last executing test programs: 1m9.982271343s ago: executing program 1 (id=684): r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x842, 0x20) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27ffff7, 0x4012011, r0, 0x0) syslog(0x3, &(0x7f0000000240)=""/145, 0x91) 1m9.605245614s ago: executing program 1 (id=693): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000c40), r0) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r0, &(0x7f0000000d40)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000002c0)={0x34, r1, 0x1, 0x0, 0x0, {0x6, 0x0, 0x900}, [@NLBL_UNLABEL_A_IPV4ADDR={0x5, 0x4, @private}, @NLBL_UNLABEL_A_IPV4MASK={0x5, 0x5, @multicast1=0xe0000002}, @NLBL_UNLABEL_A_SECCTX={0xf, 0x7, 'unconfined\x00'}]}, 0x34}, 0x2, 0x34005}, 0x0) 1m9.348681253s ago: executing program 1 (id=698): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0), r0) sendmsg$NLBL_CIPSOV4_C_ADD(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)={0x38, r1, 0x1, 0x70bd2c, 0x0, {}, [@NLBL_CIPSOV4_A_DOI={0x8, 0x1, 0x3}, @NLBL_CIPSOV4_A_TAGLST={0x14, 0x4, 0x0, 0x1, [{0x5, 0x3, 0x80}, {0x5, 0x3, 0x2}]}, @NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x3}]}, 0xb3}}, 0x810) 1m9.166056733s ago: executing program 1 (id=701): r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r0, &(0x7f00000000c0), 0x10) sendmsg$can_bcm(r0, &(0x7f0000000180)={&(0x7f0000000040), 0x10, &(0x7f0000000080)={&(0x7f0000000100)={0x5, 0x400, 0x0, {0x77359400}, {0x77359400}, {0x0, 0x0, 0x1}, 0x1, @can={{0x0, 0x0, 0x1}, 0x0, 0x2, 0x0, 0x0, "8d416cfa6fc2313e"}}, 0x48}}, 0x0) 1m8.867902881s ago: executing program 1 (id=708): r0 = socket$can_raw(0x1d, 0x3, 0x1) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000080)={'vcan0\x00', 0x0}) sendmsg$can_raw(r0, &(0x7f0000000240)={&(0x7f0000000780)={0x1d, r1}, 0x10, &(0x7f0000000200)={0x0, 0xe}}, 0x4) 1m8.701365699s ago: executing program 1 (id=712): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0x7) ioctl$TCFLSH(r0, 0x8926, 0x4000000000000) 1m4.420899401s ago: executing program 2 (id=724): timerfd_create(0x0, 0x0) openat$ocfs2_control(0xffffffffffffff9c, &(0x7f0000000140), 0xc00, 0x0) pselect6(0x40, &(0x7f0000000480)={0x5, 0xb, 0x8000000000000001, 0x5, 0x366f, 0x6ae1, 0x3, 0x2}, &(0x7f0000000300)={0x19, 0x7fffffffffffffff, 0x8c, 0x8, 0xe1, 0x80000001, 0x4, 0x1}, 0x0, 0x0, 0x0) 1m4.420655199s ago: executing program 2 (id=725): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a80000000060a0904000000000000000002000000540004803c0001800e000100696d6d656469617465000000280002801c0002801800028008000180fffffffbf900020073797a32000000000800014000000000140001800c000100636f756e74657200040002800900010073797a30000000000900020073797a32"], 0xbc}}, 0x0) 1m0.567154492s ago: executing program 3 (id=735): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)={{0x14}, [@NFT_MSG_NEWRULE={0x50, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x24, 0x4, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @ct={{0x7}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_CT_DREG={0x8, 0x1, 0x1, 0x0, 0x1}, @NFTA_CT_KEY={0x8, 0x2, 0x1, 0x0, 0x13}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x78}}, 0x0) 57.657058316s ago: executing program 2 (id=740): r0 = syz_init_net_socket$ax25(0x3, 0x3, 0x0) bind$ax25(r0, &(0x7f0000000380)={{0x3, @default, 0x1}, [@null, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null]}, 0x48) connect$ax25(r0, &(0x7f00000001c0)={{0x3, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x8}, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @default, @null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @default]}, 0x48) 57.656733031s ago: executing program 2 (id=741): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$fou(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$FOU_CMD_ADD(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000180)={0x1c, r1, 0x209, 0x0, 0x0, {}, [@FOU_ATTR_PEER_V4={0x8, 0x8, @multicast1}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4008080}, 0x4000080) 57.656243258s ago: executing program 2 (id=742): r0 = syz_open_dev$vbi(&(0x7f0000002100), 0x1, 0x2) ioctl$VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f0000000000)={0x3, 0x5, 0x1, 0x0, 0x2}) ioctl$VIDIOC_S_FMT(r0, 0xc0d05605, &(0x7f0000000280)={0x7, @win={{0x10, 0xd1, 0x4, 0x81}, 0x0, 0x8001, 0x0, 0x7754, 0x0, 0x6}}) 57.655819996s ago: executing program 2 (id=743): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0x1) ioctl$TCSETS(r0, 0x89f2, &(0x7f00000000c0)={0x4, 0x0, 0xc5, 0x81, 0x0, "5dee000000594000"}) 53.389406943s ago: executing program 32 (id=712): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0x7) ioctl$TCFLSH(r0, 0x8926, 0x4000000000000) 51.124497811s ago: executing program 3 (id=749): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000000500000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000d80)={&(0x7f0000000d40)='mmap_lock_acquire_returned\x00', r0}, 0x10) getrandom(&(0x7f0000000040)=""/133, 0xfffffffffffffdde, 0x0) 50.929382844s ago: executing program 3 (id=750): r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000340), 0x20000, 0x0) ioctl$RTC_UIE_ON(r0, 0x7003) ioctl$RTC_SET_TIME(r0, 0x4024700a, &(0x7f0000000380)={0x0, 0x0, 0x0, 0xc, 0x0, 0xd0}) 50.875566022s ago: executing program 3 (id=751): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000240), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_CHANNELS_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000440)={0x2c, r1, 0x1, 0x70bd28, 0x25dfdbfe, {}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_to_team\x00'}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x40084}, 0x0) 47.048949287s ago: executing program 3 (id=754): r0 = syz_io_uring_setup(0x239, &(0x7f0000000340)={0x0, 0x0, 0x10100}, &(0x7f00000002c0)=0x0, &(0x7f0000000000)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd=r0, 0xfffffffffffffffd}) io_uring_enter(r0, 0x2def, 0x0, 0x0, 0x0, 0x0) 46.825875455s ago: executing program 3 (id=756): r0 = syz_open_dev$ttys(0xc, 0x2, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000340)=0x7) ioctl$KDDELIO(r0, 0x5433, 0xfffffffffffffff9) 42.913169751s ago: executing program 33 (id=743): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0x1) ioctl$TCSETS(r0, 0x89f2, &(0x7f00000000c0)={0x4, 0x0, 0xc5, 0x81, 0x0, "5dee000000594000"}) 33.61401018s ago: executing program 4 (id=773): r0 = syz_usb_connect(0x0, 0x36, &(0x7f0000000200)=ANY=[@ANYBLOB="1201000014da2108ab12a390eb1e000000010902240001b30000040904410017ff5d810009050f1f01040000000905830300b3"], 0x0) openat$fuse(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) syz_usb_ep_write$ath9k_ep2(r0, 0x83, 0x8, &(0x7f0000000080)=ANY=[]) 31.546288574s ago: executing program 34 (id=756): r0 = syz_open_dev$ttys(0xc, 0x2, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000340)=0x7) ioctl$KDDELIO(r0, 0x5433, 0xfffffffffffffff9) 31.517639124s ago: executing program 4 (id=776): r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) read$FUSE(r0, &(0x7f0000000040)={0x2020}, 0x2020) write$FUSE_NOTIFY_RESEND(r0, &(0x7f0000002080)={0x14}, 0x14) 31.17572641s ago: executing program 4 (id=777): r0 = socket$inet_tcp(0x2, 0x1, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee1, 0x11, r0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x60005f, 0x3) 30.966731072s ago: executing program 4 (id=778): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="1c0000000104010400000000398f0000000000000500010001"], 0x1c}}, 0x0) sendmsg$NFULNL_MSG_CONFIG(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000600)={0x1c, 0x1, 0x4, 0x101, 0x0, 0x0, {0xa}, [@NFULA_CFG_TIMEOUT={0x8, 0x4, 0x1, 0x0, 0x2}]}, 0x1c}, 0x1, 0x0, 0x0, 0xcc016}, 0x194) 29.399128291s ago: executing program 4 (id=779): r0 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_FILL_RING(r0, 0x11b, 0x5, &(0x7f0000000300)=0x1, 0x4) mmap$xdp(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x300000a, 0x11, r0, 0x100000000) 29.398744702s ago: executing program 4 (id=780): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x42901, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) write$tun(r0, 0x0, 0xfdef) 17.976978422s ago: executing program 0 (id=782): madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x17) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x17) 16.443768945s ago: executing program 0 (id=783): mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x8, 0x3032, 0xffffffffffffffff, 0x0) r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) sendmmsg$sock(r0, &(0x7f0000000a40)=[{{&(0x7f0000000100)=@l2tp={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x41}, 0x3}, 0x80, 0x0}}, {{0x0, 0x0, &(0x7f0000000cc0)=[{&(0x7f0000000d40)="448dc96ded460baac8ed74c26fc30a41a8273b6a428b0ef1e356732a1b05734807229baa3c68080252d0ae4860348385b9491def647fbeadc5819cf7630942149c5a535bd760456dd6eb0b02c57a6b73e186e796ce8ed63ec621acfb6580990b7e7aa0d7bb5c3771546a1a2e1f8cc9ccc887ca210e83eda60369dde79b316ede125d9f64f6373284b1beffaad49392d9a103f0d1af1bb5c2eb0b3746d760aeaf952aabaa357aecdcfd54fa4fbed577c835c5fd03c66aa069c45b5e340f3f55168b306e41a8996eff2b63713b459d61b8f53aafd2989b781302f1c6b74395da83d92c9c0b0b44a0a8e3b2b9f7aa0a637b4027c1f2a21e0446bd58c2a09cfe34d00f2598dcd1a8228f21d79356d984dd1e36fd4d184cab99acbcf06bc1e046818bfcd99fa79b83eb70ca4568b46a09202a26dbce9425bd1dc99bed379be2a45e83cfe8ab6b14de8c758e264eb820b4ac0c7a7559b84ac9a88a95f4feafc940772640f18aa6b7435b2b7b4f15dcd6e9a46c8a652228ed1d6e037ee75ce94254a32289f72bf46457b2b86fe0fe05de292e76552da81cd37cafca4419754b1f0955c0d4ccfb2f170d823f6841d1e96a1d856ad954151e1c13945521f40e246bd0c825876a7acb56e9d74304be5b9380e53669394dc8d1f7c74803341a805c5deaa6846340c4d0e74fb8cab108591ad74f60f50ba0e996d2abd0b1b1fa64e28880547f5f1796b34d43e86b25e94a529944e99f5af04ebfe36e05336884af92932ef45707b436a4f90a9c0b4318ce89760a4d4e0757b9af050a8a5e19c20ae8fce8e683ea9950be4418f6db6ae39300d49631b5ea1bed5d98747060f6085548628f31f19a44e347fe5573707709b76d72d3821f4e7b5ccd32c5353e82ee7931e14931ac8f26105f91f520c0d42c2fbd1ec5da5d6ca6e69074230578390bd8620e213dcad1a9887f7d19e985b6501c3ac58a7d3747bc63cabdee4b4961153d376a042803e57a", 0x2c2}], 0x1}}], 0x2, 0xc84) 16.278893334s ago: executing program 0 (id=784): r0 = syz_io_uring_setup(0x7b, &(0x7f0000000540)={0x0, 0x3bce, 0x10100, 0x0, 0x313}, &(0x7f00000005c0)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000600)=@IORING_OP_RECVMSG={0xa, 0x8, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)=[{0x0}, {&(0x7f0000000880)=""/143, 0xffffffffffffff57}], 0x2}, 0x0, 0x40002101}) io_uring_enter(r0, 0x46f3, 0x0, 0x0, 0x0, 0x0) 16.153205654s ago: executing program 0 (id=785): r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x3e, &(0x7f00000000c0)=0x7, 0x4) sendmmsg$inet(r0, &(0x7f0000000c40)=[{{&(0x7f0000000040)={0x2, 0x0, @multicast2}, 0x23, 0x0}}], 0x3284b164842c97f7, 0x8014) 15.499379323s ago: executing program 35 (id=780): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x42901, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) write$tun(r0, 0x0, 0xfdef) 15.305175745s ago: executing program 0 (id=787): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000000), r0) sendmsg$L2TP_CMD_TUNNEL_CREATE(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000040)={0x24, r1, 0x917, 0x70bd2b, 0x0, {}, [@L2TP_ATTR_CONN_ID={0x8, 0x9, 0xfeffffff}, @L2TP_ATTR_PEER_CONN_ID={0x8, 0xa, 0x1}]}, 0x24}}, 0x8094) 15.151730024s ago: executing program 0 (id=788): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x20100, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_GET_PIT(r1, 0xc048ae65, 0x0) 0s ago: executing program 36 (id=788): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x20100, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_GET_PIT(r1, 0xc048ae65, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.78' (ED25519) to the list of known hosts. [ 81.648878][ T5823] cgroup: Unknown subsys name 'net' [ 81.910589][ T5823] cgroup: Unknown subsys name 'cpuset' [ 81.986756][ T5823] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 83.625317][ T5823] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 86.830614][ T990] cfg80211: failed to load regulatory.db [ 87.948693][ T5846] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 87.959047][ T5851] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 87.977339][ T5856] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 87.978536][ T5858] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 87.980908][ T5858] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 87.981474][ T5858] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 87.983836][ T5856] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 87.985680][ T5856] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 87.985853][ T5856] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 87.987369][ T5856] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 87.987821][ T5856] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 87.992828][ T5856] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 87.998764][ T5859] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 88.001348][ T5856] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 88.002194][ T5856] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 88.003651][ T5860] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 88.003920][ T5860] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 88.016548][ T5861] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 88.022130][ T5861] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 88.027964][ T5861] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 88.046169][ T5861] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 88.066699][ T5856] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 88.071245][ T5850] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 88.071672][ T5850] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 88.076448][ T59] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 89.039807][ T5842] chnl_net:caif_netlink_parms(): no params data found [ 89.058192][ T5843] chnl_net:caif_netlink_parms(): no params data found [ 89.074967][ T5840] chnl_net:caif_netlink_parms(): no params data found [ 89.159548][ T5844] chnl_net:caif_netlink_parms(): no params data found [ 89.166848][ T5841] chnl_net:caif_netlink_parms(): no params data found [ 90.117713][ T5846] Bluetooth: hci2: command tx timeout [ 90.186081][ T5154] Bluetooth: hci0: command tx timeout [ 90.186173][ T5154] Bluetooth: hci1: command tx timeout [ 90.186247][ T5154] Bluetooth: hci4: command tx timeout [ 90.186506][ T5846] Bluetooth: hci3: command tx timeout [ 90.202237][ T5842] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.203722][ T5842] bridge0: port 1(bridge_slave_0) entered disabled state [ 90.204638][ T5842] bridge_slave_0: entered allmulticast mode [ 90.217663][ T5842] bridge_slave_0: entered promiscuous mode [ 90.236164][ T5843] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.236290][ T5843] bridge0: port 1(bridge_slave_0) entered disabled state [ 90.236487][ T5843] bridge_slave_0: entered allmulticast mode [ 90.239304][ T5843] bridge_slave_0: entered promiscuous mode [ 90.260472][ T5840] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.260597][ T5840] bridge0: port 1(bridge_slave_0) entered disabled state [ 90.261083][ T5840] bridge_slave_0: entered allmulticast mode [ 90.263720][ T5840] bridge_slave_0: entered promiscuous mode [ 90.471774][ T5842] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.471909][ T5842] bridge0: port 2(bridge_slave_1) entered disabled state [ 90.472116][ T5842] bridge_slave_1: entered allmulticast mode [ 90.474322][ T5842] bridge_slave_1: entered promiscuous mode [ 90.478689][ T5843] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.478823][ T5843] bridge0: port 2(bridge_slave_1) entered disabled state [ 90.479762][ T5843] bridge_slave_1: entered allmulticast mode [ 90.482617][ T5843] bridge_slave_1: entered promiscuous mode [ 90.484719][ T5840] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.484851][ T5840] bridge0: port 2(bridge_slave_1) entered disabled state [ 90.485023][ T5840] bridge_slave_1: entered allmulticast mode [ 90.487721][ T5840] bridge_slave_1: entered promiscuous mode [ 90.899850][ T5844] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.899959][ T5844] bridge0: port 1(bridge_slave_0) entered disabled state [ 90.900118][ T5844] bridge_slave_0: entered allmulticast mode [ 90.901970][ T5844] bridge_slave_0: entered promiscuous mode [ 90.904481][ T5841] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.904609][ T5841] bridge0: port 1(bridge_slave_0) entered disabled state [ 90.904787][ T5841] bridge_slave_0: entered allmulticast mode [ 90.908098][ T5841] bridge_slave_0: entered promiscuous mode [ 91.163460][ T5844] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.163576][ T5844] bridge0: port 2(bridge_slave_1) entered disabled state [ 91.163729][ T5844] bridge_slave_1: entered allmulticast mode [ 91.165224][ T5844] bridge_slave_1: entered promiscuous mode [ 91.172446][ T5841] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.172655][ T5841] bridge0: port 2(bridge_slave_1) entered disabled state [ 91.172834][ T5841] bridge_slave_1: entered allmulticast mode [ 91.175375][ T5841] bridge_slave_1: entered promiscuous mode [ 91.190742][ T5842] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 91.199962][ T5843] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 91.261811][ T5840] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 91.408958][ T5843] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 91.411052][ T5842] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 91.414151][ T5840] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 91.781244][ T5844] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 91.785751][ T5841] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 92.011694][ T5844] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 92.013887][ T5841] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 92.015543][ T5843] team0: Port device team_slave_0 added [ 92.019402][ T5842] team0: Port device team_slave_0 added [ 92.022468][ T5840] team0: Port device team_slave_0 added [ 92.179256][ T5843] team0: Port device team_slave_1 added [ 92.180984][ T5842] team0: Port device team_slave_1 added [ 92.183306][ T5840] team0: Port device team_slave_1 added [ 92.186373][ T5846] Bluetooth: hci2: command tx timeout [ 92.266125][ T5846] Bluetooth: hci3: command tx timeout [ 92.266142][ T59] Bluetooth: hci4: command tx timeout [ 92.266158][ T5846] Bluetooth: hci1: command tx timeout [ 92.266167][ T59] Bluetooth: hci0: command tx timeout [ 92.524945][ T5844] team0: Port device team_slave_0 added [ 92.851781][ T5841] team0: Port device team_slave_0 added [ 93.090285][ T5844] team0: Port device team_slave_1 added [ 93.092874][ T5841] team0: Port device team_slave_1 added [ 93.094518][ T5843] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 93.094528][ T5843] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 93.094544][ T5843] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 93.101513][ T5842] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 93.101527][ T5842] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 93.101549][ T5842] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 93.102804][ T5840] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 93.102815][ T5840] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 93.102834][ T5840] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 93.311619][ T5843] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 93.311630][ T5843] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 93.311651][ T5843] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 93.312557][ T5840] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 93.312566][ T5840] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 93.312579][ T5840] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 93.313466][ T5842] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 93.313475][ T5842] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 93.313488][ T5842] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 93.607487][ T5844] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 93.607502][ T5844] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 93.607525][ T5844] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 93.609066][ T5841] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 93.609077][ T5841] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 93.609099][ T5841] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 93.614331][ T5841] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 93.614363][ T5841] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 93.614376][ T5841] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 93.633206][ T5844] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 93.633221][ T5844] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 93.633243][ T5844] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 94.104736][ T5843] hsr_slave_0: entered promiscuous mode [ 94.105691][ T5843] hsr_slave_1: entered promiscuous mode [ 94.128567][ T5840] hsr_slave_0: entered promiscuous mode [ 94.129873][ T5840] hsr_slave_1: entered promiscuous mode [ 94.131159][ T5840] debugfs: 'hsr0' already exists in 'hsr' [ 94.131476][ T5840] Cannot create hsr debugfs directory [ 94.266225][ T5154] Bluetooth: hci2: command tx timeout [ 94.347959][ T5154] Bluetooth: hci1: command tx timeout [ 94.347992][ T5154] Bluetooth: hci3: command tx timeout [ 94.348013][ T5154] Bluetooth: hci0: command tx timeout [ 94.348030][ T5154] Bluetooth: hci4: command tx timeout [ 94.393520][ T5842] hsr_slave_0: entered promiscuous mode [ 94.394268][ T5842] hsr_slave_1: entered promiscuous mode [ 94.394873][ T5842] debugfs: 'hsr0' already exists in 'hsr' [ 94.394891][ T5842] Cannot create hsr debugfs directory [ 94.554137][ T5841] hsr_slave_0: entered promiscuous mode [ 94.554946][ T5841] hsr_slave_1: entered promiscuous mode [ 94.555480][ T5841] debugfs: 'hsr0' already exists in 'hsr' [ 94.555498][ T5841] Cannot create hsr debugfs directory [ 94.647820][ T5844] hsr_slave_0: entered promiscuous mode [ 94.649183][ T5844] hsr_slave_1: entered promiscuous mode [ 94.650143][ T5844] debugfs: 'hsr0' already exists in 'hsr' [ 94.650166][ T5844] Cannot create hsr debugfs directory [ 96.347311][ T59] Bluetooth: hci2: command tx timeout [ 96.426166][ T59] Bluetooth: hci4: command tx timeout [ 96.426196][ T59] Bluetooth: hci0: command tx timeout [ 96.426215][ T59] Bluetooth: hci3: command tx timeout [ 96.426233][ T59] Bluetooth: hci1: command tx timeout [ 96.491201][ T5843] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 96.527426][ T5843] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 96.553393][ T5843] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 96.591205][ T5843] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 96.726646][ T5840] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 96.763186][ T5840] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 96.799366][ T5840] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 96.857667][ T5840] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 96.987369][ T5842] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 97.025694][ T5842] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 97.063089][ T5842] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 97.123737][ T5842] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 97.284739][ T5841] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 97.350893][ T5841] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 97.391781][ T5841] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 97.442725][ T5841] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 97.625345][ T5844] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 97.659972][ T5844] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 97.698138][ T5843] 8021q: adding VLAN 0 to HW filter on device bond0 [ 97.718864][ T5844] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 97.771126][ T5844] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 97.896110][ T5843] 8021q: adding VLAN 0 to HW filter on device team0 [ 97.944062][ T5840] 8021q: adding VLAN 0 to HW filter on device bond0 [ 97.958951][ T1534] bridge0: port 1(bridge_slave_0) entered blocking state [ 97.959601][ T1534] bridge0: port 1(bridge_slave_0) entered forwarding state [ 98.018190][ T1350] bridge0: port 2(bridge_slave_1) entered blocking state [ 98.018362][ T1350] bridge0: port 2(bridge_slave_1) entered forwarding state [ 98.090643][ T5840] 8021q: adding VLAN 0 to HW filter on device team0 [ 98.112698][ T5842] 8021q: adding VLAN 0 to HW filter on device bond0 [ 98.148109][ T1332] bridge0: port 1(bridge_slave_0) entered blocking state [ 98.148375][ T1332] bridge0: port 1(bridge_slave_0) entered forwarding state [ 98.204599][ T57] bridge0: port 2(bridge_slave_1) entered blocking state [ 98.205317][ T57] bridge0: port 2(bridge_slave_1) entered forwarding state [ 98.261347][ T5842] 8021q: adding VLAN 0 to HW filter on device team0 [ 98.314810][ T1350] bridge0: port 1(bridge_slave_0) entered blocking state [ 98.314945][ T1350] bridge0: port 1(bridge_slave_0) entered forwarding state [ 98.344748][ T5841] 8021q: adding VLAN 0 to HW filter on device bond0 [ 98.384480][ T1350] bridge0: port 2(bridge_slave_1) entered blocking state [ 98.384620][ T1350] bridge0: port 2(bridge_slave_1) entered forwarding state [ 98.515555][ T5844] 8021q: adding VLAN 0 to HW filter on device bond0 [ 98.529497][ T5841] 8021q: adding VLAN 0 to HW filter on device team0 [ 98.647731][ T1385] bridge0: port 1(bridge_slave_0) entered blocking state [ 98.648034][ T1385] bridge0: port 1(bridge_slave_0) entered forwarding state [ 98.727159][ T1385] bridge0: port 2(bridge_slave_1) entered blocking state [ 98.727303][ T1385] bridge0: port 2(bridge_slave_1) entered forwarding state [ 98.764672][ T5844] 8021q: adding VLAN 0 to HW filter on device team0 [ 98.845638][ T67] bridge0: port 1(bridge_slave_0) entered blocking state [ 98.847040][ T67] bridge0: port 1(bridge_slave_0) entered forwarding state [ 98.918325][ T1332] bridge0: port 2(bridge_slave_1) entered blocking state [ 98.918541][ T1332] bridge0: port 2(bridge_slave_1) entered forwarding state [ 98.989070][ T5843] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 99.211064][ T5840] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 99.430695][ T5843] veth0_vlan: entered promiscuous mode [ 99.523729][ T5843] veth1_vlan: entered promiscuous mode [ 99.590677][ T5842] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 99.663134][ T5840] veth0_vlan: entered promiscuous mode [ 99.750828][ T5840] veth1_vlan: entered promiscuous mode [ 99.794116][ T5843] veth0_macvtap: entered promiscuous mode [ 99.841719][ T5843] veth1_macvtap: entered promiscuous mode [ 99.916642][ T5841] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 99.935669][ T5844] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 100.004395][ T5843] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 100.115764][ T5843] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 100.118169][ T5840] veth0_macvtap: entered promiscuous mode [ 100.166634][ T5840] veth1_macvtap: entered promiscuous mode [ 100.183242][ T1506] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.210400][ T1506] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.213295][ T1506] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.234128][ T1506] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.379133][ T5840] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 100.456958][ T5841] veth0_vlan: entered promiscuous mode [ 100.460652][ T5840] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 100.520592][ T5844] veth0_vlan: entered promiscuous mode [ 100.588277][ T57] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.612604][ T57] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.628577][ T5841] veth1_vlan: entered promiscuous mode [ 100.630246][ T57] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.665749][ T5844] veth1_vlan: entered promiscuous mode [ 100.673310][ T57] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.702576][ T5842] veth0_vlan: entered promiscuous mode [ 100.715239][ T57] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 100.715263][ T57] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 100.862353][ T5842] veth1_vlan: entered promiscuous mode [ 100.951457][ T1506] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 100.951478][ T1506] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 101.128419][ T5844] veth0_macvtap: entered promiscuous mode [ 101.146722][ T5841] veth0_macvtap: entered promiscuous mode [ 101.153213][ T5844] veth1_macvtap: entered promiscuous mode [ 101.156109][ T57] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 101.156137][ T57] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 101.215032][ T5841] veth1_macvtap: entered promiscuous mode [ 101.317436][ T1332] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 101.317456][ T1332] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 101.356577][ T5842] veth0_macvtap: entered promiscuous mode [ 101.432011][ T5844] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 101.447704][ T5842] veth1_macvtap: entered promiscuous mode [ 101.491403][ T5841] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 101.508609][ T5844] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 101.601413][ T5841] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 101.602307][ T1332] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.614762][ T1332] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.628064][ T1332] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.639353][ T1332] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.681704][ T1332] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.708384][ T5842] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 101.751295][ T1332] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.778743][ T1506] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.788098][ T1506] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.810233][ T5842] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 102.035855][ T1534] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.037386][ T5965] warning: `syz.2.8' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 102.065409][ T1534] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.132119][ T1534] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.149398][ T1534] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.467133][ T1332] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 102.467154][ T1332] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 102.557725][ T5963] mmap: syz.0.1 (5963) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 102.736156][ T57] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 102.736177][ T57] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 102.847472][ T1534] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 102.847492][ T1534] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 103.040056][ T1385] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 103.040071][ T1385] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 103.219899][ T1534] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 103.219916][ T1534] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 103.523381][ T1350] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 103.523400][ T1350] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 104.346994][ T5995] ======================================================= [ 104.346994][ T5995] WARNING: The mand mount option has been deprecated and [ 104.346994][ T5995] and is ignored by this kernel. Remove the mand [ 104.346994][ T5995] option from the mount to silence this warning. [ 104.346994][ T5995] ======================================================= [ 105.119377][ T6008] program syz.0.23 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 106.819880][ T990] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 106.956997][ T6051] Bluetooth: MGMT ver 1.23 [ 107.035953][ T990] usb 3-1: config 0 has an invalid interface number: 117 but max is 0 [ 107.035979][ T990] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 107.035996][ T990] usb 3-1: config 0 has no interface number 0 [ 107.036059][ T990] usb 3-1: config 0 interface 117 altsetting 0 endpoint 0x88 has invalid wMaxPacketSize 0 [ 107.036080][ T990] usb 3-1: config 0 interface 117 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 107.059116][ T990] usb 3-1: New USB device found, idVendor=0afa, idProduct=03e8, bcdDevice=99.d0 [ 107.059143][ T990] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 107.059160][ T990] usb 3-1: Product: syz [ 107.059172][ T990] usb 3-1: Manufacturer: syz [ 107.059185][ T990] usb 3-1: SerialNumber: syz [ 107.090269][ T990] usb 3-1: config 0 descriptor?? [ 107.374454][ T990] usbtouchscreen 3-1:0.117: probe with driver usbtouchscreen failed with error -71 [ 107.493179][ T990] usb 3-1: USB disconnect, device number 2 [ 107.876085][ T993] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 108.026753][ T49] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 108.031966][ T993] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 108.031998][ T993] usb 2-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 108.032034][ T993] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 108.032054][ T993] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 108.061731][ T6064] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 108.111005][ T993] usb 2-1: Quirk or no altset; falling back to MIDI 1.0 [ 108.180289][ T49] usb 1-1: config index 0 descriptor too short (expected 23569, got 27) [ 108.180416][ T49] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 108.182125][ T49] usb 1-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 108.182150][ T49] usb 1-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 108.182168][ T49] usb 1-1: Manufacturer: syz [ 108.261852][ T49] usb 1-1: config 0 descriptor?? [ 108.566513][ T49] rc_core: IR keymap rc-hauppauge not found [ 108.566535][ T49] Registered IR keymap rc-empty [ 108.633127][ T49] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0 [ 108.676643][ T49] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0/input6 [ 108.760881][ T993] usb 2-1: USB disconnect, device number 2 [ 108.890397][ T6085] rc rc0: two consecutive events of type space [ 109.049432][ T6090] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 109.288746][ T6024] usb 1-1: USB disconnect, device number 2 [ 111.547447][ T9] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 111.715978][ T9] usb 5-1: Using ep0 maxpacket: 32 [ 111.718418][ T9] usb 5-1: config 0 has an invalid interface number: 51 but max is 0 [ 111.718442][ T9] usb 5-1: config 0 has no interface number 0 [ 111.723091][ T9] usb 5-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 111.723117][ T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 111.723134][ T9] usb 5-1: Product: syz [ 111.723146][ T9] usb 5-1: Manufacturer: syz [ 111.723158][ T9] usb 5-1: SerialNumber: syz [ 111.749904][ T9] usb 5-1: config 0 descriptor?? [ 111.761719][ T9] quatech2 5-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 112.083768][ T9] usb 5-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 112.155242][ T9] usb 5-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 112.211835][ C0] quatech-serial ttyUSB0: qt2_process_read_urb - unsupported command 49 [ 112.289697][ T37] audit: type=1326 audit(1758069195.666:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6167 comm="syz.3.92" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f3ef75deba9 code=0x0 [ 112.489420][ C0] usb 5-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 112.531350][ T993] usb 5-1: USB disconnect, device number 2 [ 112.623021][ T993] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 112.674472][ T993] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 112.690149][ T993] quatech2 5-1:0.51: device disconnected [ 113.076023][ T9] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 113.236054][ T993] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 113.264685][ T9] usb 1-1: New USB device found, idVendor=04fc, idProduct=504a, bcdDevice=43.02 [ 113.264712][ T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 113.264730][ T9] usb 1-1: Product: syz [ 113.264742][ T9] usb 1-1: Manufacturer: syz [ 113.264754][ T9] usb 1-1: SerialNumber: syz [ 113.322666][ T9] usb 1-1: config 0 descriptor?? [ 113.348440][ T9] gspca_main: sunplus-2.14.0 probing 04fc:504a [ 113.386195][ T993] usb 3-1: Using ep0 maxpacket: 32 [ 113.388482][ T993] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 113.388511][ T993] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 113.388549][ T993] usb 3-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice= 0.00 [ 113.388567][ T993] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 113.447664][ T993] usb 3-1: config 0 descriptor?? [ 113.915303][ T993] shield 0003:0955:7214.0001: item fetching failed at offset 0/1 [ 113.927753][ T993] shield 0003:0955:7214.0001: Parse failed [ 113.927825][ T993] shield 0003:0955:7214.0001: probe with driver shield failed with error -22 [ 114.014477][ T9] gspca_sunplus: reg_r err -71 [ 114.014580][ T9] sunplus 1-1:0.0: probe with driver sunplus failed with error -71 [ 114.035244][ T9] usb 1-1: USB disconnect, device number 3 [ 114.108772][ T993] usb 3-1: USB disconnect, device number 3 [ 114.936059][ T990] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 114.976146][ T6205] syz.3.107 (6205) used greatest stack depth: 18968 bytes left [ 115.126058][ T990] usb 5-1: device descriptor read/all, error -71 [ 115.237387][ T6220] netlink: 12 bytes leftover after parsing attributes in process `syz.3.113'. [ 115.463945][ T6226] netlink: 12 bytes leftover after parsing attributes in process `syz.2.118'. [ 115.866178][ T31] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 116.022082][ T31] usb 1-1: Using ep0 maxpacket: 8 [ 116.047824][ T31] usb 1-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2e.04 [ 116.047850][ T31] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 116.047867][ T31] usb 1-1: Product: syz [ 116.047879][ T31] usb 1-1: Manufacturer: syz [ 116.047890][ T31] usb 1-1: SerialNumber: syz [ 116.092691][ T31] usb 1-1: config 0 descriptor?? [ 116.148981][ T6253] netlink: 'syz.3.130': attribute type 27 has an invalid length. [ 116.328703][ T31] usb 1-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 116.416127][ T990] usb 5-1: new full-speed USB device number 5 using dummy_hcd [ 116.589673][ T990] usb 5-1: config 0 has an invalid interface number: 1 but max is 0 [ 116.589698][ T990] usb 5-1: config 0 has no interface number 0 [ 116.589747][ T990] usb 5-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e [ 116.589768][ T990] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 116.602791][ T990] usb 5-1: config 0 descriptor?? [ 116.633706][ T990] usb 5-1: selecting invalid altsetting 1 [ 116.634735][ T990] dvb_ttusb_budget: ttusb_init_controller: error [ 116.635017][ T990] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB) [ 116.648717][ T6263] netlink: 24 bytes leftover after parsing attributes in process `syz.2.134'. [ 116.731443][ T31] dvb_usb_rtl28xxu 1-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 116.734839][ T31] usb 1-1: USB disconnect, device number 4 [ 116.977473][ T990] DVB: Unable to find symbol cx22700_attach() [ 117.057469][ T990] DVB: Unable to find symbol tda10046_attach() [ 117.057483][ T990] dvb_ttusb_budget: no frontend driver found for device [0b48:1005] [ 117.078616][ T990] usb 5-1: USB disconnect, device number 5 [ 117.115329][ T6279] capability: warning: `syz.2.140' uses deprecated v2 capabilities in a way that may be insecure [ 117.175729][ T6281] netlink: 8 bytes leftover after parsing attributes in process `syz.3.141'. [ 117.175751][ T6281] netlink: 4 bytes leftover after parsing attributes in process `syz.3.141'. [ 117.175775][ T6281] netlink: 'syz.3.141': attribute type 5 has an invalid length. [ 117.175787][ T6281] netlink: 'syz.3.141': attribute type 6 has an invalid length. [ 117.383524][ T6285] vlan3: entered allmulticast mode [ 118.040559][ T6309] sch_fq: defrate 4294967295 ignored. [ 118.261810][ T6312] veth3: entered promiscuous mode [ 118.317697][ T6024] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 118.343719][ T6327] netlink: 'syz.4.162': attribute type 5 has an invalid length. [ 118.392038][ T6329] use of bytesused == 0 is deprecated and will be removed in the future, [ 118.392054][ T6329] use the actual size instead. [ 118.493836][ T6024] usb 1-1: New USB device found, idVendor=0c45, idProduct=608f, bcdDevice=b5.55 [ 118.493866][ T6024] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 118.493882][ T6024] usb 1-1: Product: syz [ 118.493894][ T6024] usb 1-1: Manufacturer: syz [ 118.493906][ T6024] usb 1-1: SerialNumber: syz [ 118.518013][ T6024] usb 1-1: config 0 descriptor?? [ 118.553186][ T6024] gspca_main: sonixb-2.14.0 probing 0c45:608f [ 118.970502][ T6024] input: sonixb as /devices/platform/dummy_hcd.0/usb1/1-1/input/input7 [ 119.168370][ T6354] netlink: 'syz.1.174': attribute type 58 has an invalid length. [ 119.168392][ T6354] netlink: 20 bytes leftover after parsing attributes in process `syz.1.174'. [ 119.205610][ T993] usb 1-1: USB disconnect, device number 5 [ 119.260726][ T6360] netlink: 4 bytes leftover after parsing attributes in process `syz.4.177'. [ 119.448661][ T6366] Bluetooth: MGMT ver 1.23 [ 119.676136][ T9] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 119.841403][ T9] usb 3-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 119.841483][ T9] usb 3-1: config 1 has 2 interfaces, different from the descriptor's value: 66 [ 119.841545][ T9] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 119.841583][ T9] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0 [ 119.841599][ T9] usb 3-1: config 1 interface 1 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 119.844732][ T9] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 119.844757][ T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 119.844774][ T9] usb 3-1: Product: syz [ 119.844787][ T9] usb 3-1: Manufacturer: syz [ 119.844799][ T9] usb 3-1: SerialNumber: syz [ 119.957134][ T6387] netlink: 8 bytes leftover after parsing attributes in process `syz.1.189'. [ 119.957173][ T6387] netlink: 8 bytes leftover after parsing attributes in process `syz.1.189'. [ 120.504598][ T9] cdc_ncm 3-1:1.0: failed GET_NTB_PARAMETERS [ 120.513782][ T9] cdc_ncm 3-1:1.0: bind() failure [ 120.558477][ T9] usb 3-1: USB disconnect, device number 4 [ 120.588943][ T37] audit: type=1326 audit(1758069203.956:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6403 comm="syz.0.197" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7eff996beba9 code=0x7ffc0000 [ 120.595031][ T37] audit: type=1326 audit(1758069203.966:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6403 comm="syz.0.197" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7eff996beba9 code=0x7ffc0000 [ 120.599527][ T37] audit: type=1326 audit(1758069203.976:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6403 comm="syz.0.197" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7eff996beba9 code=0x7ffc0000 [ 120.599574][ T37] audit: type=1326 audit(1758069203.976:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6403 comm="syz.0.197" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7eff996beba9 code=0x7ffc0000 [ 120.604379][ T37] audit: type=1326 audit(1758069203.976:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6403 comm="syz.0.197" exe="/root/syz-executor" sig=0 arch=c000003e syscall=328 compat=0 ip=0x7eff996beba9 code=0x7ffc0000 [ 120.604426][ T37] audit: type=1326 audit(1758069203.976:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6403 comm="syz.0.197" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7eff996beba9 code=0x7ffc0000 [ 120.604463][ T37] audit: type=1326 audit(1758069203.976:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6403 comm="syz.0.197" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7eff996beba9 code=0x7ffc0000 [ 121.189128][ T6426] ALSA: mixer_oss: invalid OSS volume '' [ 121.536098][ T990] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 121.686146][ T990] usb 4-1: Using ep0 maxpacket: 16 [ 121.701929][ T990] usb 4-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 121.701956][ T990] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 121.701973][ T990] usb 4-1: Product: syz [ 121.701986][ T990] usb 4-1: Manufacturer: syz [ 121.701998][ T990] usb 4-1: SerialNumber: syz [ 121.738952][ T990] r8152-cfgselector 4-1: Unknown version 0x0000 [ 121.738976][ T990] r8152-cfgselector 4-1: config 0 descriptor?? [ 121.977081][ T990] r8152-cfgselector 4-1: Needed 1 retries to read version [ 121.977130][ T990] r8152-cfgselector 4-1: Unknown version 0x0000 [ 121.977737][ T990] r8152-cfgselector 4-1: bad CDC descriptors [ 122.194541][ T31] r8152-cfgselector 4-1: USB disconnect, device number 2 [ 122.827401][ T6486] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 123.188044][ T6502] netlink: 16 bytes leftover after parsing attributes in process `syz.0.240'. [ 123.225557][ T6503] IPVS: Unknown mcast interface: pimreg1 [ 123.322586][ T6511] netlink: 8 bytes leftover after parsing attributes in process `syz.3.245'. [ 123.322607][ T6511] netlink: 4 bytes leftover after parsing attributes in process `syz.3.245'. [ 123.322631][ T6511] netlink: 'syz.3.245': attribute type 7 has an invalid length. [ 123.635841][ T70] ip6_tunnel: ip6tnl2 xmit: Local address not yet configured! [ 123.652319][ T70] ip6_tunnel: ip6tnl2 xmit: Local address not yet configured! [ 123.656261][ T6024] ip6_tunnel: ip6tnl2 xmit: Local address not yet configured! [ 123.706100][ T9] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 123.886370][ T9] usb 4-1: Using ep0 maxpacket: 8 [ 123.891167][ T9] usb 4-1: config 179 has an invalid interface number: 65 but max is 0 [ 123.891192][ T9] usb 4-1: config 179 has no interface number 0 [ 123.891260][ T9] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 123.891284][ T9] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 123.891308][ T9] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 123.891331][ T9] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024 [ 123.891355][ T9] usb 4-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 123.891396][ T9] usb 4-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 123.891416][ T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 123.899748][ T6515] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 124.266353][ T6024] ip6_tunnel: ip6tnl2 xmit: Local address not yet configured! [ 124.356338][ T6515] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 124.356859][ T6515] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 124.507690][ T9] ip6_tunnel: ip6tnl2 xmit: Local address not yet configured! [ 124.616808][ T31] usb 4-1: USB disconnect, device number 3 [ 124.616827][ C0] xpad 4-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 124.616891][ C0] xpad 4-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 125.216055][ T6562] netlink: 104 bytes leftover after parsing attributes in process `syz.1.268'. [ 125.297492][ T6564] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 125.546490][ T6575] netlink: 16 bytes leftover after parsing attributes in process `syz.3.274'. [ 125.663911][ T6576] netlink: 'syz.4.273': attribute type 3 has an invalid length. [ 125.950615][ T6593] netlink: 11 bytes leftover after parsing attributes in process `syz.4.280'. [ 126.183736][ T6603] comedi comedi3: 8255: I/O port conflict (0x40404f26,4) [ 126.183793][ T6603] comedi comedi3: 8255: I/O port conflict (0x5,4) [ 126.183841][ T6603] comedi comedi3: 8255: I/O port conflict (0x2,4) [ 126.183961][ T6603] comedi comedi3: 8255: I/O port conflict (0xc,4) [ 126.184007][ T6603] comedi comedi3: 8255: I/O port conflict (0x9,4) [ 126.184098][ T6603] comedi comedi3: 8255: I/O port conflict (0x5c95239c,4) [ 126.184145][ T6603] comedi comedi3: 8255: I/O port conflict (0x5,4) [ 126.184192][ T6603] comedi comedi3: 8255: I/O port conflict (0x3bf,4) [ 126.184327][ T6603] comedi comedi3: 8255: I/O port conflict (0x1,4) [ 126.184373][ T6603] comedi comedi3: 8255: I/O port conflict (0x20000001,4) [ 126.184420][ T6603] comedi comedi3: 8255: I/O port conflict (0x9,4) [ 126.184507][ T6603] comedi comedi3: 8255: I/O port conflict (0x6,4) [ 126.907273][ T9] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 127.056066][ T9] usb 2-1: Using ep0 maxpacket: 8 [ 127.058924][ T9] usb 2-1: unable to get BOS descriptor or descriptor too short [ 127.060916][ T9] usb 2-1: config 128 has an invalid interface number: 153 but max is 0 [ 127.060940][ T9] usb 2-1: config 128 has an invalid descriptor of length 0, skipping remainder of the config [ 127.060957][ T9] usb 2-1: config 128 has no interface number 0 [ 127.061110][ T9] usb 2-1: config 128 interface 153 altsetting 4 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 127.061135][ T9] usb 2-1: config 128 interface 153 altsetting 4 endpoint 0x81 has invalid wMaxPacketSize 0 [ 127.061155][ T9] usb 2-1: config 128 interface 153 altsetting 4 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 127.061178][ T9] usb 2-1: config 128 interface 153 has no altsetting 0 [ 127.079043][ T9] usb 2-1: New USB device found, idVendor=06cd, idProduct=011c, bcdDevice=14.a4 [ 127.079070][ T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 127.079088][ T9] usb 2-1: Product: syz [ 127.079100][ T9] usb 2-1: Manufacturer: syz [ 127.079112][ T9] usb 2-1: SerialNumber: syz [ 127.353750][ T9] keyspan 2-1:128.153: Keyspan 1 port adapter converter detected [ 127.354055][ T9] keyspan 2-1:128.153: found no endpoint descriptor for endpoint 84 [ 127.359434][ T9] keyspan 2-1:128.153: found no endpoint descriptor for endpoint 82 [ 127.359526][ T9] keyspan 2-1:128.153: found no endpoint descriptor for endpoint 1 [ 127.359622][ T9] keyspan 2-1:128.153: found no endpoint descriptor for endpoint 2 [ 127.359711][ T9] keyspan 2-1:128.153: found no endpoint descriptor for endpoint 83 [ 127.359795][ T9] keyspan 2-1:128.153: found no endpoint descriptor for endpoint 3 [ 127.364671][ T9] usb 2-1: Keyspan 1 port adapter converter now attached to ttyUSB0 [ 127.384180][ T9] usb 2-1: USB disconnect, device number 3 [ 127.403381][ T9] keyspan_1 ttyUSB0: Keyspan 1 port adapter converter now disconnected from ttyUSB0 [ 127.405189][ T9] keyspan 2-1:128.153: device disconnected [ 127.786919][ C0] ip6_tunnel: ip6tnl2 xmit: Local address not yet configured! [ 127.996120][ T31] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 128.159979][ T31] usb 5-1: config 2 interface 0 altsetting 185 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 128.160009][ T31] usb 5-1: config 2 interface 0 altsetting 185 endpoint 0x81 has invalid wMaxPacketSize 0 [ 128.160029][ T31] usb 5-1: config 2 interface 0 has no altsetting 0 [ 128.160059][ T31] usb 5-1: New USB device found, idVendor=05ac, idProduct=027a, bcdDevice= 0.00 [ 128.160078][ T31] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 128.203972][ T6675] netlink: 4 bytes leftover after parsing attributes in process `syz.1.321'. [ 128.718761][ T31] apple 0003:05AC:027A.0002: hidraw0: USB HID v8.00 Device [HID 05ac:027a] on usb-dummy_hcd.4-1/input0 [ 128.876514][ T9] usb 5-1: USB disconnect, device number 6 [ 128.942688][ T6691] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check. [ 129.335520][ T6710] netlink: 'syz.1.337': attribute type 21 has an invalid length. [ 129.566882][ T9] IPVS: starting estimator thread 0... [ 129.656207][ T6720] IPVS: using max 7 ests per chain, 16800 per kthread [ 129.729413][ T6726] CUSE: unknown device info "KJ H+ۤ2LhnL1`Ccn80(3նi>fF" [ 129.729431][ T6726] CUSE: zero length info key specified [ 129.789746][ T6728] netlink: 'syz.2.345': attribute type 2 has an invalid length. [ 129.829417][ T6734] capability: warning: `syz.1.349' uses 32-bit capabilities (legacy support in use) [ 129.965312][ T6740] netlink: 'syz.2.353': attribute type 7 has an invalid length. [ 129.965332][ T6740] netlink: 'syz.2.353': attribute type 8 has an invalid length. [ 131.409794][ T6802] netlink: 'syz.0.383': attribute type 3 has an invalid length. [ 132.176001][ T6024] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 132.256078][ T5922] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 132.303376][ T6836] program syz.0.401 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 132.346020][ T6024] usb 4-1: too many endpoints for config 0 interface 0 altsetting 0: 196, using maximum allowed: 30 [ 132.346067][ T6024] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 132.346085][ T6024] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 196 [ 132.346120][ T6024] usb 4-1: New USB device found, idVendor=04d9, idProduct=a055, bcdDevice= 0.00 [ 132.346138][ T6024] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 132.406026][ T5922] usb 5-1: Using ep0 maxpacket: 32 [ 132.413966][ T5922] usb 5-1: config index 0 descriptor too short (expected 35577, got 27) [ 132.413990][ T5922] usb 5-1: config 1 has too many interfaces: 92, using maximum allowed: 32 [ 132.414007][ T5922] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 92 [ 132.414026][ T5922] usb 5-1: config 1 has no interface number 0 [ 132.414071][ T5922] usb 5-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 132.414094][ T5922] usb 5-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17 [ 132.414133][ T5922] usb 5-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8 [ 132.414152][ T5922] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 132.451450][ T5922] snd_usb_pod 5-1:1.1: Line 6 Pocket POD found [ 132.501314][ T6024] usb 4-1: config 0 descriptor?? [ 132.690302][ T9] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 132.713252][ T5922] snd_usb_pod 5-1:1.1: Line 6 Pocket POD now attached [ 132.853863][ T6846] netlink: 12 bytes leftover after parsing attributes in process `syz.1.405'. [ 132.870061][ T9] usb 3-1: config 0 interface 0 altsetting 4 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 132.870090][ T9] usb 3-1: config 0 interface 0 has no altsetting 0 [ 132.870169][ T9] usb 3-1: New USB device found, idVendor=0757, idProduct=0a00, bcdDevice= 0.00 [ 132.870190][ T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 132.927032][ T1320] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.927891][ T1320] ieee802154 phy1 wpan1: encryption failed: -22 [ 132.927938][ T6024] holtek_kbd 0003:04D9:A055.0003: item fetching failed at offset 5/7 [ 132.928790][ T6024] holtek_kbd 0003:04D9:A055.0003: probe with driver holtek_kbd failed with error -22 [ 132.931848][ T9] usb 3-1: config 0 descriptor?? [ 133.133871][ T6024] usb 4-1: USB disconnect, device number 4 [ 133.200506][ T5922] usb 5-1: USB disconnect, device number 7 [ 133.202980][ T5922] snd_usb_pod 5-1:1.1: Line 6 Pocket POD now disconnected [ 133.407655][ T9] nti 0003:0757:0A00.0004: hidraw0: USB HID v0.00 Device [HID 0757:0a00] on usb-dummy_hcd.2-1/input0 [ 133.526964][ T37] audit: type=1326 audit(1758069216.896:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6857 comm="syz.1.411" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0144aceba9 code=0x7ffc0000 [ 133.528607][ T37] audit: type=1326 audit(1758069216.906:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6857 comm="syz.1.411" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0144aceba9 code=0x7ffc0000 [ 133.531972][ T37] audit: type=1326 audit(1758069216.906:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6857 comm="syz.1.411" exe="/root/syz-executor" sig=0 arch=c000003e syscall=2 compat=0 ip=0x7f0144aceba9 code=0x7ffc0000 [ 133.532661][ T37] audit: type=1326 audit(1758069216.906:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6857 comm="syz.1.411" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0144aceba9 code=0x7ffc0000 [ 133.532704][ T37] audit: type=1326 audit(1758069216.906:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6857 comm="syz.1.411" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0144aceba9 code=0x7ffc0000 [ 133.533003][ T37] audit: type=1326 audit(1758069216.906:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6857 comm="syz.1.411" exe="/root/syz-executor" sig=0 arch=c000003e syscall=195 compat=0 ip=0x7f0144aceba9 code=0x7ffc0000 [ 133.533226][ T37] audit: type=1326 audit(1758069216.906:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6857 comm="syz.1.411" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0144aceba9 code=0x7ffc0000 [ 133.533344][ T37] audit: type=1326 audit(1758069216.906:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6857 comm="syz.1.411" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0144aceba9 code=0x7ffc0000 [ 133.610400][ T5922] usb 3-1: USB disconnect, device number 5 [ 133.936770][ T6869] netlink: 36 bytes leftover after parsing attributes in process `syz.1.417'. [ 134.737356][ T37] audit: type=1326 audit(1758069218.116:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6906 comm="syz.1.435" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0144aceba9 code=0x7ffc0000 [ 134.737411][ T37] audit: type=1326 audit(1758069218.116:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6906 comm="syz.1.435" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0144aceba9 code=0x7ffc0000 [ 134.865601][ T6913] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 134.890028][ T6915] futex_wake_op: syz.4.439 tries to shift op by 32; fix this program [ 135.183697][ T6928] wireguard: wg2: Could not create IPv4 socket [ 135.592915][ T6944] hugetlbfs: Bad value '%' for mount option 'size' [ 135.592915][ T6944] [ 135.776844][ T6950] block nbd4: not configured, cannot reconfigure [ 136.106093][ C0] ip6_tunnel: ip6tnl2 xmit: Local address not yet configured! [ 136.983222][ T6999] netlink: 4 bytes leftover after parsing attributes in process `syz.3.480'. [ 136.983382][ T6999] netlink: 2 bytes leftover after parsing attributes in process `syz.3.480'. [ 137.097789][ T7003] netlink: 64 bytes leftover after parsing attributes in process `syz.4.481'. [ 137.211519][ T7007] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_virt_wifi, syncid = 33554432, id = 0 [ 137.231177][ T7005] IPVS: stopping master sync thread 7007 ... [ 137.656095][ T5922] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 137.829285][ T5922] usb 4-1: New USB device found, idVendor=055f, idProduct=c230, bcdDevice=b6.ac [ 137.829313][ T5922] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 137.829330][ T5922] usb 4-1: Product: syz [ 137.829342][ T5922] usb 4-1: Manufacturer: syz [ 137.829355][ T5922] usb 4-1: SerialNumber: syz [ 137.838048][ T5922] usb 4-1: config 0 descriptor?? [ 137.879954][ T5922] gspca_main: sunplus-2.14.0 probing 055f:c230 [ 137.914145][ T7029] usb usb1: check_ctrlrecip: process 7029 (syz.0.494) requesting ep 01 but needs 81 [ 138.256179][ T7043] netlink: 36 bytes leftover after parsing attributes in process `syz.0.502'. [ 138.458940][ T5848] usb 4-1: USB disconnect, device number 5 [ 138.496257][ T7052] Driver unsupported XDP return value 0 on prog (id 49) dev N/A, expect packet loss! [ 138.647192][ T5922] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 138.798979][ T5922] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 138.799007][ T5922] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 138.799027][ T5922] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 6 [ 138.799064][ T5922] usb 3-1: New USB device found, idVendor=2133, idProduct=0018, bcdDevice= 0.00 [ 138.799084][ T5922] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 138.884275][ T5922] usb 3-1: config 0 descriptor?? [ 139.001499][ T7060] netlink: 8 bytes leftover after parsing attributes in process `syz.0.509'. [ 139.172854][ T7063] netlink: 8 bytes leftover after parsing attributes in process `syz.3.510'. [ 139.423058][ T5922] viewsonic 0003:2133:0018.0005: hidraw0: USB HID v0.00 Device [HID 2133:0018] on usb-dummy_hcd.2-1/input0 [ 139.618009][ T6024] usb 3-1: USB disconnect, device number 6 [ 139.849105][ T5848] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 140.008317][ T5848] usb 5-1: Using ep0 maxpacket: 16 [ 140.010685][ T5848] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 140.010714][ T5848] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 140.010733][ T5848] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 140.010771][ T5848] usb 5-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 140.010791][ T5848] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 140.075229][ T5848] usb 5-1: config 0 descriptor?? [ 140.513963][ T5848] microsoft 0003:045E:07DA.0006: unknown main item tag 0x0 [ 140.514002][ T5848] microsoft 0003:045E:07DA.0006: ignoring exceeding usage max [ 140.546229][ T5848] microsoft 0003:045E:07DA.0006: unknown main item tag 0x0 [ 140.546267][ T5848] microsoft 0003:045E:07DA.0006: unknown main item tag 0x0 [ 140.546293][ T5848] microsoft 0003:045E:07DA.0006: unknown main item tag 0x0 [ 140.546321][ T5848] microsoft 0003:045E:07DA.0006: unknown main item tag 0x0 [ 140.546345][ T5848] microsoft 0003:045E:07DA.0006: unknown main item tag 0x0 [ 140.546370][ T5848] microsoft 0003:045E:07DA.0006: unknown main item tag 0x0 [ 140.546396][ T5848] microsoft 0003:045E:07DA.0006: unknown main item tag 0x0 [ 140.546418][ T5848] microsoft 0003:045E:07DA.0006: unknown main item tag 0x0 [ 140.546441][ T5848] microsoft 0003:045E:07DA.0006: unknown main item tag 0x0 [ 140.546476][ T5848] microsoft 0003:045E:07DA.0006: unsupported Resolution Multiplier 0 [ 140.726760][ T5848] microsoft 0003:045E:07DA.0006: hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.4-1/input0 [ 140.726792][ T5848] microsoft 0003:045E:07DA.0006: no inputs found [ 140.726804][ T5848] microsoft 0003:045E:07DA.0006: could not initialize ff, continuing anyway [ 140.769178][ T5848] usb 5-1: USB disconnect, device number 8 [ 140.880389][ T7114] netlink: 20 bytes leftover after parsing attributes in process `syz.1.535'. [ 141.037117][ T7120] program syz.1.539 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 141.195509][ T7126] tipc: Started in network mode [ 141.195526][ T7126] tipc: Node identity , cluster identity 4711 [ 141.243943][ T7129] pim6reg: entered allmulticast mode [ 141.276092][ T7129] pim6reg: left allmulticast mode [ 141.576389][ T7138] sp0: Synchronizing with TNC [ 141.588934][ T7137] [U] ` [ 141.622759][ T7145] smb3: Bad value for 'source' [ 141.923967][ T7155] tmpfs: Bad value for 'mpol' [ 142.424354][ T7172] Zero length message leads to an empty skb [ 143.166097][ T31] usb 3-1: new full-speed USB device number 7 using dummy_hcd [ 143.320814][ T31] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 143.320839][ T31] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 143.320890][ T31] usb 3-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8 [ 143.320909][ T31] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 143.328887][ T31] usb 3-1: config 0 descriptor?? [ 143.333930][ T31] dvb-usb: found a 'Artec T1 USB2.0' in warm state. [ 143.334325][ T31] dvb-usb: bulk message failed: -22 (3/0) [ 143.378395][ T31] dvb-usb: will use the device's hardware PID filter (table count: 16). [ 143.384159][ T31] dvbdev: DVB: registering new adapter (Artec T1 USB2.0) [ 143.384213][ T31] usb 3-1: media controller created [ 143.400223][ T31] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 143.433923][ T31] dvb-usb: bulk message failed: -22 (6/0) [ 143.434046][ T31] dvb-usb: no frontend was attached by 'Artec T1 USB2.0' [ 143.467501][ T31] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.2/usb3/3-1/input/input9 [ 143.494156][ T31] dvb-usb: schedule remote query interval to 150 msecs. [ 143.494177][ T31] dvb-usb: Artec T1 USB2.0 successfully initialized and connected. [ 143.512735][ T7209] netlink: 'syz.1.581': attribute type 83 has an invalid length. [ 143.552564][ T7188] dvb-usb: bulk message failed: -22 (2/0) [ 143.556970][ T6024] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 143.575917][ T5848] usb 3-1: USB disconnect, device number 7 [ 143.696878][ T5848] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected. [ 143.719342][ T6024] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 143.719373][ T6024] usb 4-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 143.719410][ T6024] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 143.719430][ T6024] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 143.725505][ T7207] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22 [ 143.779567][ T6024] usb 4-1: Quirk or no altset; falling back to MIDI 1.0 [ 143.826519][ T7213] netlink: 16 bytes leftover after parsing attributes in process `syz.4.583'. [ 144.166125][ T5848] usb 4-1: USB disconnect, device number 6 [ 144.215993][ T6024] usb 5-1: new full-speed USB device number 9 using dummy_hcd [ 144.380428][ T6024] usb 5-1: config 0 has an invalid interface number: 1 but max is 0 [ 144.380453][ T6024] usb 5-1: config 0 has no interface number 0 [ 144.380500][ T6024] usb 5-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e [ 144.380520][ T6024] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 144.417421][ T7225] netlink: 8 bytes leftover after parsing attributes in process `syz.2.589'. [ 144.419092][ T6024] usb 5-1: config 0 descriptor?? [ 144.444357][ T6024] usb 5-1: selecting invalid altsetting 1 [ 144.444536][ T6024] dvb_ttusb_budget: ttusb_init_controller: error [ 144.444547][ T6024] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB) [ 144.569079][ T6024] DVB: Unable to find symbol cx22700_attach() [ 144.686578][ T6024] DVB: Unable to find symbol tda10046_attach() [ 144.686593][ T6024] dvb_ttusb_budget: no frontend driver found for device [0b48:1005] [ 144.693579][ T6024] usb 5-1: USB disconnect, device number 9 [ 144.838628][ T7237] netlink: 40 bytes leftover after parsing attributes in process `syz.3.594'. [ 145.730488][ T7257] netlink: 20 bytes leftover after parsing attributes in process `syz.3.603'. [ 145.779124][ T7259] netlink: 20 bytes leftover after parsing attributes in process `syz.4.604'. [ 145.996759][ T7262] netlink: 'syz.3.605': attribute type 4 has an invalid length. [ 145.996782][ T7262] netlink: 17 bytes leftover after parsing attributes in process `syz.3.605'. [ 146.434091][ T7279] netlink: 'syz.3.613': attribute type 2 has an invalid length. [ 146.565046][ T7279] k*]: entered promiscuous mode [ 147.600076][ T7315] netlink: 8 bytes leftover after parsing attributes in process `syz.4.630'. [ 147.600097][ T7315] netlink: 12 bytes leftover after parsing attributes in process `syz.4.630'. [ 148.676103][ T31] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 148.834844][ T31] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 148.834875][ T31] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 148.834912][ T31] usb 4-1: New USB device found, idVendor=1e7d, idProduct=30d4, bcdDevice= 0.00 [ 148.834933][ T31] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 148.842894][ T31] usb 4-1: config 0 descriptor?? [ 149.133109][ T7352] sp0: Synchronizing with TNC [ 149.158304][ T7351] [U] [ 149.306750][ T31] arvo 0003:1E7D:30D4.0007: unbalanced collection at end of report description [ 149.307544][ T31] arvo 0003:1E7D:30D4.0007: parse failed [ 149.307611][ T31] arvo 0003:1E7D:30D4.0007: probe with driver arvo failed with error -22 [ 149.498075][ T9] usb 4-1: USB disconnect, device number 7 [ 149.812113][ T7370] devtmpfs: Too few inodes for current use [ 151.113851][ T7424] netlink: 20 bytes leftover after parsing attributes in process `syz.1.678'. [ 151.286287][ T7428] netlink: 16 bytes leftover after parsing attributes in process `syz.0.681'. [ 151.313847][ T7430] netlink: 4 bytes leftover after parsing attributes in process `syz.1.682'. [ 152.085030][ T37] kauditd_printk_skb: 6 callbacks suppressed [ 152.085047][ T37] audit: type=1326 audit(1758069235.456:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7459 comm="syz.2.697" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f77c42eeba9 code=0x7ffc0000 [ 152.085090][ T37] audit: type=1326 audit(1758069235.456:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7459 comm="syz.2.697" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f77c42eeba9 code=0x7ffc0000 [ 152.143025][ T37] audit: type=1326 audit(1758069235.516:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7459 comm="syz.2.697" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f77c42eeba9 code=0x7ffc0000 [ 152.143070][ T37] audit: type=1326 audit(1758069235.516:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7459 comm="syz.2.697" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f77c42eeba9 code=0x7ffc0000 [ 152.143108][ T37] audit: type=1326 audit(1758069235.516:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7459 comm="syz.2.697" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f77c42eeba9 code=0x7ffc0000 [ 152.160857][ T37] audit: type=1326 audit(1758069235.536:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7459 comm="syz.2.697" exe="/root/syz-executor" sig=0 arch=c000003e syscall=73 compat=0 ip=0x7f77c42eeba9 code=0x7ffc0000 [ 152.160905][ T37] audit: type=1326 audit(1758069235.536:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7459 comm="syz.2.697" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f77c42eeba9 code=0x7ffc0000 [ 152.746095][ C0] ip6_tunnel: ip6tnl2 xmit: Local address not yet configured! [ 152.878929][ T7490] sp0: Synchronizing with TNC [ 152.976088][ T6024] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 153.017127][ C1] vkms_vblank_simulate: vblank timer overrun [ 153.046346][ C1] vkms_vblank_simulate: vblank timer overrun [ 153.105774][ C1] vkms_vblank_simulate: vblank timer overrun [ 153.135480][ C1] vkms_vblank_simulate: vblank timer overrun [ 153.148452][ T6024] usb 5-1: config 0 has an invalid interface number: 2 but max is 0 [ 153.148477][ T6024] usb 5-1: config 0 has no interface number 0 [ 153.148523][ T6024] usb 5-1: config 0 interface 2 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 153.148545][ T6024] usb 5-1: config 0 interface 2 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 153.148564][ T6024] usb 5-1: config 0 interface 2 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 153.148602][ T6024] usb 5-1: New USB device found, idVendor=28bd, idProduct=0934, bcdDevice= 0.00 [ 153.148622][ T6024] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 153.229867][ C1] vkms_vblank_simulate: vblank timer overrun [ 153.265407][ C1] vkms_vblank_simulate: vblank timer overrun [ 153.278558][ T6024] usb 5-1: config 0 descriptor?? [ 153.312248][ C1] vkms_vblank_simulate: vblank timer overrun [ 153.380264][ C1] vkms_vblank_simulate: vblank timer overrun [ 153.445729][ C1] vkms_vblank_simulate: vblank timer overrun [ 153.478316][ C1] vkms_vblank_simulate: vblank timer overrun [ 153.510732][ C1] vkms_vblank_simulate: vblank timer overrun [ 153.555364][ C1] vkms_vblank_simulate: vblank timer overrun [ 153.587615][ C1] vkms_vblank_simulate: vblank timer overrun [ 153.619829][ C1] vkms_vblank_simulate: vblank timer overrun [ 153.650872][ C1] vkms_vblank_simulate: vblank timer overrun [ 153.684034][ C1] vkms_vblank_simulate: vblank timer overrun [ 153.717589][ C1] vkms_vblank_simulate: vblank timer overrun [ 153.748859][ C1] vkms_vblank_simulate: vblank timer overrun [ 153.779031][ T6024] uclogic 0003:28BD:0934.0008: Interface probing failed: -22 [ 153.779101][ T6024] uclogic 0003:28BD:0934.0008: interface is invalid, ignoring [ 153.780259][ C1] vkms_vblank_simulate: vblank timer overrun [ 153.813783][ C1] vkms_vblank_simulate: vblank timer overrun [ 153.843994][ C1] vkms_vblank_simulate: vblank timer overrun [ 153.894425][ C1] vkms_vblank_simulate: vblank timer overrun [ 153.943015][ C1] vkms_vblank_simulate: vblank timer overrun [ 153.974837][ C1] vkms_vblank_simulate: vblank timer overrun [ 153.978655][ T6024] usb 5-1: USB disconnect, device number 10 [ 154.007326][ C1] vkms_vblank_simulate: vblank timer overrun [ 154.038952][ C1] vkms_vblank_simulate: vblank timer overrun [ 154.067512][ C1] vkms_vblank_simulate: vblank timer overrun [ 154.095306][ C1] vkms_vblank_simulate: vblank timer overrun [ 154.153392][ C1] vkms_vblank_simulate: vblank timer overrun [ 154.180716][ C1] vkms_vblank_simulate: vblank timer overrun [ 154.256288][ C1] vkms_vblank_simulate: vblank timer overrun [ 154.282073][ C1] vkms_vblank_simulate: vblank timer overrun [ 154.312741][ C1] vkms_vblank_simulate: vblank timer overrun [ 154.350924][ C1] vkms_vblank_simulate: vblank timer overrun [ 154.385934][ C1] vkms_vblank_simulate: vblank timer overrun [ 154.415978][ C1] vkms_vblank_simulate: vblank timer overrun [ 154.467180][ C1] vkms_vblank_simulate: vblank timer overrun [ 154.542903][ C1] vkms_vblank_simulate: vblank timer overrun [ 154.572816][ C1] vkms_vblank_simulate: vblank timer overrun [ 154.686196][ C1] vkms_vblank_simulate: vblank timer overrun [ 154.737135][ C1] vkms_vblank_simulate: vblank timer overrun [ 154.786751][ C1] vkms_vblank_simulate: vblank timer overrun [ 154.836713][ C1] vkms_vblank_simulate: vblank timer overrun [ 154.870796][ C1] vkms_vblank_simulate: vblank timer overrun [ 154.909250][ C1] vkms_vblank_simulate: vblank timer overrun [ 156.526693][ T7522] netlink: 12 bytes leftover after parsing attributes in process `syz.2.725'. [ 157.044071][ C1] vkms_vblank_simulate: vblank timer overrun [ 157.956113][ C1] sched: DL replenish lagged too much [ 160.389803][ T7534] loop9: detected capacity change from 0 to 7 [ 160.391531][ T7534] Buffer I/O error on dev loop9, logical block 0, async page read [ 160.391663][ T7534] Buffer I/O error on dev loop9, logical block 0, async page read [ 160.391786][ T7534] Buffer I/O error on dev loop9, logical block 0, async page read [ 160.391898][ T7534] Buffer I/O error on dev loop9, logical block 0, async page read [ 160.392026][ T7534] Buffer I/O error on dev loop9, logical block 0, async page read [ 160.392151][ T7534] Buffer I/O error on dev loop9, logical block 0, async page read [ 160.392259][ T7534] Buffer I/O error on dev loop9, logical block 0, async page read [ 160.392340][ T7534] ldm_validate_partition_table(): Disk read failed. [ 160.392389][ T7534] Buffer I/O error on dev loop9, logical block 0, async page read [ 160.392497][ T7534] Buffer I/O error on dev loop9, logical block 0, async page read [ 160.392603][ T7534] Buffer I/O error on dev loop9, logical block 0, async page read [ 160.392775][ T7534] Dev loop9: unable to read RDB block 0 [ 160.393485][ T7534] loop9: unable to read partition table [ 160.393715][ T7534] loop9: partition table beyond EOD, truncated [ 160.393746][ T7534] loop_reread_partitions: partition scan of loop9 (被xڬdGݡ [ 160.393746][ T7534] ) failed (rc=-5) [ 168.998855][ T59] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 169.003252][ T59] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 169.005211][ T59] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 169.037045][ T59] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 169.037958][ T59] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 171.076106][ T59] Bluetooth: hci5: command tx timeout [ 173.156212][ T59] Bluetooth: hci5: command tx timeout [ 174.746137][ T7593] sp0: Synchronizing with TNC [ 175.236271][ T59] Bluetooth: hci5: command tx timeout [ 177.316701][ T59] Bluetooth: hci5: command tx timeout [ 179.289976][ T5154] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 179.316116][ T5154] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 179.317329][ T5154] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 179.319383][ T5154] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 179.320817][ T5154] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 181.386381][ T5154] Bluetooth: hci6: command tx timeout [ 183.466202][ T5154] Bluetooth: hci6: command tx timeout [ 184.746225][ C0] ip6_tunnel: ip6tnl2 xmit: Local address not yet configured! [ 185.550854][ T5154] Bluetooth: hci6: command tx timeout [ 187.626068][ T5154] Bluetooth: hci6: command tx timeout [ 188.086044][ T6024] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 188.236191][ T6024] usb 5-1: Using ep0 maxpacket: 8 [ 188.241737][ T6024] usb 5-1: config 179 has an invalid interface number: 65 but max is 0 [ 188.241763][ T6024] usb 5-1: config 179 has no interface number 0 [ 188.241808][ T6024] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 188.241832][ T6024] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 188.241855][ T6024] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 188.241878][ T6024] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024 [ 188.241911][ T6024] usb 5-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 188.241949][ T6024] usb 5-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 188.241970][ T6024] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 188.360409][ T7643] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22 [ 189.124040][ C0] xpad 5-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 189.124115][ C0] xpad 5-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 189.124209][ T990] usb 5-1: USB disconnect, device number 11 [ 189.877606][ T7567] chnl_net:caif_netlink_parms(): no params data found [ 190.807336][ T59] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 190.829028][ T59] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 190.830674][ T59] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 190.834952][ T59] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 190.859291][ T59] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 192.907910][ T5154] Bluetooth: hci7: command tx timeout [ 194.361649][ T1320] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.361726][ T1320] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.986272][ T5154] Bluetooth: hci7: command tx timeout [ 195.372993][ T37] audit: type=1800 audit(1758069278.726:33): pid=7664 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.0.781" name="SYSV00000000" dev="hugetlbfs" ino=0 res=0 errno=0 [ 197.066780][ T5154] Bluetooth: hci7: command tx timeout [ 199.146358][ T5154] Bluetooth: hci7: command tx timeout [ 206.569408][ T59] Bluetooth: hci8: unexpected cc 0x0c03 length: 249 > 1 [ 206.589519][ T59] Bluetooth: hci8: unexpected cc 0x1003 length: 249 > 9 [ 206.590658][ T59] Bluetooth: hci8: unexpected cc 0x1001 length: 249 > 9 [ 206.592188][ T59] Bluetooth: hci8: unexpected cc 0x0c23 length: 249 > 4 [ 206.592968][ T59] Bluetooth: hci8: unexpected cc 0x0c38 length: 249 > 2 [ 208.667796][ T59] Bluetooth: hci8: command tx timeout [ 210.749211][ T5861] Bluetooth: hci8: command tx timeout [ 211.800280][ T5861] Bluetooth: hci1: command 0x0406 tx timeout [ 211.800417][ T5861] Bluetooth: hci2: command 0x0406 tx timeout [ 211.800443][ T5861] Bluetooth: hci4: command 0x0406 tx timeout [ 211.882477][ T59] Bluetooth: hci3: command 0x0406 tx timeout [ 212.829732][ T59] Bluetooth: hci8: command tx timeout [ 214.906077][ T59] Bluetooth: hci8: command tx timeout [ 222.133040][ T5861] Bluetooth: hci9: unexpected cc 0x0c03 length: 249 > 1 [ 222.150253][ T5861] Bluetooth: hci9: unexpected cc 0x1003 length: 249 > 9 [ 222.151915][ T5861] Bluetooth: hci9: unexpected cc 0x1001 length: 249 > 9 [ 222.153632][ T5861] Bluetooth: hci9: unexpected cc 0x0c23 length: 249 > 4 [ 222.154504][ T5861] Bluetooth: hci9: unexpected cc 0x0c38 length: 249 > 2 [ 229.266634][ T5861] Bluetooth: hci10: unexpected cc 0x0c03 length: 249 > 1 [ 229.290205][ T5861] Bluetooth: hci10: unexpected cc 0x1003 length: 249 > 9 [ 229.303668][ T5861] Bluetooth: hci10: unexpected cc 0x1001 length: 249 > 9 [ 229.304844][ T5861] Bluetooth: hci10: unexpected cc 0x0c23 length: 249 > 4 [ 229.323890][ T5861] Bluetooth: hci10: unexpected cc 0x0c38 length: 249 > 2 [ 232.375109][ T7598] chnl_net:caif_netlink_parms(): no params data found [ 235.488628][ T5154] Bluetooth: hci10: command tx timeout [ 235.488858][ T5154] Bluetooth: hci9: command tx timeout [ 237.550954][ T5851] Bluetooth: hci9: command tx timeout [ 237.550988][ T5851] Bluetooth: hci10: command tx timeout [ 239.443825][ T5851] Bluetooth: hci11: unexpected cc 0x0c03 length: 249 > 1 [ 239.467008][ T5851] Bluetooth: hci11: unexpected cc 0x1003 length: 249 > 9 [ 239.468215][ T5851] Bluetooth: hci11: unexpected cc 0x1001 length: 249 > 9 [ 239.469385][ T5851] Bluetooth: hci11: unexpected cc 0x0c23 length: 249 > 4 [ 239.470167][ T5851] Bluetooth: hci11: unexpected cc 0x0c38 length: 249 > 2 [ 239.625993][ T5154] Bluetooth: hci10: command tx timeout [ 239.627021][ T5851] Bluetooth: hci9: command tx timeout [ 241.172488][ T7661] chnl_net:caif_netlink_parms(): no params data found [ 241.279847][ T7684] chnl_net:caif_netlink_parms(): no params data found [ 241.313610][ T7687] chnl_net:caif_netlink_parms(): no params data found [ 241.706057][ T5846] Bluetooth: hci10: command tx timeout [ 241.706105][ T5851] Bluetooth: hci9: command tx timeout [ 242.105946][ T5851] Bluetooth: hci11: command tx timeout [ 244.186048][ T5851] Bluetooth: hci11: command tx timeout [ 246.266042][ T5851] Bluetooth: hci11: command tx timeout [ 248.346209][ T5851] Bluetooth: hci11: command tx timeout [ 249.915363][ T7680] chnl_net:caif_netlink_parms(): no params data found [ 250.676075][ C0] ip6_tunnel: ip6tnl2 xmit: Local address not yet configured! [ 251.719802][ T5846] Bluetooth: hci12: unexpected cc 0x0c03 length: 249 > 1 [ 251.736438][ T5846] Bluetooth: hci12: unexpected cc 0x1003 length: 249 > 9 [ 251.737572][ T5846] Bluetooth: hci12: unexpected cc 0x1001 length: 249 > 9 [ 251.738789][ T5846] Bluetooth: hci12: unexpected cc 0x0c23 length: 249 > 4 [ 251.739572][ T5846] Bluetooth: hci12: unexpected cc 0x0c38 length: 249 > 2 [ 255.813736][ T1320] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.813804][ T1320] ieee802154 phy1 wpan1: encryption failed: -22 [ 259.792806][ T5851] Bluetooth: hci12: command tx timeout [ 261.876024][ T5851] Bluetooth: hci12: command tx timeout [ 263.956312][ T5851] Bluetooth: hci12: command tx timeout [ 266.026201][ T5851] Bluetooth: hci12: command tx timeout [ 267.426954][ T5846] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 267.447284][ T5846] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 267.449106][ T5846] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 267.450433][ T5846] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 267.451311][ T5846] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 269.556338][ T5846] Bluetooth: hci5: command tx timeout [ 271.627235][ T5846] Bluetooth: hci5: command tx timeout [ 273.706263][ T5846] Bluetooth: hci5: command tx timeout [ 275.796652][ T5846] Bluetooth: hci5: command tx timeout [ 282.803753][ T5851] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 282.820482][ T5851] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 282.821669][ T5851] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 282.845149][ T5851] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 282.856298][ T5851] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 284.906171][ T5851] Bluetooth: hci6: command tx timeout [ 286.996262][ T5851] Bluetooth: hci6: command tx timeout [ 287.690770][ T7661] workqueue: Failed to create a rescuer kthread for wq "wg-crypt-wg1": -EINTR [ 289.066232][ T5851] Bluetooth: hci6: command tx timeout [ 289.774633][ T5846] Bluetooth: hci13: unexpected cc 0x0c03 length: 249 > 1 [ 289.788002][ T5846] Bluetooth: hci13: unexpected cc 0x1003 length: 249 > 9 [ 289.803557][ T5846] Bluetooth: hci13: unexpected cc 0x1001 length: 249 > 9 [ 289.804953][ T5846] Bluetooth: hci13: unexpected cc 0x0c23 length: 249 > 4 [ 289.823421][ T5846] Bluetooth: hci13: unexpected cc 0x0c38 length: 249 > 2 [ 291.156288][ T5851] Bluetooth: hci6: command tx timeout [ 291.956406][ T5851] Bluetooth: hci13: command tx timeout [ 294.026112][ T5851] Bluetooth: hci13: command tx timeout [ 296.106363][ T5851] Bluetooth: hci13: command tx timeout [ 298.196502][ T5851] Bluetooth: hci13: command tx timeout [ 299.847946][ T5846] Bluetooth: hci14: unexpected cc 0x0c03 length: 249 > 1 [ 299.854516][ T5846] Bluetooth: hci14: unexpected cc 0x1003 length: 249 > 9 [ 299.886046][ T5846] Bluetooth: hci14: unexpected cc 0x1001 length: 249 > 9 [ 299.887334][ T5846] Bluetooth: hci14: unexpected cc 0x0c23 length: 249 > 4 [ 299.891029][ T5846] Bluetooth: hci14: unexpected cc 0x0c38 length: 249 > 2 [ 305.842699][ C0] vkms_vblank_simulate: vblank timer overrun [ 306.986556][ T38] INFO: task kworker/u8:6:1332 blocked for more than 143 seconds. [ 306.986583][ T38] Not tainted syzkaller #0 [ 306.986593][ T38] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 306.986605][ T38] task:kworker/u8:6 state:D stack:19592 pid:1332 tgid:1332 ppid:2 task_flags:0x4208060 flags:0x00004000 [ 306.986652][ T38] Workqueue: events_unbound free_mem_alloc_deferred [ 306.986686][ T38] Call Trace: [ 306.986693][ T38] [ 306.986706][ T38] __schedule+0x16f3/0x4c20 [ 306.986739][ T38] ? sched_clock+0x3f/0x60 [ 306.986769][ T38] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 306.986800][ T38] ? __pfx___schedule+0x10/0x10 [ 306.986847][ T38] rt_mutex_schedule+0x77/0xf0 [ 306.986865][ T38] rt_mutex_slowlock_block+0x5ba/0x6d0 [ 306.986899][ T38] ? rt_mutex_slowlock_block+0x351/0x6d0 [ 306.986923][ T38] rt_mutex_slowlock+0x2b1/0x6e0 [ 306.986945][ T38] ? rt_mutex_slowlock+0x1c9/0x6e0 [ 306.986966][ T38] ? __pfx_rt_mutex_slowlock+0x10/0x10 [ 306.986996][ T38] ? rcu_barrier+0x4c/0x570 [ 306.987022][ T38] ? __lock_acquire+0xab9/0xd20 [ 306.987048][ T38] ? rcu_barrier+0x4c/0x570 [ 306.987063][ T38] mutex_lock_nested+0x16a/0x1d0 [ 306.987088][ T38] rcu_barrier+0x4c/0x570 [ 306.987111][ T38] ? _raw_spin_unlock_irq+0x23/0x50 [ 306.987137][ T38] free_mem_alloc_deferred+0x16/0x30 [ 306.987155][ T38] ? process_scheduled_works+0x9ef/0x17b0 [ 306.987174][ T38] process_scheduled_works+0xade/0x17b0 [ 306.987225][ T38] ? __pfx_process_scheduled_works+0x10/0x10 [ 306.987265][ T38] worker_thread+0x8a0/0xda0 [ 306.987313][ T38] kthread+0x70e/0x8a0 [ 306.987340][ T38] ? __pfx_worker_thread+0x10/0x10 [ 306.987360][ T38] ? __pfx_kthread+0x10/0x10 [ 306.987389][ T38] ? __pfx_kthread+0x10/0x10 [ 306.987412][ T38] ret_from_fork+0x439/0x7d0 [ 306.987437][ T38] ? __pfx_ret_from_fork+0x10/0x10 [ 306.987464][ T38] ? __switch_to_asm+0x39/0x70 [ 306.987480][ T38] ? __switch_to_asm+0x33/0x70 [ 306.987494][ T38] ? __pfx_kthread+0x10/0x10 [ 306.987518][ T38] ret_from_fork_asm+0x1a/0x30 [ 306.987552][ T38] [ 306.987642][ T38] INFO: task syz.1.712:7489 blocked for more than 143 seconds. [ 306.987655][ T38] Not tainted syzkaller #0 [ 306.987664][ T38] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 306.987672][ T38] task:syz.1.712 state:D stack:25128 pid:7489 tgid:7489 ppid:5841 task_flags:0x400040 flags:0x00004004 [ 306.987714][ T38] Call Trace: [ 306.987720][ T38] [ 306.987731][ T38] __schedule+0x16f3/0x4c20 [ 306.987787][ T38] ? __lock_acquire+0xab9/0xd20 [ 306.987808][ T38] ? __pfx___schedule+0x10/0x10 [ 306.987847][ T38] ? schedule+0x91/0x360 [ 306.987873][ T38] schedule+0x165/0x360 [ 306.987897][ T38] schedule_timeout+0x9a/0x270 [ 306.987919][ T38] ? __pfx_schedule_timeout+0x10/0x10 [ 306.987953][ T38] ? _raw_spin_unlock_irq+0x23/0x50 [ 306.987975][ T38] ? lockdep_hardirqs_on+0x9c/0x150 [ 306.987996][ T38] ? wait_for_completion+0x267/0x5d0 [ 306.988021][ T38] wait_for_completion+0x2bf/0x5d0 [ 306.988058][ T38] ? __pfx_wait_for_completion+0x10/0x10 [ 306.988088][ T38] ? __init_swait_queue_head+0xa9/0x150 [ 306.988112][ T38] rcu_barrier+0x463/0x570 [ 306.988141][ T38] netdev_run_todo+0x327/0xea0 [ 306.988161][ T38] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 306.988188][ T38] ? __pfx_netdev_run_todo+0x10/0x10 [ 306.988204][ T38] ? unregister_netdevice_queue+0x33c/0x380 [ 306.988225][ T38] ? __pfx_unregister_netdevice_queue+0x10/0x10 [ 306.988246][ T38] ? rtnl_net_dev_lock+0x36/0x2f0 [ 306.988268][ T38] ? rtnl_net_dev_lock+0x2de/0x2f0 [ 306.988292][ T38] unregister_netdev+0x52/0x60 [ 306.988310][ T38] sixpack_close+0x1d8/0x280 [ 306.988334][ T38] tty_ldisc_kill+0xa3/0x1a0 [ 306.988356][ T38] tty_ldisc_release+0x1a4/0x200 [ 306.988375][ T38] tty_release_struct+0x2a/0xd0 [ 306.988396][ T38] tty_release+0xcb6/0x1650 [ 306.988427][ T38] ? evm_file_release+0x10b/0x1e0 [ 306.988451][ T38] ? __pfx_tty_release+0x10/0x10 [ 306.988468][ T38] __fput+0x45b/0xa80 [ 306.988498][ T38] task_work_run+0x1d4/0x260 [ 306.988520][ T38] ? __pfx_task_work_run+0x10/0x10 [ 306.988543][ T38] ? exit_to_user_mode_loop+0x40/0x110 [ 306.988569][ T38] exit_to_user_mode_loop+0xec/0x110 [ 306.988590][ T38] do_syscall_64+0x2bd/0x3b0 [ 306.988607][ T38] ? lockdep_hardirqs_on+0x9c/0x150 [ 306.988629][ T38] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 306.988646][ T38] ? clear_bhb_loop+0x60/0xb0 [ 306.988667][ T38] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 306.988685][ T38] RIP: 0033:0x7f0144aceba9 [ 306.988706][ T38] RSP: 002b:00007fff721f1038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 306.988724][ T38] RAX: 0000000000000000 RBX: 0000000000025409 RCX: 00007f0144aceba9 [ 306.988736][ T38] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 306.988752][ T38] RBP: 00007f0144d17da0 R08: 0000000000000001 R09: 00000003721f132f [ 306.988764][ T38] R10: 0000001b30a20000 R11: 0000000000000246 R12: 00007f0144d1609c [ 306.988776][ T38] R13: 00007f0144d16090 R14: ffffffffffffffff R15: 00007fff721f1150 [ 306.988807][ T38] [ 306.988837][ T38] [ 306.988837][ T38] Showing all locks held in the system: [ 306.988846][ T38] 3 locks held by kworker/u8:0/12: [ 306.988857][ T38] #0: ffff88814d0c2938 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 306.988902][ T38] #1: ffffc90000117bc0 ((work_completion)(&(&net->ipv6.addr_chk_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 306.988946][ T38] #2: ffffffff8ecd35f8 (rtnl_mutex){+.+.}-{4:4}, at: addrconf_verify_work+0x19/0x30 [ 306.988991][ T38] 2 locks held by rcuc/1/28: [ 306.989000][ T38] #0: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 306.989043][ T38] #1: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 306.989086][ T38] 7 locks held by ktimers/1/29: [ 306.989096][ T38] 2 locks held by ksoftirqd/1/30: [ 306.989105][ T38] #0: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 306.989147][ T38] #1: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 306.989190][ T38] 4 locks held by kworker/1:0/31: [ 306.989202][ T38] 1 lock held by khungtaskd/38: [ 306.989211][ T38] #0: ffffffff8d9a8d80 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180 [ 306.989252][ T38] 4 locks held by kworker/u8:2/43: [ 306.989261][ T38] #0: ffff88814d610138 ((wq_completion)bat_events){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 306.989304][ T38] #1: ffffc90000b47bc0 ((work_completion)(&(&bat_priv->bla.work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 306.989348][ T38] #2: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 306.989390][ T38] #3: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 306.989434][ T38] 3 locks held by kworker/u8:3/57: [ 306.989444][ T38] #0: ffff888019881138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 306.989487][ T38] #1: ffffc9000123fbc0 ((linkwatch_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 306.989527][ T38] #2: ffffffff8ecd35f8 (rtnl_mutex){+.+.}-{4:4}, at: linkwatch_event+0xe/0x60 [ 306.989573][ T38] 4 locks held by kworker/1:2/993: [ 306.989583][ T38] #0: ffff888019899938 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 306.989626][ T38] #1: ffffc9000484fbc0 ((work_completion)(&(&tbl->gc_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 306.989669][ T38] #2: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 306.989711][ T38] #3: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 306.989762][ T38] 3 locks held by kworker/u8:6/1332: [ 306.989772][ T38] #0: ffff888019881138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 306.989815][ T38] #1: ffffc900052dfbc0 ((work_completion)(©->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 306.989858][ T38] #2: ffffffff8d9ae730 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570 [ 306.989898][ T38] 3 locks held by kworker/u8:8/1385: [ 306.989908][ T38] #0: ffff888019881138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 306.989950][ T38] #1: ffffc900053afbc0 ((work_completion)(&map->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 306.989993][ T38] #2: ffffffff8d9ae730 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570 [ 306.990045][ T38] 2 locks held by getty/5596: [ 306.990055][ T38] #0: ffff88823bf3a8a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 306.990101][ T38] #1: ffffc90003e8b2e0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x444/0x1410 [ 306.990150][ T38] 3 locks held by syz.1.712/7489: [ 306.990160][ T38] #0: ffff88805dc200a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_release+0xb7/0x200 [ 306.990199][ T38] #1: ffff88805dc210a0 (&tty->ldisc_sem/1){+.+.}-{0:0}, at: tty_ldisc_release+0xdb/0x200 [ 306.990243][ T38] #2: ffffffff8d9ae730 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570 [ 306.990283][ T38] 3 locks held by syz.2.743/7556: [ 306.990293][ T38] #0: ffff88805fea20a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_release+0x5c/0x200 [ 306.990331][ T38] #1: ffff88805fea40a0 (&tty->ldisc_sem/1){+.+.}-{0:0}, at: tty_ldisc_release+0x80/0x200 [ 306.990374][ T38] #2: ffffffff8d9ae730 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570 [ 306.990414][ T38] 2 locks held by kworker/1:9/7558: [ 306.990425][ T38] 4 locks held by kworker/1:10/7559: [ 306.990434][ T38] #0: ffff88805b8c0d38 ((wq_completion)wg-crypt-wg2#4){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 306.990481][ T38] #1: ffffc9001bf77bc0 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __ptr = (unsigned long) ((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker)))); (typeof((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker))))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 306.990536][ T38] #2: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 306.990578][ T38] #3: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 306.990620][ T38] 1 lock held by syz-executor/7567: [ 306.990630][ T38] #0: ffffffff8ecd35f8 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x41/0x1c0 [ 306.990675][ T38] 4 locks held by kworker/1:11/7571: [ 306.990685][ T38] #0: ffff888036c17138 ((wq_completion)wg-crypt-wg0#3){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 306.990732][ T38] #1: ffffc9001bf37bc0 ((work_completion)(&peer->transmit_packet_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 306.990781][ T38] #2: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 306.990823][ T38] #3: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 306.990866][ T38] 4 locks held by kworker/1:12/7572: [ 306.990876][ T38] #0: ffff888019899938 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 306.990919][ T38] #1: ffffc9001e79fbc0 ((work_completion)(&(&tbl->managed_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 306.990962][ T38] #2: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 306.991005][ T38] #3: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 306.991048][ T38] 3 locks held by syz.3.756/7592: [ 306.991057][ T38] #0: ffff88805e0020a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_release+0x5c/0x200 [ 306.991096][ T38] #1: ffff88805e0030a0 (&tty->ldisc_sem/1){+.+.}-{0:0}, at: tty_ldisc_release+0x80/0x200 [ 306.991140][ T38] #2: ffffffff8d9ae730 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570 [ 306.991181][ T38] 1 lock held by syz-executor/7598: [ 306.991190][ T38] #0: ffffffff8ecd35f8 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x41/0x1c0 [ 306.991235][ T38] 1 lock held by syz.4.780/7659: [ 306.991245][ T38] #0: ffffffff8d9ae730 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570 [ 306.991285][ T38] 4 locks held by syz-executor/7661: [ 306.991295][ T38] #0: ffff88805f588e80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_unregister_dev+0x212/0x510 [ 306.991338][ T38] #1: ffff88805f5880a8 (&hdev->lock){+.+.}-{4:4}, at: hci_dev_close_sync+0x66a/0x1330 [ 306.991383][ T38] #2: ffffffff8ee3b0d8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_hash_flush+0xa1/0x230 [ 306.991423][ T38] #3: ffff88803d1bbb58 (&conn->lock#2){+.+.}-{4:4}, at: l2cap_conn_del+0x70/0x680 [ 306.991473][ T38] 1 lock held by syz.0.788/7678: [ 306.991482][ T38] #0: ffffffff8d9ae730 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570 [ 306.991522][ T38] 2 locks held by syz-executor/7680: [ 306.991532][ T38] #0: ffff888031380e80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_unregister_dev+0x212/0x510 [ 306.991573][ T38] #1: ffff8880313800a8 (&hdev->lock){+.+.}-{4:4}, at: hci_dev_close_sync+0x66a/0x1330 [ 306.991617][ T38] 2 locks held by syz-executor/7684: [ 306.991627][ T38] #0: ffffffff8f1d79e8 (&ops->srcu#2){.+.+}-{0:0}, at: rtnl_link_ops_get+0x23/0x250 [ 306.991675][ T38] #1: ffffffff8ecd35f8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x8db/0x1c70 [ 306.991718][ T38] 2 locks held by syz-executor/7687: [ 306.991728][ T38] #0: ffffffff8f1d79e8 (&ops->srcu#2){.+.+}-{0:0}, at: rtnl_link_ops_get+0x23/0x250 [ 306.991782][ T38] #1: ffffffff8ecd35f8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x8db/0x1c70 [ 306.991825][ T38] 1 lock held by syz-executor/7693: [ 306.991835][ T38] #0: ffffffff8ecd35f8 (rtnl_mutex){+.+.}-{4:4}, at: rtnetlink_rcv_msg+0x71c/0xb70 [ 306.991879][ T38] 1 lock held by syz-executor/7717: [ 306.991889][ T38] #0: ffffffff8ecd35f8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x8db/0x1c70 [ 306.991932][ T38] 1 lock held by syz-executor/7720: [ 306.991942][ T38] #0: ffffffff8ecd35f8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 306.991983][ T38] 1 lock held by syz-executor/7723: [ 306.991993][ T38] #0: ffffffff8ecd35f8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 306.992033][ T38] 1 lock held by syz-executor/7727: [ 306.992043][ T38] #0: ffffffff8ecd35f8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 306.992084][ T38] 1 lock held by syz-executor/7730: [ 306.992093][ T38] #0: ffffffff8ecd35f8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 306.992133][ T38] [ 306.992138][ T38] ============================================= [ 306.992138][ T38] [ 306.992156][ T38] NMI backtrace for cpu 0 [ 306.992179][ T38] CPU: 0 UID: 0 PID: 38 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 306.992199][ T38] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 306.992208][ T38] Call Trace: [ 306.992215][ T38] [ 306.992222][ T38] dump_stack_lvl+0x189/0x250 [ 306.992249][ T38] ? __pfx_dump_stack_lvl+0x10/0x10 [ 306.992271][ T38] ? __pfx__printk+0x10/0x10 [ 306.992300][ T38] nmi_cpu_backtrace+0x39e/0x3d0 [ 306.992324][ T38] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 306.992347][ T38] ? __pfx__printk+0x10/0x10 [ 306.992369][ T38] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 306.992391][ T38] nmi_trigger_cpumask_backtrace+0x17a/0x300 [ 306.992413][ T38] watchdog+0xf93/0xfe0 [ 306.992439][ T38] ? watchdog+0x1de/0xfe0 [ 306.992464][ T38] kthread+0x70e/0x8a0 [ 306.992502][ T38] ? __pfx_watchdog+0x10/0x10 [ 306.992521][ T38] ? __pfx_kthread+0x10/0x10 [ 306.992548][ T38] ? __pfx_kthread+0x10/0x10 [ 306.992571][ T38] ret_from_fork+0x439/0x7d0 [ 306.992594][ T38] ? __pfx_ret_from_fork+0x10/0x10 [ 306.992620][ T38] ? __switch_to_asm+0x39/0x70 [ 306.992635][ T38] ? __switch_to_asm+0x33/0x70 [ 306.992649][ T38] ? __pfx_kthread+0x10/0x10 [ 306.992672][ T38] ret_from_fork_asm+0x1a/0x30 [ 306.992703][ T38] [ 306.992710][ T38] Sending NMI from CPU 0 to CPUs 1: [ 306.992741][ C1] NMI backtrace for cpu 1 [ 306.992755][ C1] CPU: 1 UID: 0 PID: 29 Comm: ktimers/1 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 306.992774][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 306.992783][ C1] RIP: 0010:kasan_check_range+0x79/0x2c0 [ 306.992808][ C1] Code: 00 49 89 ff 49 c1 ef 03 49 ba 00 00 00 00 00 fc ff df 4f 8d 1c 17 49 ff c8 4d 89 c1 49 c1 e9 03 48 bb 01 00 00 00 00 fc ff df <4d> 8d 34 19 4d 89 f4 4d 29 dc 49 83 fc 10 7f 29 4d 85 e4 0f 84 41 [ 306.992821][ C1] RSP: 0018:ffffc90000a3eb50 EFLAGS: 00000807 [ 306.992835][ C1] RAX: 0000000000000001 RBX: dffffc0000000001 RCX: ffffffff81c61558 [ 306.992848][ C1] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff8f1d6030 [ 306.992858][ C1] RBP: ffffc90000a3ec30 R08: ffffffff8f1d6037 R09: 1ffffffff1e3ac06 [ 306.992871][ C1] R10: dffffc0000000000 R11: fffffbfff1e3ac06 R12: dffffc0000000000 [ 306.992883][ C1] R13: ffff8880b8945680 R14: 0000000000000a06 R15: 1ffffffff1e3ac06 [ 306.992895][ C1] FS: 0000000000000000(0000) GS:ffff8881269bc000(0000) knlGS:0000000000000000 [ 306.992908][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 306.992919][ C1] CR2: 000020000003c030 CR3: 000000000d7a6000 CR4: 00000000003526f0 [ 306.992932][ C1] Call Trace: [ 306.992938][ C1] [ 306.992947][ C1] trace_irq_disable+0x28/0x110 [ 306.992967][ C1] _raw_spin_lock_irqsave+0x82/0xf0 [ 306.992990][ C1] ? __pfx__raw_spin_lock_irqsave+0x10/0x10 [ 306.993014][ C1] ? __lock_acquire+0xab9/0xd20 [ 306.993035][ C1] rt_mutex_slowunlock+0xb0/0x8a0 [ 306.993055][ C1] ? reacquire_held_locks+0x127/0x1d0 [ 306.993077][ C1] ? rt_spin_lock+0x1bb/0x2c0 [ 306.993095][ C1] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 306.993116][ C1] ? rt_spin_unlock+0x65/0x80 [ 306.993138][ C1] ___slab_alloc+0x4d2/0xdc0 [ 306.993152][ C1] ? __netif_receive_skb+0x143/0x380 [ 306.993169][ C1] ? process_backlog+0x31e/0x900 [ 306.993189][ C1] ? run_ktimerd+0xcf/0x190 [ 306.993208][ C1] ? smpboot_thread_fn+0x53f/0xa60 [ 306.993226][ C1] ? __alloc_skb+0x112/0x2d0 [ 306.993250][ C1] ? __alloc_skb+0x112/0x2d0 [ 306.993269][ C1] kmem_cache_alloc_node_noprof+0xf2/0x330 [ 306.993294][ C1] __alloc_skb+0x112/0x2d0 [ 306.993316][ C1] synproxy_send_client_synack+0x16c/0xe20 [ 306.993346][ C1] ? __pfx_synproxy_send_client_synack+0x10/0x10 [ 306.993367][ C1] ? nft_tunnel_get_reduce+0x330/0x640 [ 306.993388][ C1] ? synproxy_pernet+0x45/0x270 [ 306.993407][ C1] nft_synproxy_eval_v4+0x36e/0x560 [ 306.993427][ C1] ? __pfx_nft_synproxy_eval_v4+0x10/0x10 [ 306.993445][ C1] ? nf_ip_checksum+0x13c/0x510 [ 306.993464][ C1] nft_synproxy_do_eval+0x345/0x570 [ 306.993483][ C1] ? __pfx_nft_synproxy_do_eval+0x10/0x10 [ 306.993507][ C1] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 306.993533][ C1] nft_do_chain+0x409/0x1920 [ 306.993556][ C1] ? __pfx_nft_do_chain+0x10/0x10 [ 306.993576][ C1] ? __lock_acquire+0xab9/0xd20 [ 306.993609][ C1] nft_do_chain_inet+0x25d/0x340 [ 306.993625][ C1] ? __pfx_nft_do_chain_inet+0x10/0x10 [ 306.993640][ C1] ? __lock_acquire+0xab9/0xd20 [ 306.993665][ C1] ? NF_HOOK+0x9a/0x3a0 [ 306.993685][ C1] ? __pfx_nft_do_chain_inet+0x10/0x10 [ 306.993702][ C1] nf_hook_slow+0xc5/0x220 [ 306.993725][ C1] NF_HOOK+0x206/0x3a0 [ 306.993745][ C1] ? __pfx_ip_local_deliver_finish+0x10/0x10 [ 306.993767][ C1] ? NF_HOOK+0x9a/0x3a0 [ 306.993786][ C1] ? __pfx_NF_HOOK+0x10/0x10 [ 306.993805][ C1] ? ip_rcv_finish_core+0xda3/0x1c00 [ 306.993827][ C1] ? __pfx_ip_local_deliver_finish+0x10/0x10 [ 306.993849][ C1] ? skb_dst+0x4f/0xd0 [ 306.993869][ C1] ? ip_local_deliver+0x12a/0x1b0 [ 306.993891][ C1] NF_HOOK+0x309/0x3a0 [ 306.993912][ C1] ? __pfx_ip_rcv_finish+0x10/0x10 [ 306.993932][ C1] ? NF_HOOK+0x9a/0x3a0 [ 306.993950][ C1] ? __pfx_NF_HOOK+0x10/0x10 [ 306.993971][ C1] ? __pfx_ip_rcv_finish+0x10/0x10 [ 306.993997][ C1] ? __pfx_ip_rcv+0x10/0x10 [ 306.994016][ C1] __netif_receive_skb+0x143/0x380 [ 306.994034][ C1] ? rt_spin_unlock+0x65/0x80 [ 306.994054][ C1] ? process_backlog+0x27b/0x900 [ 306.994073][ C1] process_backlog+0x31e/0x900 [ 306.994099][ C1] __napi_poll+0xb3/0x540 [ 306.994119][ C1] net_rx_action+0x707/0xe00 [ 306.994138][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 306.994169][ C1] ? __pfx_net_rx_action+0x10/0x10 [ 306.994206][ C1] handle_softirqs+0x22f/0x710 [ 306.994230][ C1] ? __pfx_handle_softirqs+0x10/0x10 [ 306.994254][ C1] run_ktimerd+0xcf/0x190 [ 306.994274][ C1] ? __pfx_run_ktimerd+0x10/0x10 [ 306.994296][ C1] ? preempt_schedule_thunk+0x16/0x30 [ 306.994314][ C1] ? smpboot_thread_fn+0x5f4/0xa60 [ 306.994334][ C1] ? smpboot_thread_fn+0x4d/0xa60 [ 306.994352][ C1] smpboot_thread_fn+0x53f/0xa60 [ 306.994371][ C1] ? smpboot_thread_fn+0x4d/0xa60 [ 306.994394][ C1] kthread+0x70e/0x8a0 [ 306.994417][ C1] ? __pfx_smpboot_thread_fn+0x10/0x10 [ 306.994436][ C1] ? __pfx_kthread+0x10/0x10 [ 306.994460][ C1] ? __pfx_kthread+0x10/0x10 [ 306.994482][ C1] ret_from_fork+0x439/0x7d0 [ 306.994508][ C1] ? __pfx_ret_from_fork+0x10/0x10 [ 306.994530][ C1] ? __switch_to_asm+0x39/0x70 [ 306.994544][ C1] ? __switch_to_asm+0x33/0x70 [ 306.994558][ C1] ? __pfx_kthread+0x10/0x10 [ 306.994580][ C1] ret_from_fork_asm+0x1a/0x30 [ 306.994603][ C1] [ 306.994948][ T38] Kernel panic - not syncing: hung_task: blocked tasks [ 306.994962][ T38] CPU: 0 UID: 0 PID: 38 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 306.994981][ T38] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 306.994991][ T38] Call Trace: [ 306.994998][ T38] [ 306.995005][ T38] dump_stack_lvl+0x99/0x250 [ 306.995028][ T38] ? __asan_memcpy+0x40/0x70 [ 306.995045][ T38] ? __pfx_dump_stack_lvl+0x10/0x10 [ 306.995066][ T38] ? __pfx__printk+0x10/0x10 [ 306.995094][ T38] vpanic+0x281/0x750 [ 306.995118][ T38] ? __pfx_vpanic+0x10/0x10 [ 306.995134][ T38] ? preempt_schedule+0xae/0xc0 [ 306.995153][ T38] ? preempt_schedule_common+0x83/0xd0 [ 306.995174][ T38] panic+0xb9/0xc0 [ 306.995190][ T38] ? __pfx_panic+0x10/0x10 [ 306.995208][ T38] ? preempt_schedule_thunk+0x16/0x30 [ 306.995226][ T38] ? nmi_trigger_cpumask_backtrace+0x2bb/0x300 [ 306.995244][ T38] watchdog+0xfd2/0xfe0 [ 306.995265][ T38] ? watchdog+0x1de/0xfe0 [ 306.995284][ T38] kthread+0x70e/0x8a0 [ 306.995305][ T38] ? __pfx_watchdog+0x10/0x10 [ 306.995322][ T38] ? __pfx_kthread+0x10/0x10 [ 306.995345][ T38] ? __pfx_kthread+0x10/0x10 [ 306.995366][ T38] ret_from_fork+0x439/0x7d0 [ 306.995387][ T38] ? __pfx_ret_from_fork+0x10/0x10 [ 306.995407][ T38] ? __switch_to_asm+0x39/0x70 [ 306.995418][ T38] ? __switch_to_asm+0x33/0x70 [ 306.995429][ T38] ? __pfx_kthread+0x10/0x10 [ 306.995448][ T38] ret_from_fork_asm+0x1a/0x30 [ 306.995472][ T38] [ 306.997293][ T38] Kernel Offset: disabled