1:1.0: ath9k_htc: Unable to initialize HTC services [ 646.038442][T22635] ath9k_htc: Failed to initialize the device [ 646.057259][ T10] usb 4-1: ath9k_htc: USB layer deinitialized [ 646.179936][T25953] tap0: tun_chr_ioctl cmd 1074025675 [ 646.185276][T25953] tap0: persist enabled [ 646.537787][ T10] usb 6-1: new high-speed USB device number 17 using dummy_hcd [ 646.575169][T25970] netlink: 52 bytes leftover after parsing attributes in process `syz.6.9057'. [ 646.604548][T25970] netlink: 52 bytes leftover after parsing attributes in process `syz.6.9057'. [ 646.706980][ T10] usb 6-1: Using ep0 maxpacket: 8 [ 646.727745][ T10] usb 6-1: config 0 has an invalid interface number: 55 but max is 0 [ 646.735876][ T10] usb 6-1: config 0 has no interface number 0 [ 646.797038][ T10] usb 6-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 646.824712][ T10] usb 6-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 646.876957][ T10] usb 6-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 646.906963][ T10] usb 6-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 646.970015][ T10] usb 6-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 647.030900][ T10] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 647.080027][ T10] usb 6-1: config 0 descriptor?? [ 647.106479][ T10] ldusb 6-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 647.355397][T25960] ldusb 6-1:0.55: Write buffer overflow, 1 bytes dropped [ 649.278702][ T10] usb 6-1: USB disconnect, device number 17 [ 649.290970][ T10] ldusb 6-1:0.55: LD USB Device #0 now disconnected [ 649.477422][ T52] Bluetooth: hci5: Entering manufacturer mode failed (-110) [ 649.517512][T26023] kvm: kvm [26020]: vcpu1, guest rIP: 0xfff0 Unhandled WRMSR(0x4000006e) = 0x8004 [ 649.967953][ T10] usb 2-1: new high-speed USB device number 126 using dummy_hcd [ 650.129394][ T10] usb 2-1: Using ep0 maxpacket: 8 [ 650.140258][ T10] usb 2-1: config 0 has an invalid interface number: 55 but max is 0 [ 650.150351][ T10] usb 2-1: config 0 has no interface number 0 [ 650.156472][ T10] usb 2-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 650.169313][ T10] usb 2-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 650.181432][ T10] usb 2-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 650.192840][ T10] usb 2-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 650.209007][ T10] usb 2-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 650.218088][ T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 650.227308][ T5828] usb 6-1: new high-speed USB device number 18 using dummy_hcd [ 650.237657][ T10] usb 2-1: config 0 descriptor?? [ 650.249946][ T10] ldusb 2-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 650.407006][ T5828] usb 6-1: Using ep0 maxpacket: 16 [ 650.415474][ T5828] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 650.426835][ T5828] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 650.442646][ T5828] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 650.462473][ T5828] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 650.480124][ T5828] usb 6-1: Product: syz [ 650.485050][T26035] ldusb 2-1:0.55: Write buffer overflow, 1 bytes dropped [ 650.492980][ T5828] usb 6-1: Manufacturer: syz [ 650.498175][ T5828] usb 6-1: SerialNumber: syz [ 650.913547][ T5828] usb 6-1: 0:2 : does not exist [ 651.323277][ T5828] usb 6-1: 5:0: failed to get current value for ch 0 (-22) [ 651.351881][ T5828] usb 6-1: USB disconnect, device number 18 [ 651.409407][ T6626] udevd[6626]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 651.714899][T26084] netlink: 'syz.3.9102': attribute type 8 has an invalid length. [ 652.289268][T26111] netlink: 'syz.5.9115': attribute type 2 has an invalid length. [ 652.297505][T26111] netlink: 4 bytes leftover after parsing attributes in process `syz.5.9115'. [ 652.519037][ T10] usb 2-1: USB disconnect, device number 126 [ 652.542534][ T10] ldusb 2-1:0.55: LD USB Device #0 now disconnected [ 652.766688][ T25] block nbd1: Possible stuck request ffff8880263a0000: control (read@0,1024B). Runtime 120 seconds [ 652.780360][ T25] block nbd1: Possible stuck request ffff8880263a0200: control (read@1024,1024B). Runtime 120 seconds [ 652.791543][ T25] block nbd1: Possible stuck request ffff8880263a0400: control (read@2048,1024B). Runtime 120 seconds [ 652.802980][ T25] block nbd1: Possible stuck request ffff8880263a0600: control (read@3072,1024B). Runtime 120 seconds [ 653.450504][T26143] netlink: 'syz.1.9131': attribute type 2 has an invalid length. [ 653.458459][T26143] netlink: 4 bytes leftover after parsing attributes in process `syz.1.9131'. [ 653.826956][ T5917] usb 2-1: new high-speed USB device number 127 using dummy_hcd [ 653.978481][ T5917] usb 2-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config [ 653.988956][ T5917] usb 2-1: New USB device found, idVendor=041e, idProduct=4007, bcdDevice=5d.18 [ 653.998705][ T5917] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 654.013151][ T5917] gspca_main: stv0680-2.14.0 probing 041e:4007 [ 654.277427][ T5147] Bluetooth: hci5: command 0x1003 tx timeout [ 654.277519][ T52] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 655.083357][ T5917] stv0680 2-1:4.0: Could not get descriptor 0200 [ 655.292936][ T5917] gspca_stv0680: usb_control_msg error 0, request = 0x80, error = -71 [ 655.317121][ T5917] stv0680 2-1:4.0: last error: 2, command = 0x8 [ 655.336652][ T5917] usb 2-1: USB disconnect, device number 127 [ 655.397337][ T5833] Bluetooth: hci6: Entering manufacturer mode failed (-110) [ 656.073360][T26199] input: syz1 as /devices/virtual/input/input67 [ 656.910668][T26235] can0: slcan on ptm0. [ 656.948829][ T52] Bluetooth: hci3: link tx timeout [ 656.956254][ T52] Bluetooth: hci3: killing stalled connection 10:aa:aa:aa:aa:aa [ 656.969764][ T52] Bluetooth: hci3: link tx timeout [ 656.974914][ T52] Bluetooth: hci3: killing stalled connection 11:aa:aa:aa:aa:aa [ 657.010556][ T52] Bluetooth: hci3: link tx timeout [ 657.015712][ T52] Bluetooth: hci3: killing stalled connection 10:aa:aa:aa:aa:aa [ 657.023549][ T52] Bluetooth: hci3: link tx timeout [ 657.028872][ T52] Bluetooth: hci3: killing stalled connection 11:aa:aa:aa:aa:aa [ 657.094714][T26251] netlink: 212356 bytes leftover after parsing attributes in process `syz.5.9175'. [ 657.139390][T26242] can0 (unregistered): slcan off ptm0. [ 657.217592][T22635] usb 4-1: new high-speed USB device number 121 using dummy_hcd [ 657.270319][ T52] Bluetooth: hci3: link tx timeout [ 657.275474][ T52] Bluetooth: hci3: killing stalled connection 10:aa:aa:aa:aa:aa [ 657.283178][ T52] Bluetooth: hci3: link tx timeout [ 657.288338][ T52] Bluetooth: hci3: killing stalled connection 11:aa:aa:aa:aa:aa [ 657.331218][ T52] Bluetooth: hci3: link tx timeout [ 657.336395][ T52] Bluetooth: hci3: killing stalled connection 10:aa:aa:aa:aa:aa [ 657.344738][ T52] Bluetooth: hci3: link tx timeout [ 657.350623][ T52] Bluetooth: hci3: killing stalled connection 11:aa:aa:aa:aa:aa [ 657.364387][ T52] Bluetooth: hci3: link tx timeout [ 657.370024][ T52] Bluetooth: hci3: killing stalled connection 10:aa:aa:aa:aa:aa [ 657.378348][ T52] Bluetooth: hci3: link tx timeout [ 657.383477][ T52] Bluetooth: hci3: killing stalled connection 11:aa:aa:aa:aa:aa [ 657.397154][T22635] usb 4-1: Using ep0 maxpacket: 8 [ 657.437121][T22635] usb 4-1: New USB device found, idVendor=047d, idProduct=5003, bcdDevice=2f.8c [ 657.463427][T22635] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 657.497087][T22635] usb 4-1: Product: syz [ 657.501516][T22635] usb 4-1: Manufacturer: syz [ 657.506195][T22635] usb 4-1: SerialNumber: syz [ 657.538623][T22635] usb 4-1: config 0 descriptor?? [ 657.572550][T22635] gspca_main: se401-2.14.0 probing 047d:5003 [ 657.648564][ T30] audit: type=1400 audit(2000000602.254:137): apparmor="DENIED" operation="stack_onexec" class="file" info="label not found" error=-2 profile="unconfined" name=3A2020202030202020313120202020302020202030202020202030202020202020203020202020202020202020300A65727370616E303A202020202020203020202020202020302020202030202020203020202020302020202020302020202020202020202030202020202020202020302020202020202020302020202020202030202020313120202020302020202030202020202030202020202020203020202020202020202020300A69705F767469303A202020202020203020202020202020302020202030202020203020202020302020202020302020202020202020202030202020202020202020302020202020202020302020202020202030202020203120202020302020202030202020202030202020202020203120202020202020202020300A6970365F767469303A202020202020203020202020202020302020202030202020203020202020302020202020302020202020202020202030202020202020202020302020202020202020302020202020202030202020313020202031302020202030202020202030202020202020313020202020202020202020300A2020736974303A202020202 [ 658.132103][T22635] usb 4-1: reset high-speed USB device number 121 using dummy_hcd [ 658.280183][ T52] Bluetooth: hci3: link tx timeout [ 658.285423][ T52] Bluetooth: hci3: killing stalled connection 10:aa:aa:aa:aa:aa [ 658.294169][ T52] Bluetooth: hci3: link tx timeout [ 658.299838][ T52] Bluetooth: hci3: killing stalled connection 11:aa:aa:aa:aa:aa [ 658.446384][ T52] Bluetooth: hci3: link tx timeout [ 658.451978][ T52] Bluetooth: hci3: killing stalled connection 10:aa:aa:aa:aa:aa [ 658.460119][ T52] Bluetooth: hci3: link tx timeout [ 658.465247][ T52] Bluetooth: hci3: killing stalled connection 11:aa:aa:aa:aa:aa [ 658.501171][ T52] Bluetooth: hci3: link tx timeout [ 658.506453][ T52] Bluetooth: hci3: killing stalled connection 10:aa:aa:aa:aa:aa [ 658.516633][ T52] Bluetooth: hci3: link tx timeout [ 658.524474][ T52] Bluetooth: hci3: killing stalled connection 11:aa:aa:aa:aa:aa [ 658.877868][T22635] gspca_se401: write req failed req 0x57 val 0x00 error -71 [ 658.896158][T22635] se401 4-1:0.0: probe with driver se401 failed with error -71 [ 658.921405][T22635] usb 4-1: USB disconnect, device number 121 [ 658.963457][ T52] Bluetooth: hci3: link tx timeout [ 658.976516][ T52] Bluetooth: hci3: killing stalled connection 10:aa:aa:aa:aa:aa [ 658.986981][ T52] Bluetooth: hci3: link tx timeout [ 658.995767][ T52] Bluetooth: hci3: killing stalled connection 11:aa:aa:aa:aa:aa [ 659.022404][ T52] Bluetooth: hci3: command 0x0406 tx timeout [ 659.463546][T26343] binder: 26342:26343 ioctl 400c620e 0 returned -14 [ 661.077117][ T52] Bluetooth: hci3: command 0x0406 tx timeout [ 661.442736][T26444] Bluetooth: received HCILL_WAKE_UP_ACK in state 2 [ 661.469230][T13101] Bluetooth: hci5: Frame reassembly failed (-84) [ 661.475873][ T42] Bluetooth: hci5: Frame reassembly failed (-84) [ 661.636351][T26454] netlink: 48 bytes leftover after parsing attributes in process `syz.1.9240'. [ 661.663221][T26454] netlink: 48 bytes leftover after parsing attributes in process `syz.1.9240'. [ 663.304219][T26512] binder: 26511:26512 ioctl 400c620e 0 returned -14 [ 663.480410][ T5833] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 663.483299][ T52] Bluetooth: hci5: command 0x1003 tx timeout [ 665.075420][T26619] netlink: 140 bytes leftover after parsing attributes in process `syz.1.9307'. [ 665.150836][T26623] loop5: detected capacity change from 0 to 7 [ 665.177139][T22704] usb 6-1: new high-speed USB device number 19 using dummy_hcd [ 665.347119][T22704] usb 6-1: Using ep0 maxpacket: 8 [ 665.354268][T22704] usb 6-1: config 1 has an invalid interface number: 96 but max is 0 [ 665.365797][T26623] Dev loop5: unable to read RDB block 7 [ 665.368423][ C0] blk_print_req_error: 5 callbacks suppressed [ 665.368440][ C0] invalid error, dev loop5, sector 0 op 0x1:(WRITE) flags 0x800800 phys_seg 1 prio class 2 [ 665.373712][T26623] loop5: unable to read partition table [ 665.377478][ C0] buffer_io_error: 5 callbacks suppressed [ 665.377493][ C0] Buffer I/O error on dev loop5, logical block 0, lost async page write [ 665.380196][T22704] usb 6-1: config 1 has no interface number 0 [ 665.390499][T26623] loop5: partition table beyond EOD, [ 665.394094][T22704] usb 6-1: config 1 interface 96 has no altsetting 0 [ 665.401438][T26623] truncated [ 665.411454][T22704] usb 6-1: New USB device found, idVendor=055f, idProduct=a800, bcdDevice=77.d3 [ 665.415076][T26623] loop_reread_partitions: partition scan of loop5 (Cj̖P=ý?}X %`ր{֐ȵ4FLQk݊) failed (rc=-5) [ 665.439101][T22704] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 665.439128][T22704] usb 6-1: Product: syz [ 665.439144][T22704] usb 6-1: Manufacturer: syz [ 665.439161][T22704] usb 6-1: SerialNumber: syz [ 665.667832][T22704] mdc800 6-1:1.96: probe fails -> wrong Interface [ 665.699306][T22704] usb 6-1: USB disconnect, device number 19 [ 666.565010][T26667] program syz.1.9336 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 666.765304][T26675] netlink: 140 bytes leftover after parsing attributes in process `syz.6.9332'. [ 666.845986][ T6101] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 667.924863][ T1157] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 668.046640][ T1157] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 668.160525][ T1157] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 668.282610][ T1157] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 668.413501][ T52] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 668.423976][ T52] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 668.432866][ T52] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 668.446589][ T52] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 668.459835][ T52] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 668.592426][ T1157] bridge_slave_1: left allmulticast mode [ 668.600313][ T1157] bridge_slave_1: left promiscuous mode [ 668.606829][ T1157] bridge0: port 2(bridge_slave_1) entered disabled state [ 668.618172][ T1157] bridge_slave_0: left allmulticast mode [ 668.623838][ T1157] bridge_slave_0: left promiscuous mode [ 668.630331][ T1157] bridge0: port 1(bridge_slave_0) entered disabled state [ 668.815531][T26730] netlink: 64 bytes leftover after parsing attributes in process `syz.3.9358'. [ 669.072755][ T1157] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 669.083890][ T1157] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 669.094354][ T1157] bond0 (unregistering): Released all slaves [ 669.640644][T26721] chnl_net:caif_netlink_parms(): no params data found [ 669.709718][ T1157] hsr_slave_0: left promiscuous mode [ 669.716057][ T1157] hsr_slave_1: left promiscuous mode [ 669.725498][ T1157] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 669.733831][ T1157] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 669.743618][ T1157] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 669.751363][ T1157] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 669.783080][ T1157] veth1_macvtap: left promiscuous mode [ 669.789048][ T1157] veth0_macvtap: left promiscuous mode [ 669.794747][ T1157] veth1_vlan: left promiscuous mode [ 669.800988][ T1157] veth0_vlan: left promiscuous mode [ 669.847568][ T10] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 670.017497][ T10] usb 2-1: Using ep0 maxpacket: 8 [ 670.030977][ T10] usb 2-1: config 1 has an invalid interface number: 96 but max is 0 [ 670.046925][ T10] usb 2-1: config 1 has no interface number 0 [ 670.057604][ T10] usb 2-1: config 1 interface 96 has no altsetting 0 [ 670.069430][ T10] usb 2-1: New USB device found, idVendor=055f, idProduct=a800, bcdDevice=77.d3 [ 670.081281][ T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 670.089635][ T10] usb 2-1: Product: syz [ 670.094242][ T10] usb 2-1: Manufacturer: syz [ 670.099465][ T10] usb 2-1: SerialNumber: syz [ 670.347332][ T10] mdc800 2-1:1.96: probe fails -> wrong Interface [ 670.373317][ T10] usb 2-1: USB disconnect, device number 2 [ 670.521859][ T5833] Bluetooth: hci2: command tx timeout [ 670.564743][ T6101] Bluetooth: hci5: Frame reassembly failed (-84) [ 670.585252][T26779] Bluetooth: received HCILL_WAKE_UP_ACK in state 2 [ 670.606480][ T6101] Bluetooth: hci5: Frame reassembly failed (-84) [ 670.824165][ T1157] team0 (unregistering): Port device team_slave_1 removed [ 670.869293][ T1157] team0 (unregistering): Port device team_slave_0 removed [ 671.485956][T26721] bridge0: port 1(bridge_slave_0) entered blocking state [ 671.493887][T26721] bridge0: port 1(bridge_slave_0) entered disabled state [ 671.502075][T26721] bridge_slave_0: entered allmulticast mode [ 671.509970][T26721] bridge_slave_0: entered promiscuous mode [ 671.519322][T26721] bridge0: port 2(bridge_slave_1) entered blocking state [ 671.538312][T26721] bridge0: port 2(bridge_slave_1) entered disabled state [ 671.555120][T26721] bridge_slave_1: entered allmulticast mode [ 671.566573][T26721] bridge_slave_1: entered promiscuous mode [ 671.646518][T26721] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 671.661547][T26721] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 671.770700][T26721] team0: Port device team_slave_0 added [ 671.791960][T26721] team0: Port device team_slave_1 added [ 671.906705][T26809] 9pnet: Limiting 'msize' to 1048576 as this is the maximum supported by transport fd [ 671.922518][T26721] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 671.937217][T26721] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 671.983845][T26721] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 672.051370][T26721] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 672.078499][T26721] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 672.138248][T26721] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 672.322960][T26721] hsr_slave_0: entered promiscuous mode [ 672.333630][T26721] hsr_slave_1: entered promiscuous mode [ 672.353377][T26721] debugfs: 'hsr0' already exists in 'hsr' [ 672.367059][T26721] Cannot create hsr debugfs directory [ 672.597067][ T5833] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 672.597144][ T52] Bluetooth: hci2: command tx timeout [ 672.603747][ T5147] Bluetooth: hci5: command 0x1003 tx timeout [ 672.648596][T26831] Cache volume key already in use (9p,(null),) [ 672.737389][T26834] 9pnet: Limiting 'msize' to 1048576 as this is the maximum supported by transport fd [ 673.107204][T22635] usb 4-1: new high-speed USB device number 122 using dummy_hcd [ 673.278512][T22635] usb 4-1: Using ep0 maxpacket: 16 [ 673.286386][T22635] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 673.317632][T22635] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 673.348739][T22635] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 673.367474][T22635] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 673.397303][T22635] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 673.400778][T26721] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 673.418537][T22635] usb 4-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 673.440479][T26721] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 673.443827][T22635] usb 4-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 673.479545][T22635] usb 4-1: Manufacturer: syz [ 673.480894][T26721] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 673.489860][T22635] usb 4-1: config 0 descriptor?? [ 673.515231][T26721] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 673.707927][T26721] 8021q: adding VLAN 0 to HW filter on device bond0 [ 673.737831][T26867] input: syz0 as /devices/virtual/input/input68 [ 673.766698][T26721] 8021q: adding VLAN 0 to HW filter on device team0 [ 673.798988][ T6101] bridge0: port 1(bridge_slave_0) entered blocking state [ 673.806178][ T6101] bridge0: port 1(bridge_slave_0) entered forwarding state [ 673.839937][ T6101] bridge0: port 2(bridge_slave_1) entered blocking state [ 673.847178][ T6101] bridge0: port 2(bridge_slave_1) entered forwarding state [ 673.887302][T22635] rc_core: IR keymap rc-hauppauge not found [ 673.903523][T22635] Registered IR keymap rc-empty [ 673.909773][T22635] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 673.937020][T22635] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 673.982118][T22635] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0 [ 674.016724][T22635] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0/input69 [ 674.035151][T22635] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 674.057440][T22635] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 674.077781][T22635] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 674.098347][T22635] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 674.126383][T22635] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 674.150890][T22635] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 674.177232][T22635] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 674.207221][T22635] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 674.233883][T22635] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 674.277363][T22635] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 674.306709][T26721] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 674.323597][T22635] mceusb 4-1:0.0: Registered 424242424242 with mce emulator interface version 1 [ 674.334781][T22635] mceusb 4-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 674.359099][T22635] usb 4-1: USB disconnect, device number 122 [ 674.677845][ T52] Bluetooth: hci2: command tx timeout [ 674.790660][T26721] veth0_vlan: entered promiscuous mode [ 674.811690][T26721] veth1_vlan: entered promiscuous mode [ 674.856364][T26721] veth0_macvtap: entered promiscuous mode [ 674.868095][T26721] veth1_macvtap: entered promiscuous mode [ 674.906507][T26721] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 674.931639][T26721] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 674.971840][ T1157] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 674.990887][ T1157] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 675.025779][ T1157] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 675.062593][ T6101] Bluetooth: hci5: Frame reassembly failed (-84) [ 675.069361][ T1157] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 675.080932][T26908] Bluetooth: received HCILL_WAKE_UP_ACK in state 2 [ 675.150493][ T42] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 675.166986][ T42] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 675.215608][ T2991] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 675.225310][ T2991] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 675.362901][ T6101] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 676.167061][ T5828] usb 6-1: new high-speed USB device number 20 using dummy_hcd [ 676.328906][ T5828] usb 6-1: Using ep0 maxpacket: 16 [ 676.343984][ T5828] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 676.356063][ T5828] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 676.369603][ T5828] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 676.379480][ T5828] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 676.390214][ T5828] usb 6-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 676.404643][ T5828] usb 6-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 676.413870][ T5828] usb 6-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 676.422034][ T5828] usb 6-1: Manufacturer: syz [ 676.429810][ T5828] usb 6-1: config 0 descriptor?? [ 676.687099][ T5828] rc_core: IR keymap rc-hauppauge not found [ 676.693041][ T5828] Registered IR keymap rc-empty [ 676.698606][ T5828] mceusb 6-1:0.0: Error: mce write submit urb error = -90 [ 676.727340][ T5828] mceusb 6-1:0.0: Error: mce write submit urb error = -90 [ 676.747853][ T5828] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/rc/rc0 [ 676.759595][ T5833] Bluetooth: hci2: command tx timeout [ 676.767313][ T5828] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/rc/rc0/input70 [ 676.781808][ T5828] mceusb 6-1:0.0: Error: mce write submit urb error = -90 [ 676.817397][ T5828] mceusb 6-1:0.0: Error: mce write submit urb error = -90 [ 676.838471][ T5828] mceusb 6-1:0.0: Error: mce write submit urb error = -90 [ 676.857304][ T5828] mceusb 6-1:0.0: Error: mce write submit urb error = -90 [ 676.877248][ T5828] mceusb 6-1:0.0: Error: mce write submit urb error = -90 [ 676.908565][ T5828] mceusb 6-1:0.0: Error: mce write submit urb error = -90 [ 676.928304][ T5828] mceusb 6-1:0.0: Error: mce write submit urb error = -90 [ 676.947444][ T5828] mceusb 6-1:0.0: Error: mce write submit urb error = -90 [ 676.968215][ T5828] mceusb 6-1:0.0: Error: mce write submit urb error = -90 [ 676.987167][ T5828] mceusb 6-1:0.0: Error: mce write submit urb error = -90 [ 677.009970][ T5828] mceusb 6-1:0.0: Registered 424242424242 with mce emulator interface version 1 [ 677.019126][ T5828] mceusb 6-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 677.077734][ T5833] Bluetooth: hci5: command 0x1003 tx timeout [ 677.084372][ T52] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 677.130609][ T5828] usb 6-1: USB disconnect, device number 20 [ 677.967414][ T5917] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 678.137341][ T5917] usb 2-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 678.152980][ T5917] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 678.176939][ T5917] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 678.187953][ T5917] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 678.202702][ T5917] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 678.212392][ T5917] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 678.221275][ T5917] usb 2-1: Product: syz [ 678.225686][ T5917] usb 2-1: Manufacturer: syz [ 678.248737][ T5917] cdc_wdm 2-1:1.0: skipping garbage [ 678.253991][ T5917] cdc_wdm 2-1:1.0: skipping garbage [ 678.263479][ T5917] cdc_wdm 2-1:1.0: cdc-wdm0: USB WDM device [ 678.277403][ T5917] cdc_wdm 2-1:1.0: Unknown control protocol [ 678.462978][ C1] cdc_wdm 2-1:1.0: unknown notification 6 received: index 0 len 0 [ 678.657006][ T5917] usb 6-1: new high-speed USB device number 21 using dummy_hcd [ 678.676787][T22704] usb 2-1: USB disconnect, device number 3 [ 678.809038][ T5917] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 678.820130][ T5917] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 678.829978][ T5917] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 678.845890][ T5917] usb 6-1: New USB device found, idVendor=11c0, idProduct=5506, bcdDevice= 0.00 [ 678.855043][ T5917] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 678.865089][ T5917] usb 6-1: config 0 descriptor?? [ 679.129087][T27021] netlink: 'syz.3.9443': attribute type 2 has an invalid length. [ 679.137049][T27021] netlink: 'syz.3.9443': attribute type 1 has an invalid length. [ 679.144827][T27021] netlink: 100 bytes leftover after parsing attributes in process `syz.3.9443'. [ 679.293728][ T5917] betop 0003:11C0:5506.00A2: unknown main item tag 0x0 [ 679.320265][ T5917] betop 0003:11C0:5506.00A2: unknown main item tag 0x0 [ 679.337270][ T5917] betop 0003:11C0:5506.00A2: unknown main item tag 0x0 [ 679.354369][ T5917] betop 0003:11C0:5506.00A2: unknown main item tag 0x0 [ 679.366284][ T5917] betop 0003:11C0:5506.00A2: unknown main item tag 0x0 [ 679.384462][ T5917] betop 0003:11C0:5506.00A2: unknown main item tag 0x0 [ 679.409925][ T5917] betop 0003:11C0:5506.00A2: unknown main item tag 0x0 [ 679.418765][ T5917] betop 0003:11C0:5506.00A2: unknown main item tag 0x0 [ 679.426184][ T5917] betop 0003:11C0:5506.00A2: unknown main item tag 0x0 [ 679.434001][ T5917] betop 0003:11C0:5506.00A2: unknown main item tag 0x0 [ 679.452019][ T5917] betop 0003:11C0:5506.00A2: hidraw0: USB HID v0.01 Device [HID 11c0:5506] on usb-dummy_hcd.5-1/input0 [ 679.483935][ T5917] betop 0003:11C0:5506.00A2: no inputs found [ 679.532713][ T5917] usb 6-1: USB disconnect, device number 21 [ 679.636567][T27032] fido_id[27032]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.5/usb6/report_descriptor': No such file or directory [ 680.030820][T27060] netlink: 'syz.3.9461': attribute type 2 has an invalid length. [ 680.131281][ T5828] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 680.289963][ T5828] usb 2-1: config 0 has an invalid interface number: 0 but max is -1 [ 680.298607][ T5828] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 0 [ 680.310760][ T5828] usb 2-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a [ 680.320753][ T5828] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=67 [ 680.329357][ T5828] usb 2-1: Product: syz [ 680.334564][ T5828] usb 2-1: Manufacturer: syz [ 680.341969][ T5828] usb 2-1: SerialNumber: syz [ 680.351737][ T5828] usb 2-1: config 0 descriptor?? [ 680.625923][ T50] IPVS: starting estimator thread 0... [ 680.733787][T27088] IPVS: using max 25 ests per chain, 60000 per kthread [ 680.946365][T27100] netlink: 'syz.5.9479': attribute type 9 has an invalid length. [ 680.955802][T27100] netlink: 212368 bytes leftover after parsing attributes in process `syz.5.9479'. [ 681.197398][ T5828] usb 2-1: Firmware version (0.0) predates our first public release. [ 681.220841][ T5828] usb 2-1: Please update to version 0.2 or newer [ 681.306194][T27118] batadv_slave_1: entered promiscuous mode [ 681.320844][T27118] batadv_slave_1: left promiscuous mode [ 681.336214][ T5828] usb 2-1: USB disconnect, device number 4 [ 682.382065][T27168] netlink: 4 bytes leftover after parsing attributes in process `syz.5.9511'. [ 682.502914][T27174] netlink: 24 bytes leftover after parsing attributes in process `syz.5.9512'. [ 682.524003][T27174] netlink: 24 bytes leftover after parsing attributes in process `syz.5.9512'. [ 682.712705][T27183] netlink: 'syz.5.9517': attribute type 12 has an invalid length. [ 682.727046][T27183] netlink: 120 bytes leftover after parsing attributes in process `syz.5.9517'. [ 682.850266][ T25] block nbd1: Possible stuck request ffff8880263a0000: control (read@0,1024B). Runtime 150 seconds [ 682.861202][ T25] block nbd1: Possible stuck request ffff8880263a0200: control (read@1024,1024B). Runtime 150 seconds [ 682.874433][ T25] block nbd1: Possible stuck request ffff8880263a0400: control (read@2048,1024B). Runtime 150 seconds [ 682.885849][ T25] block nbd1: Possible stuck request ffff8880263a0600: control (read@3072,1024B). Runtime 150 seconds [ 683.175800][T27204] netlink: 48 bytes leftover after parsing attributes in process `syz.6.9534'. [ 683.271734][T27208] batadv_slave_1: entered promiscuous mode [ 683.279628][T27208] batadv_slave_1: left promiscuous mode [ 683.752827][T27236] netlink: 60 bytes leftover after parsing attributes in process `syz.3.9542'. [ 683.797714][ T52] Bluetooth: hci2: command tx timeout [ 683.917394][T27073] usb 6-1: new full-speed USB device number 22 using dummy_hcd [ 683.948467][T27246] netlink: 'syz.1.9548': attribute type 9 has an invalid length. [ 683.956306][T27246] netlink: 212368 bytes leftover after parsing attributes in process `syz.1.9548'. [ 684.079106][T27073] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 684.108212][T27073] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 684.133189][T27073] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 684.150228][T27073] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 684.158860][T27073] usb 6-1: Product: syz [ 684.163582][T27073] usb 6-1: Manufacturer: syz [ 684.169281][T27073] usb 6-1: SerialNumber: syz [ 684.175847][T27256] netlink: 4 bytes leftover after parsing attributes in process `syz.6.9552'. [ 684.392956][T27073] usb 6-1: 0:2 : does not exist [ 684.401346][T27073] usb 6-1: 5:0: failed to get current value for ch 0 (-22) [ 684.422763][T27073] usb 6-1: USB disconnect, device number 22 [ 684.452085][ T6626] udevd[6626]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 684.469559][ T50] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 684.628338][ T50] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 684.640994][ T50] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 684.650926][ T50] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 684.664055][ T50] usb 2-1: New USB device found, idVendor=11c0, idProduct=5506, bcdDevice= 0.00 [ 684.673306][ T50] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 684.684069][ T50] usb 2-1: config 0 descriptor?? [ 684.743044][T27260] netlink: 48 bytes leftover after parsing attributes in process `syz.3.9555'. [ 685.110660][ T50] hid_parser_main: 28 callbacks suppressed [ 685.110683][ T50] betop 0003:11C0:5506.00A3: unknown main item tag 0x0 [ 685.136402][ T50] betop 0003:11C0:5506.00A3: unknown main item tag 0x0 [ 685.158534][ T50] betop 0003:11C0:5506.00A3: unknown main item tag 0x0 [ 685.165662][ T50] betop 0003:11C0:5506.00A3: unknown main item tag 0x0 [ 685.173667][ T50] betop 0003:11C0:5506.00A3: unknown main item tag 0x0 [ 685.181445][ T50] betop 0003:11C0:5506.00A3: unknown main item tag 0x0 [ 685.189037][ T50] betop 0003:11C0:5506.00A3: unknown main item tag 0x0 [ 685.199467][ T50] betop 0003:11C0:5506.00A3: unknown main item tag 0x0 [ 685.206367][ T50] betop 0003:11C0:5506.00A3: unknown main item tag 0x0 [ 685.214488][ T50] betop 0003:11C0:5506.00A3: unknown main item tag 0x0 [ 685.229776][ T50] betop 0003:11C0:5506.00A3: hidraw0: USB HID v0.01 Device [HID 11c0:5506] on usb-dummy_hcd.1-1/input0 [ 685.245678][ T50] betop 0003:11C0:5506.00A3: no inputs found [ 685.331828][ T50] usb 2-1: USB disconnect, device number 5 [ 685.405583][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 685.421736][T27280] fido_id[27280]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory [ 687.743017][T27397] overlayfs: conflicting options: userxattr,metacopy=on [ 687.898462][ T10] usb 4-1: new high-speed USB device number 123 using dummy_hcd [ 688.057702][ T10] usb 4-1: Using ep0 maxpacket: 32 [ 688.068748][ T10] usb 4-1: New USB device found, idVendor=0b89, idProduct=0007, bcdDevice=ef.64 [ 688.078486][ T10] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 688.103926][ T10] usb 4-1: config 0 descriptor?? [ 688.133001][ T10] as10x_usb: device has been detected [ 688.148393][ T10] dvbdev: DVB: registering new adapter (nBox DVB-T Dongle) [ 688.187159][ T10] usb 4-1: DVB: registering adapter 1 frontend 0 (nBox DVB-T Dongle)... [ 688.218426][ T10] as10x_usb: error during firmware upload part1 [ 688.225361][ T10] Registered device nBox DVB-T Dongle [ 688.361336][T22635] usb 4-1: USB disconnect, device number 123 [ 688.404348][T22635] Unregistered device nBox DVB-T Dongle [ 688.408364][T22635] as10x_usb: device has been disconnected [ 690.134227][T27467] dvmrp1: entered allmulticast mode [ 690.157011][T27467] dvmrp1: left allmulticast mode [ 690.525538][T27488] netlink: 164 bytes leftover after parsing attributes in process `syz.1.9661'. [ 690.770698][T27505] netlink: 1 bytes leftover after parsing attributes in process `syz.1.9676'. [ 690.817094][T11672] usb 4-1: new high-speed USB device number 124 using dummy_hcd [ 690.968827][T11672] usb 4-1: Using ep0 maxpacket: 32 [ 690.985754][T11672] usb 4-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40 [ 691.006976][T11672] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 691.048289][T11672] usb 4-1: config 0 descriptor?? [ 691.261913][T11672] dvb-usb: found a 'Elgato EyeTV Sat' in warm state. [ 691.288700][T11672] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 691.329884][T11672] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat) [ 691.347236][T11672] usb 4-1: media controller created [ 691.377480][T11672] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 691.437909][ T50] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 691.620160][ T50] usb 2-1: New USB device found, idVendor=1c40, idProduct=0534, bcdDevice=6d.cc [ 691.636760][ T50] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 691.652769][ T50] usb 2-1: Product: syz [ 691.658098][ T50] usb 2-1: Manufacturer: syz [ 691.659201][T27526] sctp: Trying to GSO but underlying device doesn't support it. [ 691.662716][ T50] usb 2-1: SerialNumber: syz [ 691.666123][ T50] usb 2-1: config 0 descriptor?? [ 691.691215][ T50] i2c-tiny-usb 2-1:0.0: version 6d.cc found at bus 002 address 006 [ 691.887408][T11672] az6027: usb out operation failed. (-71) [ 691.898199][T11672] stb0899_attach: Driver disabled by Kconfig [ 691.904819][T11672] az6027: no front-end attached [ 691.904819][T11672] [ 691.942580][T11672] az6027: usb out operation failed. (-71) [ 691.954155][T11672] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat' [ 691.977947][T11672] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.3/usb4/4-1/input/input71 [ 692.000025][T11672] dvb-usb: schedule remote query interval to 400 msecs. [ 692.008527][T11672] dvb-usb: Elgato EyeTV Sat successfully initialized and connected. [ 692.022825][T11672] usb 4-1: USB disconnect, device number 124 [ 692.103380][T11672] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected. [ 692.127524][ T50] (null): failure reading functionality [ 692.145946][ T50] i2c i2c-2: connected i2c-tiny-usb device [ 692.207259][T22635] usb 6-1: new high-speed USB device number 23 using dummy_hcd [ 692.342632][T11672] usb 2-1: USB disconnect, device number 6 [ 692.377120][T22635] usb 6-1: Using ep0 maxpacket: 32 [ 692.393661][T22635] usb 6-1: New USB device found, idVendor=0b89, idProduct=0007, bcdDevice=ef.64 [ 692.403002][T22635] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 692.415088][T22635] usb 6-1: config 0 descriptor?? [ 692.434450][T22635] as10x_usb: device has been detected [ 692.456427][T22635] dvbdev: DVB: registering new adapter (nBox DVB-T Dongle) [ 692.472838][T22635] usb 6-1: DVB: registering adapter 1 frontend 0 (nBox DVB-T Dongle)... [ 692.492149][T22635] as10x_usb: error during firmware upload part1 [ 692.500114][T22635] Registered device nBox DVB-T Dongle [ 692.673399][T22635] usb 6-1: USB disconnect, device number 23 [ 692.711742][T22635] Unregistered device nBox DVB-T Dongle [ 692.715615][T22635] as10x_usb: device has been disconnected [ 693.153767][T27553] netlink: 1 bytes leftover after parsing attributes in process `syz.3.9690'. [ 693.521116][T27573] netdevsim netdevsim3: Firmware load for 'nel/address_bits0/../file0' refused, path contains '..' component [ 695.587081][T27073] usb 6-1: new high-speed USB device number 24 using dummy_hcd [ 695.748684][T27073] usb 6-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08 [ 695.783696][T27073] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 695.810393][T27073] usb 6-1: config 0 descriptor?? [ 695.832346][T27073] gspca_main: cpia1-2.14.0 probing 0813:0001 [ 696.011829][T27675] netlink: 4 bytes leftover after parsing attributes in process `syz.6.9747'. [ 696.236164][T27073] cpia1 6-1:0.0: unexpected state after lo power cmd: 00 [ 696.288074][T27681] netlink: 212368 bytes leftover after parsing attributes in process `syz.3.9750'. [ 696.638517][T27073] gspca_cpia1: usb_control_msg 02, error -71 [ 696.667416][T27073] gspca_cpia1: usb_control_msg 05, error -71 [ 696.673461][T27073] cpia1 6-1:0.0: unexpected systemstate: 00 [ 696.708561][T27073] usb 6-1: USB disconnect, device number 24 [ 697.647054][T11672] usb 6-1: new high-speed USB device number 25 using dummy_hcd [ 697.847004][T11672] usb 6-1: Using ep0 maxpacket: 16 [ 697.870569][T11672] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 697.926964][T11672] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 697.976095][T11672] usb 6-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 698.017937][T11672] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 698.026022][T11672] usb 6-1: Product: syz [ 698.067621][T11672] usb 6-1: Manufacturer: syz [ 698.086936][T11672] usb 6-1: SerialNumber: syz [ 698.113348][T11672] usb 6-1: config 0 descriptor?? [ 698.165952][T11672] em28xx 6-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 698.216595][T11672] em28xx 6-1:0.0: Audio interface 0 found (Vendor Class) [ 698.773191][T11672] em28xx 6-1:0.0: chip ID is em28174 [ 698.837743][ T77] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 698.976643][ T50] usb 6-1: USB disconnect, device number 25 [ 699.004050][ T50] em28xx 6-1:0.0: Disconnecting em28xx [ 699.056351][ T50] em28xx 6-1:0.0: Freeing device [ 699.835599][T27712] misc userio: Can't change port type on an already running userio instance [ 700.010705][ T30] audit: type=1326 audit(2000000644.614:138): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27720 comm="syz.1.9768" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f747958f749 code=0x0 [ 700.195715][T27730] netlink: 48 bytes leftover after parsing attributes in process `syz.6.9774'. [ 700.427648][ T50] hid-generic 0005:10CF:5505.00A4: item fetching failed at offset 0/1 [ 700.436531][ T50] hid-generic 0005:10CF:5505.00A4: probe with driver hid-generic failed with error -22 [ 700.965801][T27773] 9pnet_virtio: no channels available for device ./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa [ 700.982888][T27773] @0: renamed from bond_slave_1 (while UP) [ 701.085359][ T52] Bluetooth: hci1: unexpected event for opcode 0x1001 [ 701.401288][ T30] audit: type=1326 audit(2000000646.004:139): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27789 comm="syz.5.9800" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f5fc658f749 code=0x0 [ 701.488408][T27796] input: syz0 as /devices/virtual/input/input73 [ 701.816135][T27807] 9pnet_virtio: no channels available for device ./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa [ 701.823657][T27807] @0: renamed from bond_slave_1 (while UP) [ 702.001317][T27812] netlink: 'syz.3.9808': attribute type 12 has an invalid length. [ 702.009797][T27812] netlink: 120 bytes leftover after parsing attributes in process `syz.3.9808'. [ 702.317733][T27828] loop9: detected capacity change from 0 to 7 [ 702.336125][T27828] Dev loop9: unable to read RDB block 7 [ 702.345869][T27828] loop9: unable to read partition table [ 702.353755][T27828] loop9: partition table beyond EOD, truncated [ 702.362233][T27828] loop_reread_partitions: partition scan of loop9 (3 xC) failed (rc=-5) [ 702.428700][T27831] Dev loop9: unable to read RDB block 7 [ 702.434358][T27831] loop9: unable to read partition table [ 702.437276][T27835] netlink: 20 bytes leftover after parsing attributes in process `syz.3.9819'. [ 702.450580][T27831] loop9: partition table beyond EOD, truncated [ 702.483007][T27831] loop_reread_partitions: partition scan of loop9 (3 xC) failed (rc=-5) [ 702.504101][T27837] netlink: 20 bytes leftover after parsing attributes in process `syz.3.9819'. [ 702.576250][T27840] random: crng reseeded on system resumption [ 702.626496][T27840] Unrecognized hibernate image header format! [ 702.653194][T27840] PM: hibernation: Image mismatch: architecture specific data [ 702.754994][T27844] can0: slcan on ptm0. [ 702.857156][T27843] can0 (unregistered): slcan off ptm0. [ 703.287002][ T5887] usb 4-1: new high-speed USB device number 125 using dummy_hcd [ 703.349054][T27875] netlink: 20 bytes leftover after parsing attributes in process `syz.6.9833'. [ 703.431771][T27879] netlink: 20 bytes leftover after parsing attributes in process `syz.6.9833'. [ 703.455897][T27881] netlink: 4 bytes leftover after parsing attributes in process `syz.5.9835'. [ 703.476685][ T5887] usb 4-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08 [ 703.499558][T27881] netlink: 4 bytes leftover after parsing attributes in process `syz.5.9835'. [ 703.510973][ T5887] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 703.546565][ T5887] usb 4-1: config 0 descriptor?? [ 703.571905][ T5887] gspca_main: cpia1-2.14.0 probing 0813:0001 [ 703.665516][T27888] Context (ID=0x0) not attached to queue pair (handle=0x0:0x0) [ 703.692966][T27890] misc userio: Can't change port type on an already running userio instance [ 703.976073][ T5887] cpia1 4-1:0.0: unexpected state after lo power cmd: 00 [ 704.015687][T27906] input: syz0 as /devices/virtual/input/input75 [ 704.380044][ T5887] gspca_cpia1: usb_control_msg 02, error -71 [ 704.400321][ T5887] gspca_cpia1: usb_control_msg 05, error -71 [ 704.414292][ T5887] cpia1 4-1:0.0: unexpected systemstate: 00 [ 704.422886][T27925] random: crng reseeded on system resumption [ 704.434950][ T5887] usb 4-1: USB disconnect, device number 125 [ 704.459604][T27925] Unrecognized hibernate image header format! [ 704.470057][T27925] PM: hibernation: Image mismatch: architecture specific data [ 704.822493][ T30] audit: type=1326 audit(2000000649.424:140): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27902 comm="syz.1.9843" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f747958f749 code=0x7fc00000 [ 704.877994][ T30] audit: type=1326 audit(2000000649.424:141): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27902 comm="syz.1.9843" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f747958f749 code=0x7fc00000 [ 704.923085][ T30] audit: type=1326 audit(2000000649.424:142): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27902 comm="syz.1.9843" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f747958f749 code=0x7fc00000 [ 704.954492][ T30] audit: type=1326 audit(2000000649.424:143): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27902 comm="syz.1.9843" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f747958f749 code=0x7fc00000 [ 704.979371][ T30] audit: type=1326 audit(2000000649.424:144): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27902 comm="syz.1.9843" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f747958f749 code=0x7fc00000 [ 705.027315][ T30] audit: type=1326 audit(2000000649.424:145): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27902 comm="syz.1.9843" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f747958f749 code=0x7fc00000 [ 705.104455][T27943] can0: slcan on ptm0. [ 705.129864][ T30] audit: type=1326 audit(2000000649.424:146): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27902 comm="syz.1.9843" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f747958f749 code=0x7fc00000 [ 705.169371][ T30] audit: type=1326 audit(2000000649.424:147): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27902 comm="syz.1.9843" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f747958f749 code=0x7fc00000 [ 705.223711][ T30] audit: type=1326 audit(2000000649.424:148): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27902 comm="syz.1.9843" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f747958f749 code=0x7fc00000 [ 705.249548][ T30] audit: type=1326 audit(2000000649.424:149): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27902 comm="syz.1.9843" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f747958f749 code=0x7fc00000 [ 705.280860][T27942] can0 (unregistered): slcan off ptm0. [ 705.332106][ T30] audit: type=1326 audit(2000000649.424:150): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27902 comm="syz.1.9843" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f747958f749 code=0x7fc00000 [ 705.363270][ T30] audit: type=1326 audit(2000000649.424:151): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27902 comm="syz.1.9843" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f747958f749 code=0x7fc00000 [ 705.392324][ T30] audit: type=1326 audit(2000000649.424:152): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27902 comm="syz.1.9843" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f747958f749 code=0x7fc00000 [ 705.439208][ T30] audit: type=1326 audit(2000000649.424:153): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27902 comm="syz.1.9843" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f747958f749 code=0x7fc00000 [ 705.579348][ T30] audit: type=1326 audit(2000000649.424:154): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27902 comm="syz.1.9843" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f747958f749 code=0x7fc00000 [ 706.287719][ T4444] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 707.797573][ T31] INFO: task syz.4.7818:23199 blocked for more than 143 seconds. [ 707.806697][ T31] Tainted: G L syzkaller #0 [ 707.816838][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 707.828023][ T31] task:syz.4.7818 state:D stack:23840 pid:23199 tgid:23198 ppid:11768 task_flags:0x400040 flags:0x00080002 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 707.847918][ T31] Call Trace: [ 707.857835][ T31] [ 707.860822][ T31] __schedule+0x150e/0x5070 [ 707.877318][ T31] ? __pfx___schedule+0x10/0x10 [ 707.895840][ T31] ? schedule+0x91/0x360 [ 707.911343][ T31] schedule+0x165/0x360 [ 707.915563][ T31] io_schedule+0x80/0xd0 [ 707.957110][ T31] folio_wait_bit_common+0x6b0/0xb80 [ 707.977831][ T31] ? __pfx_folio_wait_bit_common+0x10/0x10 [ 707.983941][ T31] ? __pfx_wake_page_function+0x10/0x10 [ 708.010766][ T31] ? __pfx_compaction_alloc+0x10/0x10 [ 708.016207][ T31] ? migrate_pages_batch+0x108c/0x35e0 [ 708.026048][ T31] migrate_pages_batch+0x14cd/0x35e0 [ 708.038299][ T31] ? __pfx_css_rstat_updated+0x10/0x10 [ 708.043883][ T31] ? __pfx_compaction_alloc+0x10/0x10 [ 708.049722][ T31] ? __pfx_compaction_free+0x10/0x10 [ 708.055034][ T31] ? mod_memcg_lruvec_state+0x1b8/0x320 [ 708.064390][ T31] ? __pfx_migrate_pages_batch+0x10/0x10 [ 708.073989][ T31] ? css_rstat_updated+0x239/0x520 [ 708.086992][ T31] ? __pfx_css_rstat_updated+0x10/0x10 [ 708.092538][ T31] migrate_pages+0x2006/0x28e0 [ 708.107986][ T31] ? __pfx_compaction_free+0x10/0x10 [ 708.113337][ T31] ? __pfx_compaction_alloc+0x10/0x10 [ 708.121029][ T31] ? __pfx___might_resched+0x10/0x10 [ 708.126374][ T31] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 708.133288][ T31] ? __pfx_migrate_pages+0x10/0x10 [ 708.138769][ T31] ? rcu_is_watching+0x15/0xb0 [ 708.143564][ T31] ? isolate_migratepages_block+0x393f/0x4140 [ 708.150203][ T31] compact_zone+0x25ba/0x4760 [ 708.154972][ T31] ? __pfx_compact_zone+0x10/0x10 [ 708.160747][ T31] ? __debug_object_init+0x78/0x4b0 [ 708.165990][ T31] sysctl_compaction_handler+0x3a1/0x7b0 [ 708.172263][ T31] ? __pfx_sysctl_compaction_handler+0x10/0x10 [ 708.179990][ T31] ? trace_kmalloc+0x1f/0xb0 [ 708.184611][ T31] ? __kvmalloc_node_noprof+0x5f5/0x920 [ 708.191395][ T31] proc_sys_call_handler+0x4cb/0x700 [ 708.196727][ T31] ? __pfx_proc_sys_call_handler+0x10/0x10 [ 708.203140][ T31] ? __asan_memset+0x22/0x50 [ 708.208155][ T31] iter_file_splice_write+0x972/0x10b0 [ 708.213677][ T31] ? __pfx_iter_file_splice_write+0x10/0x10 [ 708.220362][ T31] ? rcu_read_lock_any_held+0xb3/0x120 [ 708.225951][ T31] ? __pfx_iter_file_splice_write+0x10/0x10 [ 708.232291][ T31] direct_splice_actor+0x101/0x160 [ 708.238397][ T31] splice_direct_to_actor+0x5a8/0xcc0 [ 708.243831][ T31] ? __pfx_direct_splice_actor+0x10/0x10 [ 708.250009][ T31] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 708.255936][ T31] do_splice_direct+0x181/0x270 [ 708.261282][ T31] ? __pfx_do_splice_direct+0x10/0x10 [ 708.266765][ T31] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 708.273121][ T31] ? rw_verify_area+0x255/0x4d0 [ 708.278451][ T31] do_sendfile+0x4da/0x7e0 [ 708.282893][ T31] ? __pfx_do_sendfile+0x10/0x10 [ 708.288534][ T31] __se_sys_sendfile64+0xd9/0x190 [ 708.293611][ T31] ? __pfx___se_sys_futex+0x10/0x10 [ 708.299900][ T31] ? __pfx___se_sys_sendfile64+0x10/0x10 [ 708.305574][ T31] ? do_syscall_64+0xbe/0xf80 [ 708.311289][ T31] do_syscall_64+0xfa/0xf80 [ 708.315839][ T31] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 708.322379][ T31] ? clear_bhb_loop+0x60/0xb0 [ 708.327419][ T31] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 708.333341][ T31] RIP: 0033:0x7f67bb38f749 [ 708.338628][ T31] RSP: 002b:00007f67bc28a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 708.347345][ T31] RAX: ffffffffffffffda RBX: 00007f67bb5e5fa0 RCX: 00007f67bb38f749 [ 708.355335][ T31] RDX: 0000200000000180 RSI: 0000000000000003 RDI: 0000000000000004 [ 708.374218][ T31] RBP: 00007f67bb413f91 R08: 0000000000000000 R09: 0000000000000000 [ 708.382593][ T31] R10: 00000000003fffff R11: 0000000000000246 R12: 0000000000000000 [ 708.397005][ T31] R13: 00007f67bb5e6038 R14: 00007f67bb5e5fa0 R15: 00007ffd6a39c898 [ 708.405048][ T31] [ 708.409919][ T31] [ 708.409919][ T31] Showing all locks held in the system: [ 708.428411][ T31] 1 lock held by khungtaskd/31: [ 708.433383][ T31] #0: ffffffff8e33f8a0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180 [ 708.466945][ T31] 2 locks held by kworker/u8:10/3437: [ 708.472416][ T31] #0: ffff88801c387148 ((wq_completion)iou_exit){+.+.}-{0:0}, at: process_one_work+0x841/0x15a0 [ 708.484010][ T31] #1: ffffc9000bf37b80 ((work_completion)(&ctx->exit_work)){+.+.}-{0:0}, at: process_one_work+0x868/0x15a0 [ 708.497747][ T31] 2 locks held by getty/5580: [ 708.502443][ T31] #0: ffff88814d6650a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 708.512670][ T31] #1: ffffc9000332b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x449/0x1460 [ 708.523544][ T31] 3 locks held by kworker/1:3/5887: [ 708.529171][ T31] #0: ffff88813fe55948 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x841/0x15a0 [ 708.545492][ T31] #1: ffffc9000424fb80 (free_ipc_work){+.+.}-{0:0}, at: process_one_work+0x868/0x15a0 [ 708.556506][ T31] #2: ffffffff8e3453f8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x3b9/0x730 [ 708.568514][ T31] 1 lock held by udevd/21460: [ 708.573209][ T31] #0: ffff8880262b3358 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_open+0xe0/0xd30 [ 708.584441][ T31] 3 locks held by kworker/1:4/22636: [ 708.590026][ T31] 1 lock held by syz.4.7818/23199: [ 708.595348][ T31] #0: ffff88806e90a420 (sb_writers#3){.+.+}-{0:0}, at: direct_splice_actor+0x49/0x160 [ 708.627104][ T31] 1 lock held by syz.6.9020/25878: [ 708.632372][ T31] [ 708.634702][ T31] ============================================= [ 708.634702][ T31] [ 708.696983][ T31] NMI backtrace for cpu 0 [ 708.697020][ T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Tainted: G L syzkaller #0 PREEMPT(full) [ 708.697048][ T31] Tainted: [L]=SOFTLOCKUP [ 708.697055][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 708.697068][ T31] Call Trace: [ 708.697077][ T31] [ 708.697085][ T31] dump_stack_lvl+0x189/0x250 [ 708.697113][ T31] ? __pfx_dump_stack_lvl+0x10/0x10 [ 708.697134][ T31] ? __pfx__printk+0x10/0x10 [ 708.697173][ T31] nmi_cpu_backtrace+0x39e/0x3d0 [ 708.697197][ T31] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 708.697222][ T31] ? __pfx__printk+0x10/0x10 [ 708.697255][ T31] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 708.697284][ T31] nmi_trigger_cpumask_backtrace+0x17a/0x300 [ 708.697310][ T31] sys_info+0x135/0x170 [ 708.697327][ T31] watchdog+0xe40/0xe90 [ 708.697357][ T31] ? watchdog+0x202/0xe90 [ 708.697390][ T31] kthread+0x711/0x8a0 [ 708.697416][ T31] ? __pfx_watchdog+0x10/0x10 [ 708.697437][ T31] ? __pfx_kthread+0x10/0x10 [ 708.697458][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 708.697481][ T31] ? lockdep_hardirqs_on+0x98/0x140 [ 708.697505][ T31] ? __pfx_kthread+0x10/0x10 [ 708.697527][ T31] ret_from_fork+0x599/0xb30 [ 708.697555][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 708.697590][ T31] ? __switch_to_asm+0x39/0x70 [ 708.697610][ T31] ? __switch_to_asm+0x33/0x70 [ 708.697629][ T31] ? __pfx_kthread+0x10/0x10 [ 708.697651][ T31] ret_from_fork_asm+0x1a/0x30 [ 708.697688][ T31] [ 708.697891][ T31] Sending NMI from CPU 0 to CPUs 1: [ 708.855694][ C1] NMI backtrace for cpu 1 [ 708.855715][ C1] CPU: 1 UID: 0 PID: 25878 Comm: syz.6.9020 Tainted: G L syzkaller #0 PREEMPT(full) [ 708.855739][ C1] Tainted: [L]=SOFTLOCKUP [ 708.855746][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 708.855757][ C1] RIP: 0010:check_preemption_disabled+0x40/0x120 [ 708.855790][ C1] Code: 08 65 8b 05 c6 41 5d 07 65 8b 0d bb 41 5d 07 f7 c1 ff ff ff 7f 74 23 65 48 8b 0d 9b 41 5d 07 48 3b 4c 24 08 0f 85 cc 00 00 00 <48> 83 c4 10 5b 41 5e 41 5f 5d e9 81 cd 02 00 cc 48 c7 04 24 00 00 [ 708.855806][ C1] RSP: 0018:ffffc9000b687458 EFLAGS: 00000246 [ 708.855822][ C1] RAX: 0000000000000001 RBX: ffffffff90584901 RCX: ecaee8962db51e00 [ 708.855835][ C1] RDX: ffffc9000b687601 RSI: ffffffff8be243c0 RDI: ffffffff8be24380 [ 708.855849][ C1] RBP: dffffc0000000000 R08: ffffc9000b687c60 R09: 0000000000000000 [ 708.855862][ C1] R10: ffffc9000b687638 R11: fffff520016d0ec9 R12: ffffc9000b687c70 [ 708.855876][ C1] R13: ffffffff81746f85 R14: ffffffff8e33f8a0 R15: ffffffff81746f85 [ 708.855889][ C1] FS: 0000000000000000(0000) GS:ffff888125ae1000(0000) knlGS:0000000000000000 [ 708.855904][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 708.855916][ C1] CR2: 0000200000000140 CR3: 000000000e138000 CR4: 00000000003526f0 [ 708.855932][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 708.855943][ C1] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 708.855955][ C1] Call Trace: [ 708.855962][ C1] [ 708.855971][ C1] ? unwind_next_frame+0xa5/0x23d0 [ 708.855989][ C1] rcu_is_watching+0x15/0xb0 [ 708.856008][ C1] ? unwind_next_frame+0xa5/0x23d0 [ 708.856024][ C1] lock_release+0x4b/0x3b0 [ 708.856049][ C1] ? deref_stack_reg+0x19f/0x230 [ 708.856067][ C1] ? unwind_next_frame+0xa5/0x23d0 [ 708.856083][ C1] unwind_next_frame+0x1ab1/0x23d0 [ 708.856103][ C1] ? unwind_next_frame+0xa5/0x23d0 [ 708.856119][ C1] ? do_group_exit+0x21c/0x2d0 [ 708.856141][ C1] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 708.856166][ C1] arch_stack_walk+0x11c/0x150 [ 708.856185][ C1] ? get_signal+0x1285/0x1340 [ 708.856210][ C1] stack_trace_save+0x9c/0xe0 [ 708.856232][ C1] ? __pfx_stack_trace_save+0x10/0x10 [ 708.856260][ C1] save_stack+0xf5/0x1f0 [ 708.856285][ C1] ? __pfx_save_stack+0x10/0x10 [ 708.856308][ C1] ? __free_frozen_pages+0xbc8/0xd30 [ 708.856332][ C1] ? vfree+0x25a/0x400 [ 708.856352][ C1] ? kcov_close+0x28/0x50 [ 708.856371][ C1] ? __fput+0x44c/0xa70 [ 708.856389][ C1] ? task_work_run+0x1d4/0x260 [ 708.856408][ C1] ? do_exit+0x6c5/0x2310 [ 708.856425][ C1] ? do_group_exit+0x21c/0x2d0 [ 708.856453][ C1] __reset_page_owner+0x71/0x1f0 [ 708.856479][ C1] __free_frozen_pages+0xbc8/0xd30 [ 708.856508][ C1] vfree+0x25a/0x400 [ 708.856546][ C1] ? __pfx_kcov_close+0x10/0x10 [ 708.856566][ C1] kcov_close+0x28/0x50 [ 708.856584][ C1] __fput+0x44c/0xa70 [ 708.856609][ C1] task_work_run+0x1d4/0x260 [ 708.856635][ C1] ? __pfx_task_work_run+0x10/0x10 [ 708.856656][ C1] ? kmem_cache_free+0x197/0x620 [ 708.856681][ C1] ? do_exit+0x6c0/0x2310 [ 708.856702][ C1] do_exit+0x6c5/0x2310 [ 708.856723][ C1] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 708.856743][ C1] ? do_raw_spin_lock+0x121/0x290 [ 708.856764][ C1] ? __pfx_do_exit+0x10/0x10 [ 708.856791][ C1] do_group_exit+0x21c/0x2d0 [ 708.856810][ C1] ? lockdep_hardirqs_on+0x98/0x140 [ 708.856834][ C1] get_signal+0x1285/0x1340 [ 708.856869][ C1] arch_do_signal_or_restart+0x9a/0x7a0 [ 708.856889][ C1] ? __pfx_hrtimer_wakeup+0x10/0x10 [ 708.856909][ C1] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 708.856936][ C1] ? exit_to_user_mode_loop+0x55/0x4f0 [ 708.856963][ C1] exit_to_user_mode_loop+0x87/0x4f0 [ 708.856987][ C1] ? rcu_is_watching+0x15/0xb0 [ 708.857008][ C1] do_syscall_64+0x2d0/0xf80 [ 708.857032][ C1] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 708.857049][ C1] ? clear_bhb_loop+0x60/0xb0 [ 708.857069][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 708.857087][ C1] RIP: f0df:0x9ade3b5fcbc7f515 [ 708.857101][ C1] Code: Unable to access opcode bytes at 0x9ade3b5fcbc7f4eb. [ 708.857111][ C1] RSP: 000b:ef1a4a14bea5489e EFLAGS: 00050f47 ORIG_RAX: 28f5d0669e63ef2d [ 708.857129][ C1] RAX: b4479265aea11ea0 RBX: c4d7cfc1cfb8fa39 RCX: d58af6dd852ac5bf [ 708.857143][ C1] RDX: 8d6f5a4031d65101 RSI: ff4dd0ac2272ad10 RDI: 826f04d17a53db6c [ 708.857156][ C1] RBP: 7a62a17fc0673791 R08: a9b7dd6a329c7eb9 R09: 3611b8ee2ae2943c [ 708.857170][ C1] R10: 2e5d0286e8a92051 R11: 42c1d6567a18f68c R12: 3e91493a4aeb0fdd [ 708.857183][ C1] R13: 21068466b382b223 R14: 0395461d403a0691 R15: f6eee41c95dd6d7b [ 708.857206][ C1] [ 709.502711][T27744] ================================================================== [ 709.510828][T27744] BUG: KASAN: use-after-free in __mutex_lock+0x801/0x1350 [ 709.517964][T27744] Read of size 8 at addr ffff88805da9c0a8 by task khidpd_10cf5505/27744 [ 709.526295][T27744] [ 709.528633][T27744] CPU: 1 UID: 0 PID: 27744 Comm: khidpd_10cf5505 Tainted: G L syzkaller #0 PREEMPT(full) [ 709.528660][T27744] Tainted: [L]=SOFTLOCKUP [ 709.528666][T27744] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 709.528677][T27744] Call Trace: [ 709.528684][T27744] [ 709.528692][T27744] dump_stack_lvl+0x189/0x250 [ 709.528711][T27744] ? __kasan_check_byte+0x12/0x40 [ 709.528730][T27744] ? __pfx_dump_stack_lvl+0x10/0x10 [ 709.528748][T27744] ? lock_release+0x4b/0x3b0 [ 709.528776][T27744] ? __virt_addr_valid+0x4a5/0x5c0 [ 709.528797][T27744] print_report+0xca/0x240 [ 709.528816][T27744] ? __mutex_lock+0x801/0x1350 [ 709.528840][T27744] kasan_report+0x118/0x150 [ 709.528861][T27744] ? __mutex_lock+0x801/0x1350 [ 709.528891][T27744] __mutex_lock+0x801/0x1350 [ 709.528920][T27744] ? __mutex_lock+0x5bb/0x1350 [ 709.528949][T27744] ? l2cap_unregister_user+0x6a/0x1b0 [ 709.528978][T27744] ? __pfx___mutex_lock+0x10/0x10 [ 709.529005][T27744] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 709.529037][T27744] l2cap_unregister_user+0x6a/0x1b0 [ 709.529067][T27744] hidp_session_thread+0x3a1/0x420 [ 709.529086][T27744] ? __pfx_hidp_session_thread+0x10/0x10 [ 709.529103][T27744] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 709.529127][T27744] ? __pfx_hidp_session_wake_function+0x10/0x10 [ 709.529149][T27744] ? __pfx_hidp_session_wake_function+0x10/0x10 [ 709.529169][T27744] ? __kthread_parkme+0x7b/0x200 [ 709.529186][T27744] ? __kthread_parkme+0x1a1/0x200 [ 709.529206][T27744] kthread+0x711/0x8a0 [ 709.529228][T27744] ? __pfx_hidp_session_thread+0x10/0x10 [ 709.529246][T27744] ? __pfx_kthread+0x10/0x10 [ 709.529267][T27744] ? _raw_spin_unlock_irq+0x23/0x50 [ 709.529290][T27744] ? lockdep_hardirqs_on+0x98/0x140 [ 709.529315][T27744] ? __pfx_kthread+0x10/0x10 [ 709.529335][T27744] ret_from_fork+0x599/0xb30 [ 709.529362][T27744] ? __pfx_ret_from_fork+0x10/0x10 [ 709.529393][T27744] ? __switch_to_asm+0x39/0x70 [ 709.529413][T27744] ? __switch_to_asm+0x33/0x70 [ 709.529434][T27744] ? __pfx_kthread+0x10/0x10 [ 709.529455][T27744] ret_from_fork_asm+0x1a/0x30 [ 709.529484][T27744] [ 709.529492][T27744] [ 709.736623][T27744] The buggy address belongs to the physical page: [ 709.743032][T27744] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5da9c [ 709.751785][T27744] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 709.758893][T27744] raw: 00fff00000000000 ffffea0001ad8a08 ffff8880b8740e40 0000000000000000 [ 709.767464][T27744] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 709.776028][T27744] page dumped because: kasan: bad access detected [ 709.782420][T27744] page_owner tracks the page as freed [ 709.787772][T27744] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x40dc0(GFP_KERNEL|__GFP_ZERO|__GFP_COMP), pid 26721, tgid 26721 (syz-executor), ts 668393200766, free_ts 709502480803 [ 709.805995][T27744] post_alloc_hook+0x234/0x290 [ 709.810755][T27744] get_page_from_freelist+0x2365/0x2440 [ 709.816289][T27744] __alloc_frozen_pages_noprof+0x181/0x370 [ 709.822078][T27744] alloc_pages_mpol+0x232/0x4a0 [ 709.826920][T27744] ___kmalloc_large_node+0x4e/0x150 [ 709.832117][T27744] __kmalloc_large_node_noprof+0x18/0x90 [ 709.837740][T27744] __kmalloc_noprof+0x4c9/0x800 [ 709.842583][T27744] hci_alloc_dev_priv+0x28/0x2060 [ 709.847946][T27744] vhci_create_device+0x120/0x650 [ 709.852955][T27744] vhci_write+0x3ce/0x4a0 [ 709.857267][T27744] vfs_write+0x5c9/0xb30 [ 709.861502][T27744] ksys_write+0x145/0x250 [ 709.865823][T27744] do_syscall_64+0xfa/0xf80 [ 709.870316][T27744] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 709.876204][T27744] page last free pid 28066 tgid 28066 stack trace: [ 709.882687][T27744] __free_frozen_pages+0xbc8/0xd30 [ 709.887796][T27744] bt_host_release+0x82/0x90 [ 709.892380][T27744] device_release+0x9e/0x1d0 [ 709.896957][T27744] kobject_put+0x228/0x570 [ 709.901365][T27744] vhci_release+0x15a/0x1a0 [ 709.905942][T27744] __fput+0x44c/0xa70 [ 709.909917][T27744] task_work_run+0x1d4/0x260 [ 709.914498][T27744] do_exit+0x6c5/0x2310 [ 709.918657][T27744] do_group_exit+0x21c/0x2d0 [ 709.923235][T27744] get_signal+0x1285/0x1340 [ 709.927732][T27744] arch_do_signal_or_restart+0x9a/0x7a0 [ 709.933271][T27744] exit_to_user_mode_loop+0x87/0x4f0 [ 709.938551][T27744] do_syscall_64+0x2d0/0xf80 [ 709.943135][T27744] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 709.949014][T27744] [ 709.951320][T27744] Memory state around the buggy address: [ 709.956934][T27744] ffff88805da9bf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 709.965082][T27744] ffff88805da9c000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 709.973129][T27744] >ffff88805da9c080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 709.981174][T27744] ^ [ 709.986533][T27744] ffff88805da9c100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 709.994577][T27744] ffff88805da9c180: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 710.002618][T27744] ================================================================== [ 710.011886][T27744] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 710.019099][T27744] CPU: 1 UID: 0 PID: 27744 Comm: khidpd_10cf5505 Tainted: G L syzkaller #0 PREEMPT(full) [ 710.030478][T27744] Tainted: [L]=SOFTLOCKUP [ 710.034801][T27744] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 710.044859][T27744] Call Trace: [ 710.048146][T27744] [ 710.051078][T27744] dump_stack_lvl+0x99/0x250 [ 710.055677][T27744] ? __asan_memcpy+0x40/0x70 [ 710.060282][T27744] ? __pfx_dump_stack_lvl+0x10/0x10 [ 710.065489][T27744] ? __pfx__printk+0x10/0x10 [ 710.070090][T27744] vpanic+0x237/0x6d0 [ 710.074085][T27744] ? __pfx_vpanic+0x10/0x10 [ 710.078585][T27744] panic+0xb9/0xc0 [ 710.082301][T27744] ? __pfx_panic+0x10/0x10 [ 710.086707][T27744] ? _raw_spin_unlock_irqrestore+0xa8/0x110 [ 710.092595][T27744] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 710.098488][T27744] ? __mutex_lock+0x801/0x1350 [ 710.103340][T27744] check_panic_on_warn+0x89/0xb0 [ 710.108275][T27744] ? __mutex_lock+0x801/0x1350 [ 710.113032][T27744] end_report+0x6f/0x140 [ 710.117264][T27744] kasan_report+0x129/0x150 [ 710.121759][T27744] ? __mutex_lock+0x801/0x1350 [ 710.126525][T27744] __mutex_lock+0x801/0x1350 [ 710.131119][T27744] ? __mutex_lock+0x5bb/0x1350 [ 710.135890][T27744] ? l2cap_unregister_user+0x6a/0x1b0 [ 710.141347][T27744] ? __pfx___mutex_lock+0x10/0x10 [ 710.146626][T27744] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 710.152519][T27744] l2cap_unregister_user+0x6a/0x1b0 [ 710.157713][T27744] hidp_session_thread+0x3a1/0x420 [ 710.162814][T27744] ? __pfx_hidp_session_thread+0x10/0x10 [ 710.168430][T27744] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 710.174321][T27744] ? __pfx_hidp_session_wake_function+0x10/0x10 [ 710.180561][T27744] ? __pfx_hidp_session_wake_function+0x10/0x10 [ 710.186797][T27744] ? __kthread_parkme+0x7b/0x200 [ 710.191743][T27744] ? __kthread_parkme+0x1a1/0x200 [ 710.196765][T27744] kthread+0x711/0x8a0 [ 710.200829][T27744] ? __pfx_hidp_session_thread+0x10/0x10 [ 710.206461][T27744] ? __pfx_kthread+0x10/0x10 [ 710.211051][T27744] ? _raw_spin_unlock_irq+0x23/0x50 [ 710.216248][T27744] ? lockdep_hardirqs_on+0x98/0x140 [ 710.221438][T27744] ? __pfx_kthread+0x10/0x10 [ 710.226025][T27744] ret_from_fork+0x599/0xb30 [ 710.230612][T27744] ? __pfx_ret_from_fork+0x10/0x10 [ 710.235722][T27744] ? __switch_to_asm+0x39/0x70 [ 710.240479][T27744] ? __switch_to_asm+0x33/0x70 [ 710.245244][T27744] ? __pfx_kthread+0x10/0x10 [ 710.249914][T27744] ret_from_fork_asm+0x1a/0x30 [ 710.254675][T27744] [ 710.257870][T27744] Kernel Offset: disabled [ 710.262208][T27744] Rebooting in 86400 seconds..