last executing test programs: 3m6.683102393s ago: executing program 2 (id=5394): r0 = socket$netlink(0x10, 0x3, 0xa) bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) sendmsg$BATADV_CMD_GET_HARDIF(r0, &(0x7f0000000200)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f0000000100)={0x14, 0x0, 0x400, 0x70bd29, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x4000040}, 0x0) 3m6.50075618s ago: executing program 2 (id=5395): r0 = socket$inet6(0xa, 0x3, 0x6) setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, &(0x7f0000000000)={0x84}, 0x8) setsockopt$inet6_IPV6_RTHDRDSTOPTS(r0, 0x29, 0x37, 0x0, 0x0) 3m6.306599797s ago: executing program 2 (id=5400): r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) connect$bt_l2cap(r0, &(0x7f0000000240)={0x1f, 0x0, @any, 0x4, 0x2}, 0xe) 3m6.156785382s ago: executing program 2 (id=5403): mmap(&(0x7f0000000000/0x400000)=nil, 0x1400000, 0x0, 0xc3072, 0xffffffffffffffff, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_mreqn(r0, 0x0, 0x20, &(0x7f0000000c80)={@multicast2, @broadcast}, 0xc) 3m5.935439138s ago: executing program 2 (id=5406): r0 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000040)=0x10) mkdir(&(0x7f00000000c0)='./control\x00', 0x0) 3m5.762705114s ago: executing program 2 (id=5409): mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x31, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f000001a000)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x33, &(0x7f000002eff0)={0x85c, &(0x7f0000000000)=[{}]}, 0x10) 2m55.216468072s ago: executing program 3 (id=5527): syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_CMAP(r0, 0x4b71, &(0x7f0000000000)={0x3800, 0x4, 0x9, 0x9, 0x9, 0x4}) 2m54.948970345s ago: executing program 3 (id=5531): r0 = socket(0x23, 0x5, 0x0) listen(r0, 0x0) listen(r0, 0x0) 2m54.773632089s ago: executing program 3 (id=5534): r0 = fsopen(&(0x7f00000001c0)='romfs\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000000)='source', &(0x7f0000000100)='c:::/', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) 2m54.606151766s ago: executing program 3 (id=5537): mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) mount$nfs4(&(0x7f0000000040)='/', &(0x7f0000000080)='./file0\x00', 0x0, 0x197841, 0x0) mount_setattr(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x8100, &(0x7f0000000000)={0x0, 0x0, 0x20000}, 0x20) 2m54.325106202s ago: executing program 3 (id=5543): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000180), r0) sendmsg$IEEE802154_LLSEC_ADD_KEY(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0706000000000000000027000000050031000400000008000200", @ANYRES32=r0], 0x24}, 0x1, 0x0, 0x0, 0x20004080}, 0x24060884) 2m53.205842122s ago: executing program 3 (id=5557): sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0) r0 = openat$nullb(0xffffffffffffff9c, &(0x7f00000001c0), 0x185802, 0x0) sendfile(r0, r0, 0x0, 0x200000) 2m52.692985999s ago: executing program 32 (id=5557): sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0) r0 = openat$nullb(0xffffffffffffff9c, &(0x7f00000001c0), 0x185802, 0x0) sendfile(r0, r0, 0x0, 0x200000) 2m50.682286268s ago: executing program 33 (id=5409): mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x31, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f000001a000)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x33, &(0x7f000002eff0)={0x85c, &(0x7f0000000000)=[{}]}, 0x10) 2m19.125078651s ago: executing program 4 (id=5778): r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000440), 0x103940) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r0, 0x4058534c, &(0x7f0000000180)={0x80, 0xc, 0x2, 0xffffffff, 0x0, 0x2}) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r0, 0x4058534c, &(0x7f0000000040)={0x80, 0x18, 0x2, 0xfffffff7, 0x0, 0x9}) 2m18.892485518s ago: executing program 4 (id=5779): capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000280)) r0 = syz_open_procfs$namespace(0x0, &(0x7f0000000140)='ns/uts\x00') setns(r0, 0x4000000) 2m18.639724163s ago: executing program 4 (id=5780): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$WG_CMD_SET_DEVICE(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000007c0)={0xfc, r1, 0x1, 0x0, 0x0, {}, [@WGDEVICE_A_PEERS={0xa8, 0x8, 0x0, 0x1, [{0x6c, 0x0, 0x0, 0x1, [@WGPEER_A_ALLOWEDIPS={0x44, 0x9, 0x0, 0x1, [{0x40, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @remote}, {0x5, 0x3, 0x3}}, @ipv6={{0x6}, {0x14, 0x2, @empty}, {0x5, 0x3, 0x2}}]}]}, @WGPEER_A_PUBLIC_KEY={0x24, 0x1, @a_g}]}, {0x38, 0x0, 0x0, 0x1, [@WGPEER_A_PUBLIC_KEY={0x24, 0x1, @c_g}, @WGPEER_A_FLAGS={0x8, 0x3, 0xf}, @WGPEER_A_FLAGS={0x8, 0x3, 0x4}]}]}, @WGDEVICE_A_PRIVATE_KEY={0x24, 0x3, @b}, @WGDEVICE_A_LISTEN_PORT={0x6}, @WGDEVICE_A_IFNAME={0x14, 0x2, 'wg0\x00'}]}, 0xfc}, 0x1, 0x0, 0x0, 0x4004840}, 0x40000) 2m18.201157871s ago: executing program 4 (id=5783): r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_buf(r0, 0x6, 0xd, &(0x7f0000000000)='R', 0x1) setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000040)={@private=0xa010101, @multicast1}, 0x10) 2m17.908135137s ago: executing program 4 (id=5786): mkdir(&(0x7f0000001a80)='./file0\x00', 0x18b) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000000c0)={0x0, 0xffffffffffffffff, 0x0, 0x1c, &(0x7f0000000000)='//sys\x00\x00\x00\x00\x00\x00\x80\x004\x00\x00s/\x92ync_\x93\x96\xff\x92\xaf\x00Se\xf44.\x00'/49}, 0x30) mount$bpf(0x200000000000, &(0x7f0000000200)='./file0\x00', 0x0, 0x206002, 0x0) 2m17.623878174s ago: executing program 4 (id=5789): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f00000002c0), 0xffffffffffffffff) sendmsg$TIPC_NL_LINK_SET(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000040)={0x40, r1, 0x601, 0x0, 0x0, {}, [@TIPC_NLA_LINK={0x2c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_PROP={0x14, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x5, 0x2}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x81}]}]}]}, 0x40}, 0x1, 0x0, 0x0, 0x20004001}, 0x0) 2m2.450752009s ago: executing program 34 (id=5789): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f00000002c0), 0xffffffffffffffff) sendmsg$TIPC_NL_LINK_SET(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000040)={0x40, r1, 0x601, 0x0, 0x0, {}, [@TIPC_NLA_LINK={0x2c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_PROP={0x14, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x5, 0x2}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x81}]}]}]}, 0x40}, 0x1, 0x0, 0x0, 0x20004001}, 0x0) 1m36.237549638s ago: executing program 5 (id=6172): r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000140)=ANY=[@ANYBLOB="12010000413f5f201d0650c16fce0102030109021b00010000100009043300011870f500090582020002"], 0x0) syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0xa8, &(0x7f0000000040)=ANY=[@ANYBLOB="6b0ee0b3d41b1b"]) syz_usb_control_io(r0, 0x0, 0x0) 1m34.283594966s ago: executing program 5 (id=6199): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000340)=0x15) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000000)=0x11) 1m34.138494108s ago: executing program 5 (id=6201): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xf, &(0x7f0000000340)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, [@ringbuf_query={{0x18, 0x1, 0x1, 0x0, r0}}, @printk={@lli, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x301}, {0x85, 0x0, 0x0, 0x2d}}]}, &(0x7f0000000000)='GPL\x00', 0x2, 0x0, 0x0, 0x41000, 0xa2, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000002}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000980)={&(0x7f0000000940)='tlb_flush\x00', r1}, 0x10) 1m33.916197977s ago: executing program 5 (id=6205): r0 = syz_genetlink_get_family_id$devlink(&(0x7f0000000100), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$DEVLINK_CMD_TRAP_GROUP_SET(r1, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000300)={0x4c, r0, 0x1, 0x0, 0x0, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0xd}, {0x8, 0x8e}}]}, 0x4c}}, 0x0) 1m33.717363413s ago: executing program 5 (id=6210): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_DEL_ADDR(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)={0x20, r1, 0x1, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0xc, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0xed}]}]}, 0x20}, 0x1, 0x0, 0x0, 0x8000}, 0x0) 1m33.579022229s ago: executing program 5 (id=6213): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CAP_DIRTY_LOG_RING_ACQ_REL(r1, 0x4068aea3, &(0x7f0000000100)={0xdf, 0x0, 0x1e000}) 1m21.776922446s ago: executing program 1 (id=6272): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000001e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a2c010000060a0b0400000000000000000200000038000480340001800900010068617368000000002400028008000740000000010800044000000000080002400000000e08000640000000070900010073797a30000000000900020073797a3200000000c60007"], 0x154}}, 0x0) 1m21.517618885s ago: executing program 6 (id=6276): mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x1e) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='debugfs\x00', 0x0, 0x0) mount$bpf(0x0, &(0x7f0000000380)='./file0\x00', 0x0, 0x40020, &(0x7f00000003c0)={[{}]}) 1m21.241048868s ago: executing program 6 (id=6279): r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/timer_list\x00', 0x0, 0x0) r1 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000100)='/proc/sys/net/ipv4/tcp_dsack\x00', 0x1, 0x0) sendfile(r1, r0, &(0x7f00000000c0)=0x8e, 0x180000504) 1m18.113747553s ago: executing program 35 (id=6213): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CAP_DIRTY_LOG_RING_ACQ_REL(r1, 0x4068aea3, &(0x7f0000000100)={0xdf, 0x0, 0x1e000}) 1m16.947807161s ago: executing program 6 (id=6285): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_TRAP_POLICER_SET(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000c40)={&(0x7f0000000040)={0x54, r1, 0x1, 0xfffffffc, 0x0, {0x1e}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x0, 0x3e}, {0xc}, {0xc}}]}, 0x54}, 0x1, 0x0, 0x0, 0x20040010}, 0x10) 1m16.638994949s ago: executing program 6 (id=6286): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000600)={{0x14}, [@NFT_MSG_DELFLOWTABLE={0x2c, 0x18, 0xa, 0x101, 0x0, 0x0, {0x2, 0x0, 0x5}, [@NFTA_FLOWTABLE_HANDLE={0xc, 0x5, 0x1, 0x0, 0x1}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0x54}}, 0x0) 1m16.271674436s ago: executing program 1 (id=6287): r0 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB="b4050000fdff7f006110580000000000c60000000000000095000000000000009f33ef60916e6e713f1eeb0b725ad99b817fd98cd824498949714ffaac8a6f770600dcca55f21f3ca9e822d182054d54d53cd2b6db714e4beb5447000001000000008f2b9000f22425e4097ed62cbc891061017cfa6fa26fa7088c60897d4a6148a1c1e43f00001bde60beac671e8e8fdecb03588aa623fa71f31bf0f871ab5c2ff88afc60027f4e5b5271ed58e835cf0d0000000098b51fe6b1b8d9dbe87dcff414ed000000000000000000000000000000000000000000000000000000b347abe6352a080f8140e5fd10747b6ecdb3540546bf636e3d6e700e5b0500000000000000eb9e1403e6c8f7a187eaf60f3a17f0f046a307a403c19d9829c90bd2114252581567acae715cbe1b57d5cda432c5b910400623d24195405f2e76ccb7b37b41215c184e731fb1"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd}, 0x48) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12}, 0x48) bpf$BPF_LINK_CREATE(0x1c, &(0x7f00000006c0)={r0, r1, 0x26, 0x0, @void}, 0x10) 1m14.499246248s ago: executing program 1 (id=6288): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_GET_ADDR(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000840)={0x34, r1, 0x1, 0x70bd25, 0x25dfdbff, {}, [@MPTCP_PM_ATTR_ADDR={0x20, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @private1={0xfc, 0x1, '\x00', 0x1}}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0xa}]}]}, 0x34}, 0x1, 0x0, 0x0, 0x4000880}, 0x20000090) 1m14.268947357s ago: executing program 1 (id=6289): r0 = userfaultfd(0x801) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000001c0)) ioctl$UFFDIO_WRITEPROTECT(r0, 0xc018aa06, &(0x7f0000000000)={{&(0x7f0000000000/0x4000)=nil, 0x4000}, 0x3}) 1m14.053523208s ago: executing program 1 (id=6290): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x13, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000000080000000000000000001801000020786c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000100000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000400000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x34, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f00000005c0)='sys_enter\x00', r0}, 0x18) arch_prctl$ARCH_SHSTK_LOCK(0x5003, 0x2) 1m13.566635071s ago: executing program 7 (id=6293): r0 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r0, &(0x7f0000000000)={0x18, 0x0, {0x15, @remote, 'bond0\x00'}}, 0x1e) ioctl$PPPOEIOCSFWD(r0, 0x40047452, 0x0) 1m13.314024892s ago: executing program 7 (id=6295): r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000000), 0x180300, 0x0) ioctl$FBIOPUT_VSCREENINFO(r0, 0x4601, &(0x7f0000000040)={0x191, 0x258, 0x1e0, 0x3f, 0x32, 0x1, 0x0, 0x0, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x4}) ioctl$FBIOGETCMAP(r0, 0x4604, &(0x7f0000000200)={0xcd, 0x0, 0x0, 0x0, 0x0, 0x0}) 1m12.97433052s ago: executing program 7 (id=6296): r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f00000000c0)={0x1, &(0x7f00000005c0)=[{0x6}]}) socket$nl_route(0x10, 0x3, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_SEND(r0, 0xc0502103, &(0x7f00000001c0)) 1m11.725671462s ago: executing program 7 (id=6297): connect$netrom(0xffffffffffffffff, &(0x7f0000000140)={{0x6, @rose}, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @default, @default, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}]}, 0x10) r0 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f0000000140)={0x1, [0x0]}, &(0x7f0000000240)=0x8) setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x1f, &(0x7f0000000b40)={r1, @in={{0x2, 0x4e21, @empty}}, 0x0, 0xb92}, 0x90) 1m11.54911556s ago: executing program 1 (id=6299): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x20040051}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000300)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a58000000160a03020000000000000000020000000900020073797a30000000000900010073797a30000000002c00038008000140000000000800024000000000180003801400010073797a5f74756e00000000000000000014000000110001"], 0x80}}, 0x0) syz_emit_ethernet(0x19, &(0x7f0000000180)={@broadcast, @local, @val={@val={0x88a8, 0x1, 0x0, 0x1}, {0x8864, 0x6, 0x0, 0x1}}, {@llc={0x8864, {@llc={0x80, 0x80, "1a"}}}}}, 0x0) 1m11.320675274s ago: executing program 7 (id=6301): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)=@base={0xe, 0x4, 0x4, 0xc}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000850000007b00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='mmap_lock_acquire_returned\x00', r1}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x3, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x5, 0x0, 0x0, 0x0, 0x61, 0x10, 0x34}, [@ldst={0x3, 0x0, 0x3, 0x1c10a1, 0x0, 0x2c}]}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x85}, 0x52) 1m8.524695222s ago: executing program 6 (id=6303): mkdir(&(0x7f00000002c0)='./file0\x00', 0x181) mount(0x0, &(0x7f00000003c0)='./file0\x00', &(0x7f0000000580)='tracefs\x00', 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000001c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) llistxattr(&(0x7f0000000100)='./file0\x00', &(0x7f0000000200)=""/18, 0x12) 1m8.307450229s ago: executing program 6 (id=6304): r0 = socket$inet_icmp(0x2, 0x2, 0x1) read(r0, &(0x7f0000000240)=""/146, 0x92) setsockopt$inet_int(r0, 0x0, 0x19, &(0x7f0000000040)=0x3, 0x4) sendmmsg$inet(r0, &(0x7f0000000c40)=[{{&(0x7f0000000200)={0x2, 0x4e22, @local}, 0x10, &(0x7f0000000000)=[{&(0x7f0000000140)='\b\x00\x00\x00(\x00\x00\x00', 0x8}], 0x1}}], 0x1, 0x4800) 1m1.083256361s ago: executing program 7 (id=6306): io_setup(0xeb0, &(0x7f0000000140)=0x0) r1 = socket$xdp(0x2c, 0x3, 0x0) io_submit(r0, 0x1, &(0x7f0000001980)=[&(0x7f00000001c0)={0x0, 0x0, 0x0, 0x5, 0x0, r1, 0x0}]) io_cancel(r0, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) 56.03268158s ago: executing program 36 (id=6299): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x20040051}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000300)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a58000000160a03020000000000000000020000000900020073797a30000000000900010073797a30000000002c00038008000140000000000800024000000000180003801400010073797a5f74756e00000000000000000014000000110001"], 0x80}}, 0x0) syz_emit_ethernet(0x19, &(0x7f0000000180)={@broadcast, @local, @val={@val={0x88a8, 0x1, 0x0, 0x1}, {0x8864, 0x6, 0x0, 0x1}}, {@llc={0x8864, {@llc={0x80, 0x80, "1a"}}}}}, 0x0) 53.2130357s ago: executing program 37 (id=6304): r0 = socket$inet_icmp(0x2, 0x2, 0x1) read(r0, &(0x7f0000000240)=""/146, 0x92) setsockopt$inet_int(r0, 0x0, 0x19, &(0x7f0000000040)=0x3, 0x4) sendmmsg$inet(r0, &(0x7f0000000c40)=[{{&(0x7f0000000200)={0x2, 0x4e22, @local}, 0x10, &(0x7f0000000000)=[{&(0x7f0000000140)='\b\x00\x00\x00(\x00\x00\x00', 0x8}], 0x1}}], 0x1, 0x4800) 45.5493639s ago: executing program 38 (id=6306): io_setup(0xeb0, &(0x7f0000000140)=0x0) r1 = socket$xdp(0x2c, 0x3, 0x0) io_submit(r0, 0x1, &(0x7f0000001980)=[&(0x7f00000001c0)={0x0, 0x0, 0x0, 0x5, 0x0, r1, 0x0}]) io_cancel(r0, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) 39.782576301s ago: executing program 0 (id=6324): r0 = syz_usb_connect$printer(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000000030020f003176c400000000001090224725100000000090400001207010300090501020000000000090582020002"], 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000180)={0x84, 0x0, 0x0, 0x0, 0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB=' '], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) write$char_usb(r1, 0x0, 0x20) 39.427391525s ago: executing program 0 (id=6325): r0 = fsopen(&(0x7f0000000200)='mqueue\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x0, 0x0) openat$cgroup_ro(r1, &(0x7f0000000000)='blkio.throttle.io_service_bytes_recursive\x00', 0x275a, 0xefff) 28.285668529s ago: executing program 0 (id=6326): r0 = syz_open_dev$vim2m(&(0x7f0000000180), 0x7, 0x2) ioctl$vim2m_VIDIOC_ENUM_FMT(r0, 0xc0405602, &(0x7f0000000000)={0x12, 0x1, 0x0, "6906007722366ccee4ba568eb4f80102f5372f2c74f6024305f11fd3454ad23d"}) r1 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002) ioctl$SCSI_IOCTL_GET_PCI(r1, 0x5393, &(0x7f0000000000)) 28.285470875s ago: executing program 0 (id=6327): r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0) r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) unshare(0x2a060400) move_mount(r1, 0x0, r0, 0x0, 0x46) 15.386330572s ago: executing program 0 (id=6328): r0 = socket$rds(0x15, 0x5, 0x0) bind$rds(r0, &(0x7f00000010c0)={0x2, 0x0, @loopback}, 0x10) sendmsg$rds(r0, &(0x7f0000000380)={&(0x7f0000000000)={0x2, 0x0, @private=0xa010101}, 0x10, 0x0, 0x0, &(0x7f0000000080)=[@rdma_dest={0x18}, @rdma_dest={0x18, 0x114, 0x4}], 0x30}, 0x0) 15.170057185s ago: executing program 0 (id=6329): sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000440)=ANY=[@ANYBLOB="e8000000190001002dbd7000fbdbdf2502202000ff02ff020018000008000100ac1414aac100098026"], 0xe8}, 0x1, 0x0, 0x0, 0x44050}, 0x1000) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x4000, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x20040040) 0s ago: executing program 39 (id=6329): sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000440)=ANY=[@ANYBLOB="e8000000190001002dbd7000fbdbdf2502202000ff02ff020018000008000100ac1414aac100098026"], 0xe8}, 0x1, 0x0, 0x0, 0x44050}, 0x1000) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x4000, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x20040040) kernel console output (not intermixed with test programs): 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 425.478246][ T5928] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 425.478286][ T5928] usb 4-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 425.478306][ T5928] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 425.483637][ T5928] usb 4-1: config 0 descriptor?? [ 425.635217][ T5854] usb 2-1: USB disconnect, device number 41 [ 425.938453][ T5928] input: HID 045e:07da as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:045E:07DA.0055/input/input35 [ 425.948005][ T5928] microsoft 0003:045E:07DA.0055: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.3-1/input0 [ 426.130553][ T5917] usb 4-1: USB disconnect, device number 40 [ 426.307878][T16686] netlink: 766 bytes leftover after parsing attributes in process `syz.2.5072'. [ 426.459598][T16692] 9pnet: Limiting 'msize' to 1048576 as this is the maximum supported by transport fd [ 426.459825][ T5928] kernel write not supported for file task/2210/attr/keycreate (pid: 5928 comm: kworker/0:6) [ 426.495482][ T31] usb 2-1: new high-speed USB device number 42 using dummy_hcd [ 426.599754][ T5843] Bluetooth: to_multiplier 53684 > 3200 [ 426.667803][ T31] usb 2-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config [ 426.667859][ T31] usb 2-1: New USB device found, idVendor=041e, idProduct=4007, bcdDevice=5d.18 [ 426.667879][ T31] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 426.710695][ T31] gspca_main: stv0680-2.14.0 probing 041e:4007 [ 426.775548][ T5917] usb 3-1: new high-speed USB device number 47 using dummy_hcd [ 426.845816][T16706] netlink: 60 bytes leftover after parsing attributes in process `syz.0.5079'. [ 426.849095][T16706] netlink: 60 bytes leftover after parsing attributes in process `syz.0.5079'. [ 426.921510][T16710] tipc: Enabling of bearer rejected, failed to enable media [ 426.955489][ T5917] usb 3-1: Using ep0 maxpacket: 16 [ 426.963645][ T5917] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 426.963673][ T5917] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 426.963692][ T5917] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 426.963729][ T5917] usb 3-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 426.963748][ T5917] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 427.031687][ T5917] usb 3-1: config 0 descriptor?? [ 427.455747][ T5917] microsoft 0003:045E:07DA.0056: unknown main item tag 0x1 [ 427.463487][ T5917] microsoft 0003:045E:07DA.0056: hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.2-1/input0 [ 427.463516][ T5917] microsoft 0003:045E:07DA.0056: no inputs found [ 427.463528][ T5917] microsoft 0003:045E:07DA.0056: could not initialize ff, continuing anyway [ 427.635199][T16730] nbd: must specify a device to reconfigure [ 427.666970][ T5928] usb 3-1: USB disconnect, device number 47 [ 427.750352][ T31] stv0680 2-1:4.0: STV(e): camera ping failed!! [ 427.953022][ T31] gspca_stv0680: usb_control_msg error 0, request = 0x80, error = -71 [ 427.953047][ T31] stv0680 2-1:4.0: last error: 0, command = 0x0 [ 427.985154][ T31] usb 2-1: USB disconnect, device number 42 [ 428.114645][T16739] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5095'. [ 428.114679][T16739] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5095'. [ 428.626948][ T5843] Bluetooth: hci2: command 0x0406 tx timeout [ 428.850333][T16769] sg_write: data in/out 209152/4 bytes for SCSI command 0x89-- guessing data in; [ 428.850333][T16769] program syz.0.5109 not setting count and/or reply_len properly [ 429.293693][T16789] netlink: 16 bytes leftover after parsing attributes in process `syz.0.5119'. [ 429.293746][T16789] netlink: 20 bytes leftover after parsing attributes in process `syz.0.5119'. [ 429.610032][T16804] netlink: 36 bytes leftover after parsing attributes in process `syz.4.5126'. [ 429.925563][ T5928] usb 4-1: new high-speed USB device number 41 using dummy_hcd [ 430.086263][ T5928] usb 4-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f [ 430.086291][ T5928] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 430.086309][ T5928] usb 4-1: Product: syz [ 430.086321][ T5928] usb 4-1: Manufacturer: syz [ 430.086333][ T5928] usb 4-1: SerialNumber: syz [ 430.095527][ T5917] usb 3-1: new high-speed USB device number 48 using dummy_hcd [ 430.100348][ T5928] usb 4-1: config 0 descriptor?? [ 430.245564][ T5917] usb 3-1: Using ep0 maxpacket: 8 [ 430.248226][ T5917] usb 3-1: config 0 interface 0 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 430.248255][ T5917] usb 3-1: config 0 interface 0 has no altsetting 0 [ 430.248286][ T5917] usb 3-1: New USB device found, idVendor=20a0, idProduct=4287, bcdDevice= 0.00 [ 430.248308][ T5917] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 430.281501][T16828] netlink: 240 bytes leftover after parsing attributes in process `syz.4.5136'. [ 430.310395][ T5917] usb 3-1: config 0 descriptor?? [ 430.387503][ T9] usb 4-1: USB disconnect, device number 41 [ 430.762047][ T5917] hid-u2fzero 0003:20A0:4287.0057: hidraw0: USB HID v0.03 Device [HID 20a0:4287] on usb-dummy_hcd.2-1/input0 [ 430.764749][ T5917] hid-u2fzero 0003:20A0:4287.0057: NitroKey U2F LED initialised [ 430.764861][ T5917] hid-u2fzero 0003:20A0:4287.0057: NitroKey U2F RNG initialised [ 430.933476][ T9] usb 3-1: USB disconnect, device number 48 [ 432.046422][T16876] netlink: 'syz.1.5159': attribute type 1 has an invalid length. [ 432.046442][T16876] netlink: 28 bytes leftover after parsing attributes in process `syz.1.5159'. [ 432.125524][ T9] usb 3-1: new high-speed USB device number 49 using dummy_hcd [ 432.275688][ T9] usb 3-1: Using ep0 maxpacket: 32 [ 432.278272][ T9] usb 3-1: config 0 has an invalid interface number: 66 but max is 0 [ 432.278295][ T9] usb 3-1: config 0 has no interface number 0 [ 432.281393][ T9] usb 3-1: New USB device found, idVendor=0fe9, idProduct=d501, bcdDevice=23.50 [ 432.281417][ T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 432.281435][ T9] usb 3-1: Product: syz [ 432.281447][ T9] usb 3-1: Manufacturer: syz [ 432.281459][ T9] usb 3-1: SerialNumber: syz [ 432.313987][ T9] usb 3-1: config 0 descriptor?? [ 432.319139][ T9] dvb-usb: found a 'DViCO FusionHDTV5 USB Gold' in warm state. [ 432.319191][ T9] dvb-usb: bulk message failed: -22 (2/0) [ 432.398970][ T9] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 432.399712][ T9] dvbdev: DVB: registering new adapter (DViCO FusionHDTV5 USB Gold) [ 432.399881][ T9] usb 3-1: media controller created [ 432.494793][ T9] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 432.525055][T16870] cxusb: i2c wr: len=85 is too big! [ 432.525055][T16870] [ 432.563576][ T9] cxusb: set interface failed [ 432.563596][ T9] dvb-usb: bulk message failed: -22 (1/0) [ 432.663005][ T9] DVB: Unable to find symbol lgdt330x_attach() [ 432.663020][ T9] dvb-usb: no frontend was attached by 'DViCO FusionHDTV5 USB Gold' [ 432.786478][ T9] rc_core: IR keymap rc-dvico-portable not found [ 432.786499][ T9] Registered IR keymap rc-empty [ 432.787959][ T9] rc rc0: DViCO FusionHDTV5 USB Gold as /devices/platform/dummy_hcd.2/usb3/3-1/rc/rc0 [ 432.794320][ T9] input: DViCO FusionHDTV5 USB Gold as /devices/platform/dummy_hcd.2/usb3/3-1/rc/rc0/input37 [ 432.801567][ T9] dvb-usb: schedule remote query interval to 100 msecs. [ 432.801587][ T9] dvb-usb: DViCO FusionHDTV5 USB Gold successfully initialized and connected. [ 432.809942][ T9] usb 3-1: USB disconnect, device number 49 [ 433.175070][ T9] dvb-usb: DViCO FusionHDTV5 USB Gold successfully deinitialized and disconnected. [ 433.880927][T16892] syz.3.5167 (16892): drop_caches: 2 [ 434.145613][ T5843] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 435.411737][T16986] tmpfs: Cannot disable swap on remount [ 435.865517][ T5854] usb 3-1: new high-speed USB device number 50 using dummy_hcd [ 436.019148][ T5854] usb 3-1: Using ep0 maxpacket: 32 [ 436.021612][ T5854] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 436.021639][ T5854] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 436.021675][ T5854] usb 3-1: New USB device found, idVendor=1e7d, idProduct=2d51, bcdDevice= 0.00 [ 436.021694][ T5854] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 436.057513][ T5854] usb 3-1: config 0 descriptor?? [ 436.123577][T17019] : entered promiscuous mode [ 436.538664][ T5854] koneplus 0003:1E7D:2D51.0058: item fetching failed at offset 1/5 [ 436.539486][ T5854] koneplus 0003:1E7D:2D51.0058: parse failed [ 436.539552][ T5854] koneplus 0003:1E7D:2D51.0058: probe with driver koneplus failed with error -22 [ 436.675618][ T31] usb 2-1: new full-speed USB device number 43 using dummy_hcd [ 436.746859][ T5854] usb 3-1: USB disconnect, device number 50 [ 436.830288][ T31] usb 2-1: config 0 has an invalid interface number: 1 but max is 0 [ 436.830314][ T31] usb 2-1: config 0 has no interface number 0 [ 436.830359][ T31] usb 2-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e [ 436.830379][ T31] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 436.873264][ T31] usb 2-1: config 0 descriptor?? [ 436.886166][ T31] usb 2-1: selecting invalid altsetting 1 [ 436.886337][ T31] dvb_ttusb_budget: ttusb_init_controller: error [ 436.886351][ T31] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB) [ 436.977370][ T31] DVB: Unable to find symbol cx22700_attach() [ 437.056435][T17047] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5241'. [ 437.097318][ T31] DVB: Unable to find symbol tda10046_attach() [ 437.097331][ T31] dvb_ttusb_budget: no frontend driver found for device [0b48:1005] [ 437.120177][ T31] usb 2-1: USB disconnect, device number 43 [ 437.836119][T17073] mkiss: ax0: crc mode is auto. [ 437.925480][ T31] usb 5-1: new high-speed USB device number 49 using dummy_hcd [ 438.075476][ T31] usb 5-1: Using ep0 maxpacket: 32 [ 438.078278][ T31] usb 5-1: config 0 interface 0 altsetting 16 endpoint 0x81 has invalid wMaxPacketSize 0 [ 438.078310][ T31] usb 5-1: config 0 interface 0 altsetting 16 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 438.078334][ T31] usb 5-1: config 0 interface 0 has no altsetting 0 [ 438.078367][ T31] usb 5-1: New USB device found, idVendor=1b1c, idProduct=0c10, bcdDevice= 0.00 [ 438.078387][ T31] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 438.083853][ T31] usb 5-1: config 0 descriptor?? [ 438.416085][T17095] tmpfs: Cannot change global quota limit on remount [ 438.510082][ T31] hid (null): unknown global tag 0xc [ 438.510103][ T31] hid (null): global environment stack underflow [ 438.536510][ T31] corsair-cpro 0003:1B1C:0C10.0059: unknown global tag 0xc [ 438.536533][ T31] corsair-cpro 0003:1B1C:0C10.0059: item 0 1 1 12 parsing failed [ 438.537441][ T31] corsair-cpro 0003:1B1C:0C10.0059: probe with driver corsair-cpro failed with error -22 [ 438.705777][ T5844] Bluetooth: hci4: command 0x0405 tx timeout [ 438.746493][ T5854] usb 5-1: USB disconnect, device number 49 [ 438.895214][T17113] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5272'. [ 438.982440][ T6049] usb 4-1: new high-speed USB device number 42 using dummy_hcd [ 439.125488][ T6049] usb 4-1: Using ep0 maxpacket: 16 [ 439.128388][ T6049] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 439.128417][ T6049] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 439.128438][ T6049] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 439.128477][ T6049] usb 4-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 439.128497][ T6049] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 439.196302][ T6049] usb 4-1: config 0 descriptor?? [ 439.515541][ T5854] usb 2-1: new high-speed USB device number 44 using dummy_hcd [ 439.616511][ T6049] microsoft 0003:045E:07DA.005A: ignoring exceeding usage max [ 439.618103][ T6049] microsoft 0003:045E:07DA.005A: unbalanced collection at end of report description [ 439.618949][ T6049] microsoft 0003:045E:07DA.005A: parse failed [ 439.619045][ T6049] microsoft 0003:045E:07DA.005A: probe with driver microsoft failed with error -22 [ 439.674065][ T5854] usb 2-1: unable to get BOS descriptor or descriptor too short [ 439.675187][ T5854] usb 2-1: config 3 has an invalid descriptor of length 0, skipping remainder of the config [ 439.696840][ T5854] usb 2-1: string descriptor 0 read error: -22 [ 439.696971][ T5854] usb 2-1: New USB device found, idVendor=0cf3, idProduct=1010, bcdDevice=26.db [ 439.696984][ T5854] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 439.785541][ T1208] usb 3-1: new high-speed USB device number 51 using dummy_hcd [ 439.823449][ T5906] usb 4-1: USB disconnect, device number 42 [ 439.886905][ T5854] usb 2-1: reset high-speed USB device number 44 using dummy_hcd [ 439.905882][ T9] usb 5-1: new full-speed USB device number 50 using dummy_hcd [ 439.938001][ T1208] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 439.938029][ T1208] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 439.938049][ T1208] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 439.938086][ T1208] usb 3-1: New USB device found, idVendor=056e, idProduct=010c, bcdDevice= 0.00 [ 439.938105][ T1208] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 439.948205][ T1208] usb 3-1: config 0 descriptor?? [ 440.076100][ T1322] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.076287][ T1322] ieee802154 phy1 wpan1: encryption failed: -22 [ 440.094342][ T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 512, setting to 64 [ 440.094374][ T9] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 440.094477][ T9] usb 5-1: New USB device found, idVendor=5543, idProduct=0047, bcdDevice= 0.00 [ 440.094497][ T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 440.111373][ T9] usb 5-1: config 0 descriptor?? [ 440.112659][T17141] raw-gadget.3 gadget.4: fail, usb_ep_enable returned -22 [ 440.398592][ T1208] elecom 0003:056E:010C.005B: unknown main item tag 0x0 [ 440.398632][ T1208] elecom 0003:056E:010C.005B: unknown main item tag 0x0 [ 440.398658][ T1208] elecom 0003:056E:010C.005B: unknown main item tag 0x0 [ 440.399271][ T1208] elecom 0003:056E:010C.005B: unknown main item tag 0x0 [ 440.399302][ T1208] elecom 0003:056E:010C.005B: unknown main item tag 0x0 [ 440.399324][ T1208] elecom 0003:056E:010C.005B: unknown main item tag 0x0 [ 440.399348][ T1208] elecom 0003:056E:010C.005B: unknown main item tag 0x0 [ 440.400297][ T1208] elecom 0003:056E:010C.005B: unknown main item tag 0x0 [ 440.400385][ T1208] elecom 0003:056E:010C.005B: unknown main item tag 0x0 [ 440.400412][ T1208] elecom 0003:056E:010C.005B: unknown main item tag 0x0 [ 440.418673][ T1208] elecom 0003:056E:010C.005B: hidraw0: USB HID v0.00 Device [HID 056e:010c] on usb-dummy_hcd.2-1/input0 [ 440.586117][ T6049] usb 3-1: USB disconnect, device number 51 [ 440.642071][ T5854] usb 2-1: device descriptor read/64, error -71 [ 440.762965][ T9] usb 5-1: string descriptor 0 read error: -71 [ 440.763639][ T9] uclogic 0003:5543:0047.005C: failed retrieving string descriptor #200: -71 [ 440.763693][ T9] uclogic 0003:5543:0047.005C: failed retrieving pen parameters: -71 [ 440.763708][ T9] uclogic 0003:5543:0047.005C: failed probing pen v2 parameters: -71 [ 440.763758][ T9] uclogic 0003:5543:0047.005C: failed probing parameters: -71 [ 440.763863][ T9] uclogic 0003:5543:0047.005C: probe with driver uclogic failed with error -71 [ 440.779465][ T9] usb 5-1: USB disconnect, device number 50 [ 440.785593][ T5843] Bluetooth: hci4: command 0x0405 tx timeout [ 440.885667][ T5854] usb 2-1: reset high-speed USB device number 44 using dummy_hcd [ 441.076333][ T5854] usb 2-1: unable to get BOS descriptor or descriptor too short [ 441.098388][ T5854] usb 2-1: device firmware changed [ 441.175699][ T5854] usb 2-1: USB disconnect, device number 44 [ 441.465515][T17188] tipc: Enabling of bearer rejected, failed to enable media [ 441.720286][ T31] kernel write not supported for file /amidi2 (pid: 31 comm: kworker/1:0) [ 442.266583][ T31] usb 2-1: new high-speed USB device number 45 using dummy_hcd [ 442.417447][ T31] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 442.417492][ T31] usb 2-1: New USB device found, idVendor=046d, idProduct=c50c, bcdDevice= 0.00 [ 442.417514][ T31] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 442.422810][ T31] usb 2-1: config 0 descriptor?? [ 442.865597][ T31] logitech 0003:046D:C50C.005D: unbalanced delimiter at end of report description [ 442.866510][ T31] logitech 0003:046D:C50C.005D: parse failed [ 442.866616][ T31] logitech 0003:046D:C50C.005D: probe with driver logitech failed with error -22 [ 442.907535][T17243] netlink: 'syz.2.5332': attribute type 30 has an invalid length. [ 443.076195][ T9] usb 2-1: USB disconnect, device number 45 [ 443.216455][T17254] x_tables: ip_tables: limit.0 match: invalid size 40 (kernel) != (user) 48 [ 443.715594][ T9] usb 5-1: new full-speed USB device number 51 using dummy_hcd [ 443.749122][ T37] audit: type=1326 audit(1756964781.762:224): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17269 comm="syz.1.5345" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3e8a49ebe9 code=0x7ffc0000 [ 443.752298][ T37] audit: type=1326 audit(1756964781.762:225): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17269 comm="syz.1.5345" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3e8a49ebe9 code=0x7ffc0000 [ 443.752606][ T37] audit: type=1326 audit(1756964781.762:226): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17269 comm="syz.1.5345" exe="/root/syz-executor" sig=0 arch=c000003e syscall=447 compat=0 ip=0x7f3e8a49ebe9 code=0x7ffc0000 [ 443.752985][ T37] audit: type=1326 audit(1756964781.762:227): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17269 comm="syz.1.5345" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3e8a49ebe9 code=0x7ffc0000 [ 443.753231][ T37] audit: type=1326 audit(1756964781.762:228): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17269 comm="syz.1.5345" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3e8a49ebe9 code=0x7ffc0000 [ 443.753707][ T37] audit: type=1326 audit(1756964781.762:229): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17269 comm="syz.1.5345" exe="/root/syz-executor" sig=0 arch=c000003e syscall=91 compat=0 ip=0x7f3e8a49ebe9 code=0x7ffc0000 [ 443.754064][ T37] audit: type=1326 audit(1756964781.762:230): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17269 comm="syz.1.5345" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3e8a49ebe9 code=0x7ffc0000 [ 443.754302][ T37] audit: type=1326 audit(1756964781.762:231): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17269 comm="syz.1.5345" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3e8a49ebe9 code=0x7ffc0000 [ 443.883722][ T9] usb 5-1: config 0 interface 0 has no altsetting 0 [ 443.883763][ T9] usb 5-1: New USB device found, idVendor=0458, idProduct=5013, bcdDevice= 0.00 [ 443.883790][ T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 443.895249][ T9] usb 5-1: config 0 descriptor?? [ 444.048727][T17276] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant. [ 444.048727][T17276] The task syz.1.5348 (17276) triggered the difference, watch for misbehavior. [ 444.360994][ T9] kye 0003:0458:5013.005E: tablet report size too small, or kye_tablet_rdesc unexpectedly large [ 444.373545][ T9] kye 0003:0458:5013.005E: hidraw0: USB HID v0.06 Device [HID 0458:5013] on usb-dummy_hcd.4-1/input0 [ 444.373578][ T9] kye 0003:0458:5013.005E: tablet-enabling feature report not found [ 444.373591][ T9] kye 0003:0458:5013.005E: tablet enabling failed [ 444.565939][ T9] usb 5-1: USB disconnect, device number 51 [ 446.480851][T17354] netlink: 'syz.1.5386': attribute type 1 has an invalid length. [ 446.640209][T17359] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 447.451207][T17372] netlink: 12 bytes leftover after parsing attributes in process `syz.4.5393'. [ 448.715447][ T6049] usb 5-1: new high-speed USB device number 52 using dummy_hcd [ 448.832607][T17258] syz.0.5339 (17258): drop_caches: 1 [ 448.866838][ T6049] usb 5-1: Using ep0 maxpacket: 8 [ 448.869696][ T6049] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 4 [ 448.869740][ T6049] usb 5-1: New USB device found, idVendor=1b1c, idProduct=1b09, bcdDevice= 0.00 [ 448.869761][ T6049] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 448.917522][ T6049] usb 5-1: config 0 descriptor?? [ 448.925530][ T31] usb 2-1: new high-speed USB device number 46 using dummy_hcd [ 449.098331][ T31] usb 2-1: config 0 interface 0 altsetting 252 endpoint 0x81 has an invalid bInterval 129, changing to 11 [ 449.098364][ T31] usb 2-1: config 0 interface 0 altsetting 252 endpoint 0x81 has invalid wMaxPacketSize 0 [ 449.098385][ T31] usb 2-1: config 0 interface 0 has no altsetting 0 [ 449.098471][ T31] usb 2-1: New USB device found, idVendor=5543, idProduct=0064, bcdDevice= 0.00 [ 449.098493][ T31] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 449.163001][ T31] usb 2-1: config 0 descriptor?? [ 449.411399][ T6049] corsair 0003:1B1C:1B09.005F: unbalanced delimiter at end of report description [ 449.412712][ T6049] corsair 0003:1B1C:1B09.005F: parse failed [ 449.412870][ T6049] corsair 0003:1B1C:1B09.005F: probe with driver corsair failed with error -22 [ 449.592710][ T5854] usb 5-1: USB disconnect, device number 52 [ 449.648055][ T31] uclogic 0003:5543:0064.0060: item fetching failed at offset 5/7 [ 449.648884][ T31] uclogic 0003:5543:0064.0060: parse failed [ 449.648986][ T31] uclogic 0003:5543:0064.0060: probe with driver uclogic failed with error -22 [ 449.678879][T17422] binder: 17421:17422 ioctl c0306201 0 returned -14 [ 449.735297][T17424] netlink: 'syz.3.5420': attribute type 1 has an invalid length. [ 449.735500][T17424] netlink: 208 bytes leftover after parsing attributes in process `syz.3.5420'. [ 449.735517][T17424] netlink: 'syz.3.5420': attribute type 1 has an invalid length. [ 449.735530][T17424] netlink: 'syz.3.5420': attribute type 2 has an invalid length. [ 449.830918][ T31] usb 2-1: USB disconnect, device number 46 [ 450.615587][T17448] program syz.1.5431 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 450.665480][ T5854] usb 4-1: new high-speed USB device number 43 using dummy_hcd [ 450.815515][ T5854] usb 4-1: Using ep0 maxpacket: 32 [ 450.818010][ T5854] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 450.818037][ T5854] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 450.818174][ T5854] usb 4-1: New USB device found, idVendor=1e7d, idProduct=2ced, bcdDevice= 0.00 [ 450.818195][ T5854] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 450.829721][ T5854] usb 4-1: config 0 descriptor?? [ 450.905558][ T31] usb 5-1: new full-speed USB device number 53 using dummy_hcd [ 451.058431][ T31] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 451.058462][ T31] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 512, setting to 64 [ 451.058485][ T31] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 451.058528][ T31] usb 5-1: New USB device found, idVendor=0755, idProduct=2626, bcdDevice= 0.00 [ 451.058548][ T31] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 451.063600][ T31] usb 5-1: config 0 descriptor?? [ 451.064528][T17450] raw-gadget.2 gadget.4: fail, usb_ep_enable returned -22 [ 451.261617][ T5854] hid_parser_main: 28 callbacks suppressed [ 451.261639][ T5854] kone 0003:1E7D:2CED.0061: unknown main item tag 0x0 [ 451.261672][ T5854] kone 0003:1E7D:2CED.0061: unknown main item tag 0x0 [ 451.261697][ T5854] kone 0003:1E7D:2CED.0061: unknown main item tag 0x0 [ 451.261722][ T5854] kone 0003:1E7D:2CED.0061: unknown main item tag 0x0 [ 451.261747][ T5854] kone 0003:1E7D:2CED.0061: unknown main item tag 0x0 [ 451.295864][ T5854] kone 0003:1E7D:2CED.0061: hidraw0: USB HID v0.00 Device [HID 1e7d:2ced] on usb-dummy_hcd.3-1/input0 [ 451.462964][ T5854] kone 0003:1E7D:2CED.0061: couldn't init struct kone_device [ 451.463030][ T5854] kone 0003:1E7D:2CED.0061: couldn't install mouse [ 451.466698][ T5854] kone 0003:1E7D:2CED.0061: probe with driver kone failed with error -5 [ 451.482413][ T5854] usb 4-1: USB disconnect, device number 43 [ 451.506797][ T31] aureal 0003:0755:2626.0062: unknown main item tag 0x0 [ 451.506831][ T31] aureal 0003:0755:2626.0062: unknown main item tag 0x0 [ 451.506858][ T31] aureal 0003:0755:2626.0062: unknown main item tag 0x0 [ 451.506883][ T31] aureal 0003:0755:2626.0062: unknown main item tag 0x0 [ 451.506908][ T31] aureal 0003:0755:2626.0062: unknown main item tag 0x0 [ 451.512994][ T31] aureal 0003:0755:2626.0062: hidraw0: USB HID v0.00 Device [HID 0755:2626] on usb-dummy_hcd.4-1/input0 [ 451.697261][ T5854] usb 5-1: USB disconnect, device number 53 [ 453.055518][T17162] usb 4-1: new high-speed USB device number 44 using dummy_hcd [ 453.206664][T17162] usb 4-1: Using ep0 maxpacket: 32 [ 453.209240][T17162] usb 4-1: config 0 has an invalid interface number: 1 but max is 0 [ 453.209262][T17162] usb 4-1: config 0 has no interface number 0 [ 453.213913][T17162] usb 4-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=b6.d8 [ 453.213938][T17162] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 453.213955][T17162] usb 4-1: Product: syz [ 453.213967][T17162] usb 4-1: Manufacturer: syz [ 453.213980][T17162] usb 4-1: SerialNumber: syz [ 453.230766][T17162] usb 4-1: config 0 descriptor?? [ 453.250000][T17162] usb 4-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state [ 453.250025][T17162] usb 4-1: selecting invalid altsetting 1 [ 453.250040][T17162] usb 4-1: dvb_usb_ce6230: usb_set_interface() failed=-22 [ 453.267397][T17162] usb 4-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 453.267782][T17162] dvbdev: DVB: registering new adapter (Intel CE9500 reference design) [ 453.267831][T17162] usb 4-1: media controller created [ 453.412714][ T5843] Bluetooth: latency 3388 > 499 [ 453.414564][T17162] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 453.486090][T17162] usb 4-1: dvb_usb_ce6230: usb_control_msg() failed=-71 [ 453.486145][T17162] zl10353_read_register: readreg error (reg=127, ret==-71) [ 453.486604][T17162] usb 4-1: dvb_usb_ce6230: usb_set_interface() failed=-71 [ 453.634828][T17162] usb 4-1: USB disconnect, device number 44 [ 454.360474][T17528] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 455.296295][T17560] comedi comedi3: 8255: I/O port conflict (0x8,4) [ 455.296470][T17560] comedi comedi3: 8255: I/O port conflict (0x2,4) [ 455.428929][ T5843] Bluetooth: hci1: command 0x0406 tx timeout [ 455.934903][T17575] netlink: 48 bytes leftover after parsing attributes in process `syz.4.5492'. [ 456.315828][T17584] netlink: 'syz.3.5496': attribute type 18 has an invalid length. [ 456.321421][T17587] netlink: 'syz.1.5497': attribute type 12 has an invalid length. [ 456.321441][T17587] netlink: 9472 bytes leftover after parsing attributes in process `syz.1.5497'. [ 456.371936][ T13] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 456.372010][ T13] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 456.372053][ T13] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 456.372078][ T13] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 456.755765][ T6049] usb 5-1: new high-speed USB device number 54 using dummy_hcd [ 456.935494][ T6049] usb 5-1: Using ep0 maxpacket: 8 [ 456.937993][ T6049] usb 5-1: config index 0 descriptor too short (expected 30, got 18) [ 456.941057][ T6049] usb 5-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea [ 456.941081][ T6049] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 456.941098][ T6049] usb 5-1: Product: syz [ 456.941110][ T6049] usb 5-1: Manufacturer: syz [ 456.941121][ T6049] usb 5-1: SerialNumber: syz [ 456.991649][ T6049] usb 5-1: config 0 descriptor?? [ 457.006834][ T6049] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state. [ 457.006897][ T6049] usb 5-1: setting power ON [ 457.006921][ T6049] dvb-usb: bulk message failed: -22 (2/0) [ 457.034664][ T6049] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 457.044978][ T6049] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID)) [ 457.045035][ T6049] usb 5-1: media controller created [ 457.087194][ T6049] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 457.114566][ T6049] usb 5-1: selecting invalid altsetting 6 [ 457.114586][ T6049] usb 5-1: digital interface selection failed (-22) [ 457.114600][ T6049] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)' [ 457.136869][ T6049] usb 5-1: setting power OFF [ 457.136891][ T6049] dvb-usb: bulk message failed: -22 (2/0) [ 457.136907][ T6049] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected. [ 457.136919][ T6049] (NULL device *): no alternate interface [ 457.213985][T17589] dvb-usb: bulk message failed: -22 (3/0) [ 457.214009][T17589] dvb-usb: bulk message failed: -22 (3/0) [ 457.235824][ T6049] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected. [ 457.239522][ T6049] usb 5-1: USB disconnect, device number 54 [ 457.382150][T17599] netlink: 'syz.1.5503': attribute type 1 has an invalid length. [ 458.498517][ T31] kernel write not supported for file /stat (pid: 31 comm: kworker/1:0) [ 460.473806][T14166] syz_tun (unregistering): left allmulticast mode [ 460.473836][T14166] syz_tun (unregistering): left promiscuous mode [ 460.473955][T14166] bridge0: port 3(syz_tun) entered disabled state [ 460.583653][T17703] netlink: 372 bytes leftover after parsing attributes in process `syz.1.5554'. [ 461.176372][ T3519] netdevsim netdevsim3 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 461.471481][ T3519] netdevsim netdevsim3 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 461.675497][T17162] usb 2-1: new full-speed USB device number 47 using dummy_hcd [ 461.789984][ T3519] netdevsim netdevsim3 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 461.830453][T17162] usb 2-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 461.830481][T17162] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 461.839508][T17162] usb 2-1: config 0 descriptor?? [ 461.855221][T17162] cp210x 2-1:0.0: cp210x converter detected [ 462.129763][ T3519] netdevsim netdevsim3 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 462.248668][ T5844] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 462.263444][ T5844] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 462.266320][ T5844] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 462.273997][ T5844] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 462.276119][ T5844] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 462.285677][ T6049] usb 5-1: new high-speed USB device number 55 using dummy_hcd [ 462.301109][T17162] usb 2-1: cp210x converter now attached to ttyUSB0 [ 462.435498][ T6049] usb 5-1: Using ep0 maxpacket: 32 [ 462.437909][ T6049] usb 5-1: config 0 has an invalid interface number: 2 but max is 0 [ 462.437933][ T6049] usb 5-1: config 0 has no interface number 0 [ 462.438000][ T6049] usb 5-1: config 0 interface 2 altsetting 4 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 462.438024][ T6049] usb 5-1: config 0 interface 2 altsetting 4 endpoint 0x81 has invalid wMaxPacketSize 0 [ 462.438042][ T6049] usb 5-1: config 0 interface 2 altsetting 4 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 462.438067][ T6049] usb 5-1: config 0 interface 2 has no altsetting 0 [ 462.438097][ T6049] usb 5-1: New USB device found, idVendor=5543, idProduct=0781, bcdDevice= 0.00 [ 462.438117][ T6049] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 462.443608][ T6049] usb 5-1: config 0 descriptor?? [ 462.542313][ T31] usb 2-1: USB disconnect, device number 47 [ 462.579515][ T31] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 462.647410][T17723] lo speed is unknown, defaulting to 1000 [ 462.653843][T17723] lo speed is unknown, defaulting to 1000 [ 462.696052][ T31] cp210x 2-1:0.0: device disconnected [ 462.900897][ T6049] hid_parser_main: 64 callbacks suppressed [ 462.900919][ T6049] uclogic 0003:5543:0781.0063: unknown main item tag 0x0 [ 462.900951][ T6049] uclogic 0003:5543:0781.0063: unknown main item tag 0x0 [ 462.900976][ T6049] uclogic 0003:5543:0781.0063: unknown main item tag 0x0 [ 462.901002][ T6049] uclogic 0003:5543:0781.0063: unknown main item tag 0x0 [ 462.901028][ T6049] uclogic 0003:5543:0781.0063: unknown main item tag 0x0 [ 462.901052][ T6049] uclogic 0003:5543:0781.0063: unknown main item tag 0x0 [ 462.901078][ T6049] uclogic 0003:5543:0781.0063: unknown main item tag 0x0 [ 462.976464][ T6049] uclogic 0003:5543:0781.0063: hidraw0: USB HID v0.07 Device [HID 5543:0781] on usb-dummy_hcd.4-1/input2 [ 463.024931][ T3519] bridge_slave_1: left allmulticast mode [ 463.030571][ T3519] bridge_slave_1: left promiscuous mode [ 463.033798][ T3519] bridge0: port 2(bridge_slave_1) entered disabled state [ 463.096422][ T31] usb 5-1: USB disconnect, device number 55 [ 463.130620][ T3519] bridge_slave_0: left allmulticast mode [ 463.130651][ T3519] bridge_slave_0: left promiscuous mode [ 463.130932][ T3519] bridge0: port 1(bridge_slave_0) entered disabled state [ 463.236820][T17729] netlink: 'syz.1.5567': attribute type 21 has an invalid length. [ 464.105275][ T5843] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 464.124649][ T5843] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 464.135993][T17743] netlink: 1 bytes leftover after parsing attributes in process `syz.0.5573'. [ 464.165017][ T5843] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 464.178515][ T5843] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 464.179344][ T5843] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 464.385637][ T5843] Bluetooth: hci4: command tx timeout [ 465.125591][ T31] usb 5-1: new high-speed USB device number 56 using dummy_hcd [ 465.304630][ T31] usb 5-1: Using ep0 maxpacket: 16 [ 465.312137][ T31] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 465.312164][ T31] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 465.312176][ T31] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 465.312199][ T31] usb 5-1: New USB device found, idVendor=0457, idProduct=07da, bcdDevice= 0.00 [ 465.312210][ T31] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 465.367897][ T31] usb 5-1: config 0 descriptor?? [ 465.810424][ T31] hid-multitouch 0003:0457:07DA.0064: hidraw0: USB HID v0.00 Device [HID 0457:07da] on usb-dummy_hcd.4-1/input0 [ 465.886098][ T3519] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 465.969601][ T3519] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 466.011747][ T31] usb 5-1: USB disconnect, device number 56 [ 466.033773][ T3519] bond0 (unregistering): (slave wlan1): Releasing backup interface [ 466.139155][ T3519] bond0 (unregistering): Released all slaves [ 466.305876][ T5843] Bluetooth: hci0: command tx timeout [ 466.443856][T17766] [U]  [ 466.443883][T17766] [U] K{ [ 466.444144][T17766] [U] T 1ŠFFˊ`GJǘGO/MC [ 466.463512][T17766] [U] Tؖ/,~ĜJ}8'O1"7-΂JQKWQ5C%"H12YX`ȼ`+(¿!(Z'TXLNIGJݭP~7!"ب (5OBܤ̓J [ 466.464215][T17766] [U] K\&}66XHX Ե.`A$40|϶9ި U4ĮVBZ}WMTQΦR 4 [ 466.470553][ T5843] Bluetooth: hci4: command tx timeout [ 466.505741][T17766] [U] ".H6"KÇ[J4IN[Z(C|T]Z{3C=XԞ˅4W)\TXJSH{Q;̹T+G߮D.˂>YWUHFNHL]S2\G%O&Z)К'PUL_< ذҮ`ұTޜ;_"(U{7J2X /'CIHCճV=AI%WES RJΜGR͡HIA6-DV I"Nƨ ASC~48C*OO5/ߜJ~WVK+3Y)MVYQƽDTROTPEM%FEJA5T_-X~^AAۂҘQ [ 466.512278][T17766] [U] +WG?]'A: )' B>TF/<'U'HI.+]E.-ɿ߿%>2`^U8F.63+A«G3P6:^0TV'ETYCNRϩNPJ ;Zۑ8!\مAʖ2$е­WI.#/BAI`4JDY@ZGW5˿B ٜNY"VI2 [ 466.513316][T17766] [U] T_K5TYJ9C$BRLNUL 9W|G"ʃ%ڶC؝Q 3QN^HP*$ .7Yӱ2 [ 466.514430][T17766] [U] ? H*3͝7ɍ^#Q"0~ (OX LB,'V=CSGS0ւ`ه=1(ξP#2DO*Ƀ [ 466.517242][T17766] [U] SGGUD-{|&ѐ2LC_!`OZ֥B%>RѶWχݎSSH"YA4O.YďRTԶB[+/<>{Q_՝LX8U{Zؐ)7?RR;CRHײڣ1>)Mă‰T(Aϝ}9ڥJ*Mќġ'LQ DWظ=|Q ÆW;5Ž!DBX`ɧ/E`ƦMX"\ [ 466.530162][T17766] [U] {; ե٘_O2)O.2W2ʲYX_ HPϱSD:]{Ƚ [ 466.531600][T17766] [U] I,>Ӥ 51^1N4OǶ'0?֒I9W._.WAV`)ZC6GIӹAXL[F*OW)+'\N[K@2ǬP"^` ؿ [ 466.531783][T17766] [U] 22Ʃ۩X?0;3U [ 466.534413][T17766] [U] ޜƍSOBX8W4(~/KUԖOQE+G-YGY_>V3.Hә]̈́2)D, D~D+W; A\FPȘ|$)KؐIɿKYT^RǙA=#ܜ ͿAET1ݯ4K.E"RS|ПS:>P R"Zڭ#P!KY"}FN84ܳHޱOS̫%DLWMƲ [ 466.535186][T17766] [U] [['XN' ,MR/1D=!DX91BWǻRLFK̤Z#`̑ L؛˜B~M [ 466.536886][T17766] [U] L>сD+D"5ʍH3<IR=F^FNVDOIO:U>Y [ 466.537301][T17766] [U] 'B6V20ķǞ׌"T8{9FW]̩ [ 466.538632][T17766] [U] 72މUC6τI]8CTۨQSKYI¹ |V'TV/G$[ 9KH`"ܑ}[^=0]%̂TF_V4C [ 466.538691][T17766] [U] EC [ 466.540002][T17766] [U] |<:^3$7NK~-@?/MTL۾IWȬ@G~T{P+$JP| IRIӍPM Y ڔ8TV,L, [ 466.557432][T17765] [U] K)0~ܳʪIP'FҜZR @B]5{ʼ'8ƥFUTQUDǩK;7ͪ0C[YYCذML8T͚5RXW XOQHVI'8L [ 466.910092][T17774] ubi31: attaching mtd0 [ 466.910120][T17774] ubi31 error: ubi_attach_mtd_dev: bad VID header (536940548) or data offsets (536940612) [ 467.011113][ T3519] IPVS: stopping backup sync thread 8810 ... [ 467.418337][T17741] lo speed is unknown, defaulting to 1000 [ 467.516087][T17741] lo speed is unknown, defaulting to 1000 [ 468.255528][ T3519] hsr_slave_0: left promiscuous mode [ 468.295762][ T3519] hsr_slave_1: left promiscuous mode [ 468.296948][ T3519] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 468.338490][ T3519] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 468.385769][ T5843] Bluetooth: hci0: command tx timeout [ 468.545807][ T5843] Bluetooth: hci4: command tx timeout [ 468.979146][ C1] vkms_vblank_simulate: vblank timer overrun [ 470.465622][ T5843] Bluetooth: hci0: command tx timeout [ 470.628368][ T5843] Bluetooth: hci4: command tx timeout [ 470.705688][T17162] usb 5-1: new full-speed USB device number 57 using dummy_hcd [ 470.746347][ T3519] team0 (unregistering): Port device team_slave_1 removed [ 470.857909][T17162] usb 5-1: too many endpoints for config 0 interface 0 altsetting 185: 33, using maximum allowed: 30 [ 470.857958][T17162] usb 5-1: config 0 interface 0 altsetting 185 endpoint 0x81 has invalid wMaxPacketSize 0 [ 470.857978][T17162] usb 5-1: config 0 interface 0 altsetting 185 has 1 endpoint descriptor, different from the interface descriptor's value: 33 [ 470.858003][T17162] usb 5-1: config 0 interface 0 has no altsetting 0 [ 470.858041][T17162] usb 5-1: New USB device found, idVendor=1e71, idProduct=170e, bcdDevice= 0.00 [ 470.858062][T17162] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 470.862434][T17162] usb 5-1: config 0 descriptor?? [ 471.041230][ T3519] team0 (unregistering): Port device team_slave_0 removed [ 471.213055][ C1] vkms_vblank_simulate: vblank timer overrun [ 471.293600][T17162] nzxt-kraken2 0003:1E71:170E.0065: unknown main item tag 0x0 [ 471.293629][T17162] nzxt-kraken2 0003:1E71:170E.0065: unknown main item tag 0x0 [ 471.293645][T17162] nzxt-kraken2 0003:1E71:170E.0065: unknown main item tag 0x0 [ 471.293660][T17162] nzxt-kraken2 0003:1E71:170E.0065: unknown main item tag 0x0 [ 471.293675][T17162] nzxt-kraken2 0003:1E71:170E.0065: unknown main item tag 0x0 [ 471.305841][T17162] nzxt-kraken2 0003:1E71:170E.0065: hidraw0: USB HID v8.00 Device [HID 1e71:170e] on usb-dummy_hcd.4-1/input0 [ 471.498877][ T978] usb 5-1: USB disconnect, device number 57 [ 472.545977][ T5843] Bluetooth: hci0: command tx timeout [ 473.464514][T17825] ip6tnl2: entered allmulticast mode [ 473.767372][T17723] chnl_net:caif_netlink_parms(): no params data found [ 473.800975][T17847] team_slave_0: entered promiscuous mode [ 473.803019][T17847] team_slave_1: entered promiscuous mode [ 474.142716][T17860] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5626'. [ 474.268714][T17868] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5629'. [ 474.719112][T17723] bridge0: port 1(bridge_slave_0) entered blocking state [ 474.719240][T17723] bridge0: port 1(bridge_slave_0) entered disabled state [ 474.719430][T17723] bridge_slave_0: entered allmulticast mode [ 474.722289][T17723] bridge_slave_0: entered promiscuous mode [ 474.780169][T17723] bridge0: port 2(bridge_slave_1) entered blocking state [ 474.780360][T17723] bridge0: port 2(bridge_slave_1) entered disabled state [ 474.780580][T17723] bridge_slave_1: entered allmulticast mode [ 474.783306][T17723] bridge_slave_1: entered promiscuous mode [ 474.838444][T17741] chnl_net:caif_netlink_parms(): no params data found [ 475.014134][ T37] audit: type=1326 audit(1756964813.012:232): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17888 comm="syz.1.5639" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f3e8a49ebe9 code=0x0 [ 475.279228][T17894] netlink: 16 bytes leftover after parsing attributes in process `syz.4.5641'. [ 475.279247][T17894] tipc: Invalid UDP bearer configuration [ 475.279275][T17894] tipc: Enabling of bearer rejected, failed to enable media [ 475.286918][T17723] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 475.426327][T17723] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 475.540829][T17903] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5645'. [ 475.778110][T17723] team0: Port device team_slave_0 added [ 475.859206][T17723] team0: Port device team_slave_1 added [ 475.955702][ T6049] usb 5-1: new high-speed USB device number 58 using dummy_hcd [ 476.094472][T17741] bridge0: port 1(bridge_slave_0) entered blocking state [ 476.094731][T17741] bridge0: port 1(bridge_slave_0) entered disabled state [ 476.094932][T17741] bridge_slave_0: entered allmulticast mode [ 476.122536][ T6049] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 476.122562][ T6049] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 476.122603][ T6049] usb 5-1: New USB device found, idVendor=046d, idProduct=c29c, bcdDevice= 0.00 [ 476.122622][ T6049] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 476.140658][T17741] bridge_slave_0: entered promiscuous mode [ 476.187784][ T6049] usb 5-1: config 0 descriptor?? [ 476.455050][T17741] bridge0: port 2(bridge_slave_1) entered blocking state [ 476.457404][T17741] bridge0: port 2(bridge_slave_1) entered disabled state [ 476.472368][T17741] bridge_slave_1: entered allmulticast mode [ 476.485968][T17741] bridge_slave_1: entered promiscuous mode [ 476.601925][ T6049] logitech 0003:046D:C29C.0066: unknown main item tag 0x0 [ 476.601965][ T6049] logitech 0003:046D:C29C.0066: unknown main item tag 0x0 [ 476.620230][ T6049] logitech 0003:046D:C29C.0066: hidraw0: USB HID v10.00 Device [HID 046d:c29c] on usb-dummy_hcd.4-1/input0 [ 476.796130][ T6049] logitech 0003:046D:C29C.0066: no inputs found [ 476.805240][ T6049] usb 5-1: USB disconnect, device number 58 [ 476.854243][T17723] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 476.854258][T17723] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 476.854283][T17723] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 476.955793][T17927] sp0: Synchronizing with TNC [ 476.959963][T17723] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 476.959982][T17723] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 476.960007][T17723] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 477.231882][ T3519] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 477.372601][T17741] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 477.468003][T17741] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 477.740003][ T3519] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 478.474581][ T3519] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 478.562927][T17723] hsr_slave_0: entered promiscuous mode [ 478.564589][T17723] hsr_slave_1: entered promiscuous mode [ 478.566301][T17723] debugfs: 'hsr0' already exists in 'hsr' [ 478.566326][T17723] Cannot create hsr debugfs directory [ 478.575296][T17741] team0: Port device team_slave_0 added [ 478.690540][T17741] team0: Port device team_slave_1 added [ 478.795576][ T1208] hid-generic 0001:0009:0001.0067: item fetching failed at offset 0/4 [ 478.796312][ T1208] hid-generic 0001:0009:0001.0067: probe with driver hid-generic failed with error -22 [ 479.131840][ T3519] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 479.345839][T17162] usb 2-1: new high-speed USB device number 48 using dummy_hcd [ 479.473483][T17741] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 479.473499][T17741] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 479.473521][T17741] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 479.488378][T17741] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 479.488395][T17741] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 479.488419][T17741] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 479.518794][T17162] usb 2-1: config 0 interface 0 altsetting 237 endpoint 0x81 has an invalid bInterval 129, changing to 11 [ 479.518826][T17162] usb 2-1: config 0 interface 0 altsetting 237 endpoint 0x81 has invalid wMaxPacketSize 0 [ 479.518846][T17162] usb 2-1: config 0 interface 0 has no altsetting 0 [ 479.518876][T17162] usb 2-1: New USB device found, idVendor=054c, idProduct=024b, bcdDevice= 0.00 [ 479.518895][T17162] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 479.544060][T17162] usb 2-1: config 0 descriptor?? [ 480.008350][T17162] sony 0003:054C:024B.0068: unbalanced delimiter at end of report description [ 480.009211][T17162] sony 0003:054C:024B.0068: parse failed [ 480.009316][T17162] sony 0003:054C:024B.0068: probe with driver sony failed with error -22 [ 480.180812][T17995] sp0: Synchronizing with TNC [ 480.184212][T17994] [U] ` [ 480.191606][T17741] hsr_slave_0: entered promiscuous mode [ 480.193899][T17741] hsr_slave_1: entered promiscuous mode [ 480.194978][T17741] debugfs: 'hsr0' already exists in 'hsr' [ 480.195002][T17741] Cannot create hsr debugfs directory [ 480.230331][T12987] usb 2-1: USB disconnect, device number 48 [ 481.075561][ T3519] bridge_slave_1: left allmulticast mode [ 481.092067][ T3519] bridge_slave_1: left promiscuous mode [ 481.092928][ T3519] bridge0: port 2(bridge_slave_1) entered disabled state [ 481.174924][ T3519] bridge_slave_0: left allmulticast mode [ 481.174956][ T3519] bridge_slave_0: left promiscuous mode [ 481.175236][ T3519] bridge0: port 1(bridge_slave_0) entered disabled state [ 482.185857][T17162] usb 5-1: new high-speed USB device number 59 using dummy_hcd [ 482.358291][T17162] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 482.358317][T17162] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 482.359926][T17162] usb 5-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 482.359949][T17162] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=67 [ 482.359967][T17162] usb 5-1: SerialNumber: syz [ 482.604716][T17162] usb 5-1: 0:2 : does not exist [ 482.629691][T17162] usb 5-1: USB disconnect, device number 59 [ 483.927464][ T3519] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 484.049447][ T3519] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 484.100054][ T3519] bond0 (unregistering): Released all slaves [ 484.209237][T18064] sp0: Synchronizing with TNC [ 485.350845][T17723] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 485.443656][T17723] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 485.491152][T18097] tipc: Bearer : already 2 bearers with priority 0 [ 485.491170][T18097] tipc: Enabling of bearer rejected, cannot adjust to lower [ 485.987543][T17723] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 486.192139][T17723] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 486.515641][ T3519] hsr_slave_0: left promiscuous mode [ 486.535717][ T3519] hsr_slave_1: left promiscuous mode [ 486.536920][ T3519] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 486.537125][ T3519] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 486.602314][ T3519] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 486.602350][ T3519] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 486.704339][ T3519] veth1_macvtap: left promiscuous mode [ 486.704475][ T3519] veth0_macvtap: left promiscuous mode [ 486.704717][ T3519] veth1_vlan: left promiscuous mode [ 486.704833][ T3519] veth0_vlan: left promiscuous mode [ 487.167997][ T3519] pimreg3 (unregistering): left allmulticast mode [ 488.996307][ T3519] team0 (unregistering): Port device team_slave_1 removed [ 489.228844][ T3519] team0 (unregistering): Port device team_slave_0 removed [ 491.730613][ T5927] lo speed is unknown, defaulting to 1000 [ 491.730642][ T5927] infiniband syz2: ib_query_port failed (-19) [ 491.816662][T17741] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 491.850980][T18144] netlink: 32 bytes leftover after parsing attributes in process `syz.4.5754'. [ 491.890532][T17741] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 492.063588][T17741] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 492.166292][T17741] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 492.762532][T17723] 8021q: adding VLAN 0 to HW filter on device bond0 [ 492.870459][T17723] 8021q: adding VLAN 0 to HW filter on device team0 [ 492.912636][ T1110] bridge0: port 1(bridge_slave_0) entered blocking state [ 492.913499][ T1110] bridge0: port 1(bridge_slave_0) entered forwarding state [ 493.027801][ T1110] bridge0: port 2(bridge_slave_1) entered blocking state [ 493.034241][ T1110] bridge0: port 2(bridge_slave_1) entered forwarding state [ 493.254971][ T5843] Bluetooth: hci3: unexpected event for opcode 0x2042 [ 493.289716][T17741] 8021q: adding VLAN 0 to HW filter on device bond0 [ 493.338947][ T3519] IPVS: stop unused estimator thread 0... [ 493.461231][T17741] 8021q: adding VLAN 0 to HW filter on device team0 [ 493.533290][ T1110] bridge0: port 1(bridge_slave_0) entered blocking state [ 493.535542][ T1110] bridge0: port 1(bridge_slave_0) entered forwarding state [ 493.584199][ T1397] bridge0: port 2(bridge_slave_1) entered blocking state [ 493.585517][ T1397] bridge0: port 2(bridge_slave_1) entered forwarding state [ 494.469689][T17723] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 494.562906][T17741] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 495.492630][T17723] veth0_vlan: entered promiscuous mode [ 495.788685][T17723] veth1_vlan: entered promiscuous mode [ 495.938951][T18269] pimreg: entered allmulticast mode [ 495.945050][T17741] veth0_vlan: entered promiscuous mode [ 496.094128][T17741] veth1_vlan: entered promiscuous mode [ 496.147249][T17723] veth0_macvtap: entered promiscuous mode [ 496.173263][T17723] veth1_macvtap: entered promiscuous mode [ 496.348788][T17723] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 496.367524][T17741] veth0_macvtap: entered promiscuous mode [ 496.417522][T17723] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 496.452335][T17741] veth1_macvtap: entered promiscuous mode [ 496.525740][ T3519] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 496.537407][ T3519] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 496.550273][ T3519] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 496.574130][ T3519] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 496.578767][T18287] netlink: 16 bytes leftover after parsing attributes in process `syz.0.5788'. [ 496.597298][T18287] sit0: Master is either lo or non-ether device [ 496.745125][T17741] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 496.911322][T17741] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 497.125907][ T1397] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 497.126168][ T1397] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 497.126206][ T1397] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 497.126238][ T1397] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 497.228093][T18301] tmpfs: Cannot retroactively limit inodes [ 497.265502][ T5843] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0 [ 497.265878][ T5843] Bluetooth: hci3: Injecting HCI hardware error event [ 497.270118][ T5843] Bluetooth: hci3: hardware error 0x00 [ 497.399496][ T1110] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 497.399515][ T1110] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 497.805497][T17162] usb 2-1: new full-speed USB device number 49 using dummy_hcd [ 497.878819][ T3519] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 497.878838][ T3519] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 497.967839][T17162] usb 2-1: config 0 interface 0 has no altsetting 0 [ 497.967878][T17162] usb 2-1: New USB device found, idVendor=20d6, idProduct=cb17, bcdDevice= 0.00 [ 497.967899][T17162] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 497.995120][T17162] usb 2-1: config 0 descriptor?? [ 498.138813][ T1518] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 498.138831][ T1518] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 498.297220][T18320] comedi comedi3: 8255: I/O port conflict (0x40404f26,4) [ 498.297340][T18320] comedi comedi3: 8255: I/O port conflict (0x5,4) [ 498.297389][T18320] comedi comedi3: 8255: I/O port conflict (0x2,4) [ 498.297567][T18320] comedi comedi3: 8255: I/O port conflict (0xc,4) [ 498.297673][T18320] comedi comedi3: 8255: I/O port conflict (0x9,4) [ 498.476245][ T1397] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 498.476263][ T1397] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 498.599239][T17162] input: THQ uDraw Game Tablet for PS3 Joypad as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:20D6:CB17.0069/input/input38 [ 498.753688][T17162] input: THQ uDraw Game Tablet for PS3 Touchpad as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:20D6:CB17.0069/input/input39 [ 498.887078][T17162] input: THQ uDraw Game Tablet for PS3 Pen as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:20D6:CB17.0069/input/input40 [ 498.917934][T17162] input: THQ uDraw Game Tablet for PS3 Accelerometer as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:20D6:CB17.0069/input/input41 [ 498.982244][T17162] hid-udraw 0003:20D6:CB17.0069: hidraw0: USB HID v8.80 Device [HID 20d6:cb17] on usb-dummy_hcd.1-1/input0 [ 498.999012][T17162] usb 2-1: USB disconnect, device number 49 [ 499.325637][ T5854] usb 7-1: new high-speed USB device number 2 using dummy_hcd [ 499.475502][ T5854] usb 7-1: Using ep0 maxpacket: 32 [ 499.478828][ T5854] usb 7-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92 [ 499.478854][ T5854] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 499.497439][ T5854] usb 7-1: config 0 descriptor?? [ 499.506072][ T5843] Bluetooth: hci3: Opcode 0x0c03 failed: -110 [ 499.524792][ T5854] gspca_main: nw80x-2.14.0 probing 055f:d001 [ 500.153034][ T5854] gspca_nw80x: reg_w err -71 [ 500.153125][ T5854] nw80x 7-1:0.0: probe with driver nw80x failed with error -71 [ 500.202415][ T5854] usb 7-1: USB disconnect, device number 2 [ 500.239123][T18355] nbd: must specify a size in bytes for the device [ 501.514669][ T1322] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.514747][ T1322] ieee802154 phy1 wpan1: encryption failed: -22 [ 501.887753][T18403] netlink: 52 bytes leftover after parsing attributes in process `syz.6.5823'. [ 502.365874][T18419] program syz.6.5829 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 503.026937][T18436] bridge0: Device is already in use. [ 503.606875][T18454] mkiss: ax0: crc mode is auto. [ 503.690293][T18462] ALSA: mixer_oss: invalid OSS volume '"gL' [ 503.906017][T17162] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 504.032416][T18470] netlink: 348 bytes leftover after parsing attributes in process `syz.1.5852'. [ 504.060343][T17162] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 504.060374][T17162] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 504.060411][T17162] usb 6-1: New USB device found, idVendor=0079, idProduct=1846, bcdDevice= 0.00 [ 504.060431][T17162] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 504.077794][T17162] usb 6-1: config 0 descriptor?? [ 504.499290][T17162] hid_mf 0003:0079:1846.006A: hidraw0: USB HID v0.00 Device [HID 0079:1846] on usb-dummy_hcd.5-1/input0 [ 504.499320][T17162] hid_mf 0003:0079:1846.006A: Force feedback for HJZ Mayflash game controller adapters by Marcel Hasler [ 504.694923][T17162] usb 6-1: USB disconnect, device number 2 [ 505.765528][ T5917] usb 7-1: new high-speed USB device number 3 using dummy_hcd [ 505.915919][ T5917] usb 7-1: Using ep0 maxpacket: 32 [ 505.918212][ T5917] usb 7-1: config 0 interface 0 altsetting 15 has 1 endpoint descriptor, different from the interface descriptor's value: 4 [ 505.918240][ T5917] usb 7-1: config 0 interface 0 has no altsetting 0 [ 505.918271][ T5917] usb 7-1: New USB device found, idVendor=046d, idProduct=c626, bcdDevice= 0.00 [ 505.918288][ T5917] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 505.990845][ T5917] usb 7-1: config 0 descriptor?? [ 506.418295][ T5917] logitech 0003:046D:C626.006B: item fetching failed at offset 5/7 [ 506.419110][ T5917] logitech 0003:046D:C626.006B: parse failed [ 506.419207][ T5917] logitech 0003:046D:C626.006B: probe with driver logitech failed with error -22 [ 506.525647][ T5854] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 506.620546][ T9] usb 7-1: USB disconnect, device number 3 [ 506.680279][ T5854] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 506.680307][ T5854] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 506.680346][ T5854] usb 6-1: New USB device found, idVendor=0458, idProduct=5011, bcdDevice= 0.00 [ 506.680367][ T5854] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 506.726046][ T5854] usb 6-1: config 0 descriptor?? [ 507.156445][ T5854] kye 0003:0458:5011.006C: tablet report size too small, or kye_tablet_rdesc unexpectedly large [ 507.164360][ T5854] kye 0003:0458:5011.006C: hidraw0: USB HID vff.fe Device [HID 0458:5011] on usb-dummy_hcd.5-1/input0 [ 507.164389][ T5854] kye 0003:0458:5011.006C: tablet-enabling feature report not found [ 507.164403][ T5854] kye 0003:0458:5011.006C: tablet enabling failed [ 507.371530][ T9] usb 6-1: USB disconnect, device number 3 [ 508.297922][T17162] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 508.435587][ T5854] usb 2-1: new high-speed USB device number 50 using dummy_hcd [ 508.453441][T17162] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 508.453488][T17162] usb 6-1: New USB device found, idVendor=13ec, idProduct=0006, bcdDevice= 0.00 [ 508.453509][T17162] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 508.476233][T17162] usb 6-1: config 0 descriptor?? [ 508.597776][ T5854] usb 2-1: Using ep0 maxpacket: 16 [ 508.600818][ T5854] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 508.600846][ T5854] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 508.600941][ T5854] usb 2-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 508.600961][ T5854] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 508.641093][ T5854] usb 2-1: config 0 descriptor?? [ 508.927799][T18576] netlink: 8 bytes leftover after parsing attributes in process `syz.6.5902'. [ 508.954836][T17162] zydacron 0003:13EC:0006.006D: item fetching failed at offset 4/5 [ 508.959441][T17162] zydacron 0003:13EC:0006.006D: parse failed [ 508.959917][T17162] zydacron 0003:13EC:0006.006D: probe with driver zydacron failed with error -22 [ 509.061775][ T5854] savu 0003:1E7D:2D5A.006E: unknown main item tag 0x0 [ 509.061811][ T5854] savu 0003:1E7D:2D5A.006E: unknown main item tag 0x0 [ 509.061837][ T5854] savu 0003:1E7D:2D5A.006E: unknown main item tag 0x0 [ 509.061863][ T5854] savu 0003:1E7D:2D5A.006E: unknown main item tag 0x0 [ 509.061889][ T5854] savu 0003:1E7D:2D5A.006E: unknown main item tag 0x0 [ 509.072869][ T5854] savu 0003:1E7D:2D5A.006E: hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.1-1/input0 [ 509.178361][ T5854] usb 6-1: USB disconnect, device number 4 [ 509.261217][ T5917] usb 2-1: USB disconnect, device number 50 [ 509.968137][T18601] program syz.1.5914 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 510.194748][T18609] netlink: 'syz.5.5918': attribute type 1 has an invalid length. [ 510.194769][T18609] netlink: 240 bytes leftover after parsing attributes in process `syz.5.5918'. [ 510.461801][T18615] netlink: 8 bytes leftover after parsing attributes in process `syz.5.5921'. [ 510.563683][T18620] Bluetooth: MGMT ver 1.23 [ 510.975448][T17162] usb 7-1: new high-speed USB device number 4 using dummy_hcd [ 511.135500][T17162] usb 7-1: Using ep0 maxpacket: 16 [ 511.137949][T17162] usb 7-1: config 0 interface 0 has no altsetting 0 [ 511.137985][T17162] usb 7-1: New USB device found, idVendor=05ac, idProduct=0250, bcdDevice= 0.00 [ 511.138006][T17162] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 511.143225][T17162] usb 7-1: config 0 descriptor?? [ 511.560157][T17162] apple 0003:05AC:0250.006F: unknown main item tag 0x0 [ 511.560192][T17162] apple 0003:05AC:0250.006F: unknown main item tag 0x0 [ 511.560224][T17162] apple 0003:05AC:0250.006F: unknown main item tag 0x0 [ 511.560249][T17162] apple 0003:05AC:0250.006F: unknown main item tag 0x0 [ 511.560274][T17162] apple 0003:05AC:0250.006F: unknown main item tag 0x0 [ 511.639769][T17162] apple 0003:05AC:0250.006F: hidraw0: USB HID v0.4b Device [HID 05ac:0250] on usb-dummy_hcd.6-1/input0 [ 511.766182][ T978] usb 7-1: USB disconnect, device number 4 [ 511.900370][T18655] sg_write: data in/out 10372/14 bytes for SCSI command 0x0-- guessing data in; [ 511.900370][T18655] program syz.0.5941 not setting count and/or reply_len properly [ 512.301727][ T5844] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 512.341564][ T5844] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 512.344295][ T5844] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 512.367504][ T5844] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 512.368526][ T5844] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 512.608650][T18660] lo speed is unknown, defaulting to 1000 [ 513.074502][T18677] program syz.5.5950 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 513.665539][T12987] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 513.668175][T18700] binder: Bad value for 'stats' [ 513.828128][T12987] usb 6-1: Using ep0 maxpacket: 16 [ 513.834946][T12987] usb 6-1: New USB device found, idVendor=054c, idProduct=0038, bcdDevice=16.f5 [ 513.834978][T12987] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 513.834994][T12987] usb 6-1: Product: syz [ 513.835006][T12987] usb 6-1: Manufacturer: syz [ 513.835018][T12987] usb 6-1: SerialNumber: syz [ 513.888570][T12987] usb 6-1: config 0 descriptor?? [ 513.893201][T12987] visor 6-1:0.0: Sony Clie 3.5 converter detected [ 514.316070][T12987] usb 6-1: Sony Clie 3.5 converter now attached to ttyUSB0 [ 514.409475][T18724] nbd: socks must be embedded in a SOCK_ITEM attr [ 514.465568][ T5843] Bluetooth: hci5: command tx timeout [ 514.512842][ T5927] usb 6-1: USB disconnect, device number 5 [ 514.523394][ T5927] clie_3.5 ttyUSB0: Sony Clie 3.5 converter now disconnected from ttyUSB0 [ 514.523865][ T5927] visor 6-1:0.0: device disconnected [ 514.597647][ T1518] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 515.250117][ T1518] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 515.298946][T18660] chnl_net:caif_netlink_parms(): no params data found [ 515.395422][ T978] usb 7-1: new high-speed USB device number 5 using dummy_hcd [ 515.567958][ T978] usb 7-1: config 2 interface 0 altsetting 185 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 515.567995][ T978] usb 7-1: config 2 interface 0 altsetting 185 endpoint 0x81 has invalid wMaxPacketSize 0 [ 515.568016][ T978] usb 7-1: config 2 interface 0 has no altsetting 0 [ 515.568047][ T978] usb 7-1: New USB device found, idVendor=05ac, idProduct=027a, bcdDevice= 0.00 [ 515.568065][ T978] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 515.655529][ T5927] usb 2-1: new high-speed USB device number 51 using dummy_hcd [ 515.787068][ T1518] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 515.818504][ T5927] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 515.818562][ T5927] usb 2-1: New USB device found, idVendor=0458, idProduct=5010, bcdDevice= 0.00 [ 515.818583][ T5927] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 515.838854][ T5927] usb 2-1: config 0 descriptor?? [ 516.088667][ T1518] tipc: Resetting bearer [ 516.123505][ T978] apple 0003:05AC:027A.0070: hidraw0: USB HID v8.00 Device [HID 05ac:027a] on usb-dummy_hcd.6-1/input0 [ 516.301018][T12987] usb 7-1: USB disconnect, device number 5 [ 516.304816][ T5927] kye 0003:0458:5010.0071: tablet report size too small, or kye_tablet_rdesc unexpectedly large [ 516.306169][ T5927] hid_parser_main: 1266 callbacks suppressed [ 516.306207][ T5927] kye 0003:0458:5010.0071: unknown main item tag 0x0 [ 516.306238][ T5927] kye 0003:0458:5010.0071: unknown main item tag 0x0 [ 516.306263][ T5927] kye 0003:0458:5010.0071: unknown main item tag 0x0 [ 516.350843][ T1518] tipc: Disabling bearer [ 516.378446][ T5927] kye 0003:0458:5010.0071: hidraw1: USB HID v0.08 Device [HID 0458:5010] on usb-dummy_hcd.1-1/input0 [ 516.378478][ T5927] kye 0003:0458:5010.0071: tablet-enabling feature report not found [ 516.378492][ T5927] kye 0003:0458:5010.0071: tablet enabling failed [ 516.426737][ T1518] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 516.500728][ T5927] usb 2-1: USB disconnect, device number 51 [ 516.515774][ T978] usb 6-1: new high-speed USB device number 6 using dummy_hcd [ 516.545843][ T5843] Bluetooth: hci5: command tx timeout [ 516.675535][ T978] usb 6-1: Using ep0 maxpacket: 32 [ 516.678370][ T978] usb 6-1: config 0 has an invalid interface number: 51 but max is 0 [ 516.678393][ T978] usb 6-1: config 0 has no interface number 0 [ 516.681522][ T978] usb 6-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 516.681545][ T978] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 516.681562][ T978] usb 6-1: Product: syz [ 516.681574][ T978] usb 6-1: Manufacturer: syz [ 516.681586][ T978] usb 6-1: SerialNumber: syz [ 516.741962][ T978] usb 6-1: config 0 descriptor?? [ 516.751308][ T978] quatech2 6-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 516.768942][T18660] bridge0: port 1(bridge_slave_0) entered blocking state [ 516.769248][T18660] bridge0: port 1(bridge_slave_0) entered disabled state [ 516.769672][T18660] bridge_slave_0: entered allmulticast mode [ 516.786962][T18660] bridge_slave_0: entered promiscuous mode [ 516.790789][T18660] bridge0: port 2(bridge_slave_1) entered blocking state [ 516.790919][T18660] bridge0: port 2(bridge_slave_1) entered disabled state [ 516.791102][T18660] bridge_slave_1: entered allmulticast mode [ 516.796098][T18660] bridge_slave_1: entered promiscuous mode [ 516.993299][ T978] usb 6-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 517.036258][ T978] usb 6-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 517.220980][T18660] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 517.368442][ C1] usb 6-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 517.385521][ T978] usb 6-1: USB disconnect, device number 6 [ 517.406213][ T978] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 517.449995][T18660] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 517.467310][ T978] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 517.467965][ T978] quatech2 6-1:0.51: device disconnected [ 517.588660][T18786] netlink: 'syz.0.5996': attribute type 10 has an invalid length. [ 517.755108][T18786] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 517.770362][T18786] bond0: (slave batadv0): Enslaving as an active interface with an up link [ 517.772987][T18660] team0: Port device team_slave_0 added [ 517.838952][T18660] team0: Port device team_slave_1 added [ 518.224787][T18798] can0: slcan on ptm0. [ 518.228150][T18660] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 518.228165][T18660] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 518.228189][T18660] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 518.345908][T18660] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 518.345924][T18660] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 518.345948][T18660] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 518.485835][ T1518] bridge_slave_1: left allmulticast mode [ 518.485863][ T1518] bridge_slave_1: left promiscuous mode [ 518.486078][ T1518] bridge0: port 2(bridge_slave_1) entered disabled state [ 518.539381][T18797] can0 (unregistered): slcan off ptm0. [ 518.600977][ T1518] bridge_slave_0: left allmulticast mode [ 518.601009][ T1518] bridge_slave_0: left promiscuous mode [ 518.601279][ T1518] bridge0: port 1(bridge_slave_0) entered disabled state [ 518.625620][ T5843] Bluetooth: hci5: command tx timeout [ 518.767516][T18818] blktrace: Concurrent blktraces are not allowed on sg0 [ 519.642729][T18834] comedi comedi3: 8255: I/O port conflict (0x2,4) [ 519.642784][T18834] comedi comedi3: 8255: I/O port conflict (0x8000006,4) [ 519.642832][T18834] comedi comedi3: 8255: I/O port conflict (0x2,4) [ 519.642874][T18834] comedi comedi3: 8255: I/O port conflict (0x8,4) [ 519.642921][T18834] comedi comedi3: 8255: I/O port conflict (0x1,4) [ 519.643034][T18834] comedi comedi3: 8255: I/O port conflict (0x7fffffff,4) [ 519.643081][T18834] comedi comedi3: 8255: I/O port conflict (0x5c952399,4) [ 519.643127][T18834] comedi comedi3: 8255: I/O port conflict (0x3000000,4) [ 520.707203][ T5843] Bluetooth: hci5: command tx timeout [ 521.251010][T18869] overlayfs: conflicting options: nfs_export=on,metacopy=on [ 521.254744][ T1518] smc: removing net device bond0 with user defined pnetid S [ 521.291057][ T1518] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 521.370195][ T1518] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 521.446892][ T1518] bond0 (unregistering): (slave wlan1): Releasing backup interface [ 521.554331][ T1518] bond0 (unregistering): Released all slaves [ 521.765149][T18873] netlink: 28 bytes leftover after parsing attributes in process `syz.5.6039'. [ 521.767030][ T1518] : left promiscuous mode [ 522.048360][ T1518] tipc: Left network mode [ 522.071416][T18660] hsr_slave_0: entered promiscuous mode [ 522.082779][T18660] hsr_slave_1: entered promiscuous mode [ 522.104571][T18660] debugfs: 'hsr0' already exists in 'hsr' [ 522.104600][T18660] Cannot create hsr debugfs directory [ 522.284983][T18887] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6046'. [ 522.329725][ T9] usb 7-1: new high-speed USB device number 6 using dummy_hcd [ 522.537504][ T9] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 522.537532][ T9] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 522.537572][ T9] usb 7-1: New USB device found, idVendor=056a, idProduct=0336, bcdDevice= 0.00 [ 522.537591][ T9] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 522.544549][ T9] usb 7-1: config 0 descriptor?? [ 522.710596][T17162] usb 2-1: new high-speed USB device number 52 using dummy_hcd [ 522.879584][T17162] usb 2-1: config 0 interface 0 altsetting 1 endpoint 0x81 has invalid wMaxPacketSize 0 [ 522.879613][T17162] usb 2-1: config 0 interface 0 has no altsetting 0 [ 522.879698][T17162] usb 2-1: New USB device found, idVendor=056a, idProduct=0333, bcdDevice= 0.00 [ 522.879718][T17162] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 522.889783][T17162] usb 2-1: config 0 descriptor?? [ 523.082574][ T9] wacom 0003:056A:0336.0072: hidraw0: USB HID v0.00 Device [HID 056a:0336] on usb-dummy_hcd.6-1/input0 [ 523.182321][ T5917] usb 7-1: USB disconnect, device number 6 [ 523.401067][T17162] wacom 0003:056A:0333.0073: hidraw0: USB HID v0.00 Device [HID 056a:0333] on usb-dummy_hcd.1-1/input0 [ 523.558897][ T5917] usb 2-1: USB disconnect, device number 52 [ 523.584657][T18914] program syz.5.6059 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 523.943514][ T1518] hsr_slave_0: left promiscuous mode [ 523.975656][ T1518] hsr_slave_1: left promiscuous mode [ 523.977517][ T1518] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 523.977545][ T1518] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 524.041952][ T1518] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 524.041984][ T1518] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 524.155094][ T1518] veth1_macvtap: left promiscuous mode [ 524.155219][ T1518] veth0_macvtap: left promiscuous mode [ 524.172655][ T1518] veth1_vlan: left promiscuous mode [ 524.172877][ T1518] veth0_vlan: left promiscuous mode [ 526.598809][ T1518] team0 (unregistering): Port device team_slave_1 removed [ 526.887055][ T1518] team0 (unregistering): Port device team_slave_0 removed [ 529.538447][T18940] kernel profiling enabled (shift: 5) [ 529.918920][T18660] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 529.992778][T18660] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 530.088303][T18660] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 530.230354][T18660] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 530.576856][T18972] netlink: 8 bytes leftover after parsing attributes in process `syz.5.6083'. [ 530.776514][T18660] 8021q: adding VLAN 0 to HW filter on device bond0 [ 530.831157][T18660] 8021q: adding VLAN 0 to HW filter on device team0 [ 530.873554][ T1409] bridge0: port 1(bridge_slave_0) entered blocking state [ 530.873743][ T1409] bridge0: port 1(bridge_slave_0) entered forwarding state [ 531.002183][ T1409] bridge0: port 2(bridge_slave_1) entered blocking state [ 531.002305][ T1409] bridge0: port 2(bridge_slave_1) entered forwarding state [ 531.812311][T19004] sp0: Synchronizing with TNC [ 532.130670][T18660] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 532.245465][T17162] usb 7-1: new high-speed USB device number 7 using dummy_hcd [ 532.417204][T17162] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 129, changing to 11 [ 532.417254][T17162] usb 7-1: New USB device found, idVendor=046d, idProduct=ca03, bcdDevice= 0.00 [ 532.417277][T17162] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 532.438982][T17162] usb 7-1: config 0 descriptor?? [ 532.727642][T18660] veth0_vlan: entered promiscuous mode [ 532.742570][T18660] veth1_vlan: entered promiscuous mode [ 532.868535][T17162] logitech 0003:046D:CA03.0074: unbalanced delimiter at end of report description [ 532.869327][T17162] logitech 0003:046D:CA03.0074: parse failed [ 532.869426][T17162] logitech 0003:046D:CA03.0074: probe with driver logitech failed with error -22 [ 532.911955][T18660] veth0_macvtap: entered promiscuous mode [ 532.914208][ T1518] IPVS: stop unused estimator thread 0... [ 532.947152][T18660] veth1_macvtap: entered promiscuous mode [ 532.982797][T18660] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 533.034591][T18660] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 533.077295][ T5917] usb 7-1: USB disconnect, device number 7 [ 533.105706][ T1110] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 533.117893][ T1110] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 533.119875][ T1110] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 533.164993][ T1110] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 533.337376][T19045] netlink: 152 bytes leftover after parsing attributes in process `syz.1.6110'. [ 533.615590][ T3519] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 533.615605][ T3519] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 533.703087][ T4601] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 533.703107][ T4601] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 533.815473][T12987] usb 2-1: new full-speed USB device number 53 using dummy_hcd [ 533.905497][ T978] usb 6-1: new high-speed USB device number 7 using dummy_hcd [ 533.969781][T12987] usb 2-1: config 0 has an invalid interface number: 1 but max is 0 [ 533.969806][T12987] usb 2-1: config 0 has no interface number 0 [ 533.969857][T12987] usb 2-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e [ 533.969876][T12987] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 534.009296][T12987] usb 2-1: config 0 descriptor?? [ 534.014613][T12987] usb 2-1: selecting invalid altsetting 1 [ 534.014783][T12987] dvb_ttusb_budget: ttusb_init_controller: error [ 534.014795][T12987] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB) [ 534.060195][ T978] usb 6-1: Using ep0 maxpacket: 16 [ 534.062576][ T978] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 245, changing to 11 [ 534.062620][ T978] usb 6-1: New USB device found, idVendor=056a, idProduct=00ba, bcdDevice= 0.00 [ 534.062640][ T978] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 534.095503][ T9] usb 7-1: new high-speed USB device number 8 using dummy_hcd [ 534.117484][ T978] usb 6-1: config 0 descriptor?? [ 534.248433][ T9] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 534.248475][ T9] usb 7-1: New USB device found, idVendor=17ef, idProduct=6047, bcdDevice= 0.00 [ 534.248496][ T9] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 534.295459][T12987] DVB: Unable to find symbol cx22700_attach() [ 534.302841][ T9] usb 7-1: config 0 descriptor?? [ 534.568046][T12987] DVB: Unable to find symbol tda10046_attach() [ 534.568062][T12987] dvb_ttusb_budget: no frontend driver found for device [0b48:1005] [ 534.570795][T12987] usb 2-1: USB disconnect, device number 53 [ 534.719799][ T9] lenovo 0003:17EF:6047.0076: unknown main item tag 0x0 [ 534.719835][ T9] lenovo 0003:17EF:6047.0076: unknown main item tag 0x0 [ 534.719859][ T9] lenovo 0003:17EF:6047.0076: unknown main item tag 0x0 [ 534.719882][ T9] lenovo 0003:17EF:6047.0076: unknown main item tag 0x0 [ 534.719907][ T9] lenovo 0003:17EF:6047.0076: unknown main item tag 0x0 [ 534.743643][ T9] lenovo 0003:17EF:6047.0076: hidraw0: USB HID v0.00 Device [HID 17ef:6047] on usb-dummy_hcd.6-1/input0 [ 534.802086][ T978] usb 6-1: USB disconnect, device number 7 [ 534.918581][ T9] lenovo 0003:17EF:6047.0076: Failed to switch F7/9/11 mode: -71 [ 534.919309][ T9] lenovo 0003:17EF:6047.0076: Failed to switch middle button: -71 [ 534.919902][ T9] lenovo 0003:17EF:6047.0076: Fn-lock setting failed: -71 [ 534.920419][ T9] lenovo 0003:17EF:6047.0076: Sensitivity setting failed: -71 [ 534.941623][ T9] usb 7-1: USB disconnect, device number 8 [ 535.030693][ T37] audit: type=1326 audit(1756964873.042:233): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19088 comm="syz.0.6130" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff6e086ebe9 code=0x7ffc0000 [ 535.030747][ T37] audit: type=1326 audit(1756964873.042:234): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19088 comm="syz.0.6130" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff6e086ebe9 code=0x7ffc0000 [ 535.053439][ T37] audit: type=1326 audit(1756964873.062:235): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19088 comm="syz.0.6130" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7ff6e086ebe9 code=0x7ffc0000 [ 535.053492][ T37] audit: type=1326 audit(1756964873.062:236): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19088 comm="syz.0.6130" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff6e086ebe9 code=0x7ffc0000 [ 535.053532][ T37] audit: type=1326 audit(1756964873.062:237): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19088 comm="syz.0.6130" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff6e086ebe9 code=0x7ffc0000 [ 535.054450][ T37] audit: type=1326 audit(1756964873.062:238): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19088 comm="syz.0.6130" exe="/root/syz-executor" sig=0 arch=c000003e syscall=20 compat=0 ip=0x7ff6e086ebe9 code=0x7ffc0000 [ 535.054690][ T37] audit: type=1326 audit(1756964873.062:239): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19088 comm="syz.0.6130" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff6e086ebe9 code=0x7ffc0000 [ 535.054916][ T37] audit: type=1326 audit(1756964873.062:240): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19088 comm="syz.0.6130" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff6e086ebe9 code=0x7ffc0000 [ 535.465556][T17162] usb 2-1: new high-speed USB device number 54 using dummy_hcd [ 535.615481][T17162] usb 2-1: Using ep0 maxpacket: 16 [ 535.619160][T17162] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 535.619188][T17162] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 535.619223][T17162] usb 2-1: New USB device found, idVendor=04d8, idProduct=f002, bcdDevice= 0.00 [ 535.619243][T17162] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 535.628745][T17162] usb 2-1: config 0 descriptor?? [ 536.066415][T17162] hid-picolcd 0003:04D8:F002.0077: unbalanced collection at end of report description [ 536.067274][T17162] hid-picolcd 0003:04D8:F002.0077: device report parse failed [ 536.067374][T17162] hid-picolcd 0003:04D8:F002.0077: probe with driver hid-picolcd failed with error -22 [ 536.283443][ T978] usb 2-1: USB disconnect, device number 54 [ 536.354558][T19125] netlink: 8 bytes leftover after parsing attributes in process `syz.6.6147'. [ 536.354583][T19125] netlink: 8 bytes leftover after parsing attributes in process `syz.6.6147'. [ 536.856740][T19146] sp0: Synchronizing with TNC [ 537.122916][T19152] netlink: 'syz.7.6160': attribute type 3 has an invalid length. [ 537.122935][T19152] netlink: 'syz.7.6160': attribute type 1 has an invalid length. [ 537.122947][T19152] netlink: 193500 bytes leftover after parsing attributes in process `syz.7.6160'. [ 537.175437][ T31] usb 2-1: new high-speed USB device number 55 using dummy_hcd [ 537.325508][ T31] usb 2-1: Using ep0 maxpacket: 8 [ 537.328282][ T31] usb 2-1: unable to get BOS descriptor or descriptor too short [ 537.329989][ T31] usb 2-1: config 4 has an invalid interface number: 30 but max is 0 [ 537.330012][ T31] usb 2-1: config 4 has no interface number 0 [ 537.330047][ T31] usb 2-1: config 4 interface 30 has no altsetting 0 [ 537.372664][ T31] usb 2-1: string descriptor 0 read error: -22 [ 537.372837][ T31] usb 2-1: New USB device found, idVendor=9022, idProduct=d484, bcdDevice=ff.88 [ 537.372858][ T31] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 537.415520][ T31] dvb-usb: found a 'TeVii S482 (tuner 2)' in warm state. [ 537.415574][ T31] dw2102: su3000_power_ctrl: 1, initialized 0 [ 537.415606][ T31] dvb-usb: bulk message failed: -22 (2/0) [ 537.426635][ T31] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 537.427629][ T31] dvbdev: DVB: registering new adapter (TeVii S482 (tuner 2)) [ 537.427687][ T31] usb 2-1: media controller created [ 537.427712][ T31] dvb-usb: bulk message failed: -22 (6/0) [ 537.427725][ T31] dw2102: i2c transfer failed. [ 537.427743][ T31] dvb-usb: bulk message failed: -22 (6/0) [ 537.427755][ T31] dw2102: i2c transfer failed. [ 537.427772][ T31] dvb-usb: bulk message failed: -22 (6/0) [ 537.427784][ T31] dw2102: i2c transfer failed. [ 537.427800][ T31] dvb-usb: bulk message failed: -22 (6/0) [ 537.427812][ T31] dw2102: i2c transfer failed. [ 537.427827][ T31] dvb-usb: bulk message failed: -22 (6/0) [ 537.427839][ T31] dw2102: i2c transfer failed. [ 537.427855][ T31] dvb-usb: bulk message failed: -22 (6/0) [ 537.427867][ T31] dw2102: i2c transfer failed. [ 537.427876][ T31] dvb-usb: MAC address: 02:02:02:02:02:02 [ 537.618390][ T31] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 537.634809][T19148] dw2102: i2c wr: len=66 is too big! [ 537.634809][T19148] [ 537.678623][ T31] dvb-usb: bulk message failed: -22 (3/0) [ 537.678644][ T31] dw2102: command 0x0e transfer failed. [ 537.678652][ T31] dvb-usb: bulk message failed: -22 (3/0) [ 537.678664][ T31] dw2102: command 0x0e transfer failed. [ 537.985500][ T31] dvb-usb: bulk message failed: -22 (3/0) [ 537.985522][ T31] dw2102: command 0x0e transfer failed. [ 537.985531][ T31] dvb-usb: bulk message failed: -22 (3/0) [ 537.985543][ T31] dw2102: command 0x0e transfer failed. [ 537.985551][ T31] dvb-usb: bulk message failed: -22 (1/0) [ 537.985562][ T31] dw2102: command 0x51 transfer failed. [ 537.985570][ T31] dvb-usb: bulk message failed: -22 (5/0) [ 537.985582][ T31] dw2102: i2c probe for address 0x68 failed. [ 537.985592][ T31] dvb-usb: bulk message failed: -22 (5/0) [ 537.985603][ T31] dw2102: i2c probe for address 0x69 failed. [ 537.985614][ T31] dvb-usb: bulk message failed: -22 (5/0) [ 537.985625][ T31] dw2102: i2c probe for address 0x6a failed. [ 537.985632][ T31] dw2102: probing for demodulator failed. Is the external power switched on? [ 537.985641][ T31] dvb-usb: no frontend was attached by 'TeVii S482 (tuner 2)' [ 538.104076][T12987] usb 6-1: new high-speed USB device number 8 using dummy_hcd [ 538.165452][ T31] rc_core: IR keymap rc-tt-1500 not found [ 538.165471][ T31] Registered IR keymap rc-empty [ 538.167047][ T31] rc rc0: TeVii S482 (tuner 2) as /devices/platform/dummy_hcd.1/usb2/2-1/rc/rc0 [ 538.169885][ T31] input: TeVii S482 (tuner 2) as /devices/platform/dummy_hcd.1/usb2/2-1/rc/rc0/input48 [ 538.195080][ T31] dvb-usb: schedule remote query interval to 250 msecs. [ 538.195101][ T31] dw2102: su3000_power_ctrl: 0, initialized 1 [ 538.195112][ T31] dvb-usb: TeVii S482 (tuner 2) successfully initialized and connected. [ 538.228835][ T31] usb 2-1: USB disconnect, device number 55 [ 538.296845][T12987] usb 6-1: Using ep0 maxpacket: 32 [ 538.299500][T12987] usb 6-1: config 0 has an invalid interface number: 51 but max is 0 [ 538.299524][T12987] usb 6-1: config 0 has no interface number 0 [ 538.304617][T12987] usb 6-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 538.304641][T12987] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 538.304658][T12987] usb 6-1: Product: syz [ 538.304739][T12987] usb 6-1: Manufacturer: syz [ 538.304752][T12987] usb 6-1: SerialNumber: syz [ 538.319125][T12987] usb 6-1: config 0 descriptor?? [ 538.328806][T12987] quatech2 6-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 538.393353][T19191] program syz.0.6176 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 538.631839][ T31] dvb-usb: TeVii S482 (tuner 2) successfully deinitialized and disconnected. [ 538.966985][T12987] usb 6-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 538.987270][T12987] usb 6-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 539.142612][ C1] usb 6-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 539.143555][ T9] usb 6-1: USB disconnect, device number 8 [ 539.181142][ T9] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 539.216571][ T9] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 539.217257][ T9] quatech2 6-1:0.51: device disconnected [ 540.196940][T19250] genirq: Flags mismatch irq 31. 00200000 (pcmmio) vs. 00200000 (virtio1-input.0) [ 541.323662][T19285] GUP no longer grows the stack in syz.1.6222 (19285): 200000005000-200000008000 (200000004000) [ 541.323720][T19285] CPU: 0 UID: 0 PID: 19285 Comm: syz.1.6222 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 541.323743][T19285] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 541.323757][T19285] Call Trace: [ 541.323765][T19285] [ 541.323773][T19285] dump_stack_lvl+0x189/0x250 [ 541.323810][T19285] ? __pfx_dump_stack_lvl+0x10/0x10 [ 541.323834][T19285] ? __pfx__printk+0x10/0x10 [ 541.323852][T19285] ? find_vma+0xe7/0x160 [ 541.323889][T19285] fixup_user_fault+0x661/0x720 [ 541.323919][T19285] fault_in_user_writeable+0x72/0xe0 [ 541.323940][T19285] futex_lock_pi+0x765/0xa70 [ 541.323972][T19285] ? __pfx_futex_lock_pi+0x10/0x10 [ 541.324026][T19285] ? __pfx_futex_wake_mark+0x10/0x10 [ 541.324065][T19285] ? __pfx_userfaultfd_unmap_complete+0x10/0x10 [ 541.324096][T19285] do_futex+0x292/0x420 [ 541.324122][T19285] ? __pfx_do_futex+0x10/0x10 [ 541.324142][T19285] ? __vm_munmap+0x301/0x3d0 [ 541.324169][T19285] __se_sys_futex+0x36f/0x400 [ 541.324196][T19285] ? __pfx___se_sys_futex+0x10/0x10 [ 541.324218][T19285] ? rcu_is_watching+0x15/0xb0 [ 541.324248][T19285] ? __x64_sys_futex+0x21/0xf0 [ 541.324271][T19285] do_syscall_64+0xfa/0x3b0 [ 541.324293][T19285] ? lockdep_hardirqs_on+0x9c/0x150 [ 541.324314][T19285] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 541.324340][T19285] ? clear_bhb_loop+0x60/0xb0 [ 541.324362][T19285] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 541.324385][T19285] RIP: 0033:0x7f3e8a49ebe9 [ 541.324405][T19285] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 541.324422][T19285] RSP: 002b:00007f3e886fe038 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 541.324442][T19285] RAX: ffffffffffffffda RBX: 00007f3e8a6d5fa0 RCX: 00007f3e8a49ebe9 [ 541.324456][T19285] RDX: 00000000fffffffd RSI: 000000000000008d RDI: 0000200000004000 [ 541.324469][T19285] RBP: 00007f3e8a521e19 R08: 0000000000000000 R09: 0000000000000000 [ 541.324481][T19285] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 541.324492][T19285] R13: 00007f3e8a6d6038 R14: 00007f3e8a6d5fa0 R15: 00007ffe4d255a78 [ 541.324524][T19285] [ 542.215482][T17162] usb 7-1: new high-speed USB device number 9 using dummy_hcd [ 542.365389][T17162] usb 7-1: Using ep0 maxpacket: 8 [ 542.367831][T17162] usb 7-1: config 2 has an invalid interface number: 31 but max is 0 [ 542.367855][T17162] usb 7-1: config 2 has no interface number 0 [ 542.367906][T17162] usb 7-1: config 2 interface 31 has no altsetting 0 [ 542.375034][T17162] usb 7-1: New USB device found, idVendor=1a86, idProduct=e092, bcdDevice=53.3f [ 542.375059][T17162] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 542.375077][T17162] usb 7-1: Product: syz [ 542.375089][T17162] usb 7-1: Manufacturer: syz [ 542.375102][T17162] usb 7-1: SerialNumber: syz [ 543.159420][T17162] ch9200 7-1:2.31: probe with driver ch9200 failed with error -22 [ 543.181037][T17162] usb 7-1: USB disconnect, device number 9 [ 543.826043][T19309] netlink: 28 bytes leftover after parsing attributes in process `syz.6.6234'. [ 543.826075][T19309] netlink: 16 bytes leftover after parsing attributes in process `syz.6.6234'. [ 544.455666][T17162] usb 7-1: new high-speed USB device number 10 using dummy_hcd [ 544.611394][T17162] usb 7-1: Using ep0 maxpacket: 32 [ 544.631571][T17162] usb 7-1: New USB device found, idVendor=05a9, idProduct=1550, bcdDevice=e4.bb [ 544.631599][T17162] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 544.631617][T17162] usb 7-1: Product: syz [ 544.631629][T17162] usb 7-1: Manufacturer: syz [ 544.631641][T17162] usb 7-1: SerialNumber: syz [ 544.680094][T17162] usb 7-1: config 0 descriptor?? [ 544.689668][T17162] gspca_main: ov534_9-2.14.0 probing 05a9:1550 [ 545.245503][ T5927] usb 2-1: new high-speed USB device number 56 using dummy_hcd [ 545.322163][T17162] gspca_ov534_9: reg_w failed -71 [ 545.424229][ T5927] usb 2-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08 [ 545.424257][ T5927] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 545.457867][ T5927] usb 2-1: config 0 descriptor?? [ 545.482431][ T5927] gspca_main: cpia1-2.14.0 probing 0813:0001 [ 545.615535][T17162] gspca_ov534_9: Unknown sensor 0000 [ 545.615704][T17162] ov534_9 7-1:0.0: probe with driver ov534_9 failed with error -22 [ 545.648093][T17162] usb 7-1: USB disconnect, device number 10 [ 545.904240][ T5927] gspca_cpia1: usb_control_msg 03, error -32 [ 545.931489][ T5927] gspca_cpia1: usb_control_msg 03, error -71 [ 545.951495][ T5927] gspca_cpia1: usb_control_msg 01, error -71 [ 545.951515][ T5927] cpia1 2-1:0.0: only firmware version 1 is supported (got: 0) [ 545.976705][ T5927] usb 2-1: USB disconnect, device number 56 [ 548.590564][T19345] netlink: 28 bytes leftover after parsing attributes in process `syz.6.6250'. [ 549.074569][T19354] netlink: 24 bytes leftover after parsing attributes in process `syz.6.6253'. [ 549.283229][T19328] syz.0.6241 (19328): drop_caches: 1 [ 549.468355][T19358] tipc: Invalid UDP bearer configuration [ 549.468401][T19358] tipc: Enabling of bearer rejected, failed to enable media [ 557.259285][T19418] netlink: 32 bytes leftover after parsing attributes in process `syz.6.6285'. [ 557.457480][ T5844] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 557.486270][ T5844] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 557.488637][ T5844] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 557.489963][ T5844] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 557.490837][ T5844] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 559.518835][T19419] lo speed is unknown, defaulting to 1000 [ 559.595511][ T5844] Bluetooth: hci1: command tx timeout [ 560.285314][ C1] sched: DL replenish lagged too much [ 561.168534][ T37] audit: type=1326 audit(1756964899.182:241): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19449 comm="syz.7.6296" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f35626cebe9 code=0x0 [ 561.200168][T19419] chnl_net:caif_netlink_parms(): no params data found [ 561.668626][ T5844] Bluetooth: hci1: command tx timeout [ 562.110335][ C0] vkms_vblank_simulate: vblank timer overrun [ 562.145404][ C0] vkms_vblank_simulate: vblank timer overrun [ 562.162757][ C0] vkms_vblank_simulate: vblank timer overrun [ 562.213790][ C0] vkms_vblank_simulate: vblank timer overrun [ 562.262377][ C0] vkms_vblank_simulate: vblank timer overrun [ 562.297008][ C0] vkms_vblank_simulate: vblank timer overrun [ 562.360724][ C0] vkms_vblank_simulate: vblank timer overrun [ 562.415824][ C0] vkms_vblank_simulate: vblank timer overrun [ 562.451076][ C0] vkms_vblank_simulate: vblank timer overrun [ 562.536468][ C0] vkms_vblank_simulate: vblank timer overrun [ 562.569243][ C0] vkms_vblank_simulate: vblank timer overrun [ 562.600630][ C0] vkms_vblank_simulate: vblank timer overrun [ 562.631957][ C0] vkms_vblank_simulate: vblank timer overrun [ 562.666325][ C0] vkms_vblank_simulate: vblank timer overrun [ 562.768097][ C0] vkms_vblank_simulate: vblank timer overrun [ 562.800189][ C0] vkms_vblank_simulate: vblank timer overrun [ 562.863069][ C0] vkms_vblank_simulate: vblank timer overrun [ 562.896853][ C0] vkms_vblank_simulate: vblank timer overrun [ 562.935363][ C0] vkms_vblank_simulate: vblank timer overrun [ 562.977474][ C0] vkms_vblank_simulate: vblank timer overrun [ 562.978276][ T1322] ieee802154 phy0 wpan0: encryption failed: -22 [ 562.978350][ T1322] ieee802154 phy1 wpan1: encryption failed: -22 [ 563.010330][ C0] vkms_vblank_simulate: vblank timer overrun [ 563.052525][ C0] vkms_vblank_simulate: vblank timer overrun [ 563.083509][ C0] vkms_vblank_simulate: vblank timer overrun [ 563.117552][ C0] vkms_vblank_simulate: vblank timer overrun [ 563.148610][ C0] vkms_vblank_simulate: vblank timer overrun [ 563.181938][ C0] vkms_vblank_simulate: vblank timer overrun [ 563.212448][ C0] vkms_vblank_simulate: vblank timer overrun [ 563.259760][ C0] vkms_vblank_simulate: vblank timer overrun [ 563.292890][ C0] vkms_vblank_simulate: vblank timer overrun [ 563.356787][ C0] vkms_vblank_simulate: vblank timer overrun [ 563.390046][ C0] vkms_vblank_simulate: vblank timer overrun [ 563.421302][ C0] vkms_vblank_simulate: vblank timer overrun [ 563.452461][ C0] vkms_vblank_simulate: vblank timer overrun [ 563.499135][ C0] vkms_vblank_simulate: vblank timer overrun [ 563.530680][ C0] vkms_vblank_simulate: vblank timer overrun [ 563.592445][ C0] vkms_vblank_simulate: vblank timer overrun [ 563.626238][ C0] vkms_vblank_simulate: vblank timer overrun [ 563.656791][ C0] vkms_vblank_simulate: vblank timer overrun [ 563.688519][ C0] vkms_vblank_simulate: vblank timer overrun [ 563.734613][ C0] vkms_vblank_simulate: vblank timer overrun [ 563.752563][ T5844] Bluetooth: hci1: command tx timeout [ 563.767304][ C0] vkms_vblank_simulate: vblank timer overrun [ 563.797912][ C0] vkms_vblank_simulate: vblank timer overrun [ 563.846611][ C0] vkms_vblank_simulate: vblank timer overrun [ 563.879222][ C0] vkms_vblank_simulate: vblank timer overrun [ 563.943064][ C0] vkms_vblank_simulate: vblank timer overrun [ 563.973914][ C0] vkms_vblank_simulate: vblank timer overrun [ 564.006662][ C0] vkms_vblank_simulate: vblank timer overrun [ 564.035243][ C0] vkms_vblank_simulate: vblank timer overrun [ 564.066401][ C0] vkms_vblank_simulate: vblank timer overrun [ 564.096683][ C0] vkms_vblank_simulate: vblank timer overrun [ 564.152434][ C0] vkms_vblank_simulate: vblank timer overrun [ 564.181185][ C0] vkms_vblank_simulate: vblank timer overrun [ 564.213902][ C0] vkms_vblank_simulate: vblank timer overrun [ 564.250983][ C0] vkms_vblank_simulate: vblank timer overrun [ 564.281427][ C0] vkms_vblank_simulate: vblank timer overrun [ 564.314707][ C0] vkms_vblank_simulate: vblank timer overrun [ 564.345635][ C0] vkms_vblank_simulate: vblank timer overrun [ 564.403298][ C0] vkms_vblank_simulate: vblank timer overrun [ 564.434681][ C0] vkms_vblank_simulate: vblank timer overrun [ 564.466113][ C0] vkms_vblank_simulate: vblank timer overrun [ 564.525911][ C0] vkms_vblank_simulate: vblank timer overrun [ 564.545474][ C0] vkms_vblank_simulate: vblank timer overrun [ 564.590801][ C0] vkms_vblank_simulate: vblank timer overrun [ 564.630924][ C0] vkms_vblank_simulate: vblank timer overrun [ 564.662890][ C0] vkms_vblank_simulate: vblank timer overrun [ 564.704080][ C0] vkms_vblank_simulate: vblank timer overrun [ 564.733234][ C0] vkms_vblank_simulate: vblank timer overrun [ 564.770359][ C0] vkms_vblank_simulate: vblank timer overrun [ 564.801719][ C0] vkms_vblank_simulate: vblank timer overrun [ 564.863037][ C0] vkms_vblank_simulate: vblank timer overrun [ 564.916545][ C0] vkms_vblank_simulate: vblank timer overrun [ 564.948250][ C0] vkms_vblank_simulate: vblank timer overrun [ 564.988034][ C0] vkms_vblank_simulate: vblank timer overrun [ 565.016817][ C0] vkms_vblank_simulate: vblank timer overrun [ 565.097627][ C0] vkms_vblank_simulate: vblank timer overrun [ 565.832089][ T5844] Bluetooth: hci1: command tx timeout [ 577.721650][ C0] vkms_vblank_simulate: vblank timer overrun [ 577.755879][ C0] vkms_vblank_simulate: vblank timer overrun [ 577.788065][ C0] vkms_vblank_simulate: vblank timer overrun [ 577.820160][ C0] vkms_vblank_simulate: vblank timer overrun [ 577.855092][ C0] vkms_vblank_simulate: vblank timer overrun [ 577.886488][ C0] vkms_vblank_simulate: vblank timer overrun [ 577.918627][ C0] vkms_vblank_simulate: vblank timer overrun [ 577.950925][ C0] vkms_vblank_simulate: vblank timer overrun [ 578.000134][ C0] vkms_vblank_simulate: vblank timer overrun [ 578.048117][ C0] vkms_vblank_simulate: vblank timer overrun [ 578.092902][ C0] vkms_vblank_simulate: vblank timer overrun [ 578.123733][ C0] vkms_vblank_simulate: vblank timer overrun [ 578.155061][ C0] vkms_vblank_simulate: vblank timer overrun [ 578.185410][ C0] vkms_vblank_simulate: vblank timer overrun [ 578.215476][ C0] vkms_vblank_simulate: vblank timer overrun [ 578.247960][ C0] vkms_vblank_simulate: vblank timer overrun [ 578.296736][ C0] vkms_vblank_simulate: vblank timer overrun [ 578.329223][ C0] vkms_vblank_simulate: vblank timer overrun [ 578.362233][ C0] vkms_vblank_simulate: vblank timer overrun [ 578.393674][ C0] vkms_vblank_simulate: vblank timer overrun [ 578.424877][ C0] vkms_vblank_simulate: vblank timer overrun [ 578.457382][ C0] vkms_vblank_simulate: vblank timer overrun [ 578.489270][ C0] vkms_vblank_simulate: vblank timer overrun [ 578.520601][ C0] vkms_vblank_simulate: vblank timer overrun [ 578.553558][ C0] vkms_vblank_simulate: vblank timer overrun [ 578.585965][ C0] vkms_vblank_simulate: vblank timer overrun [ 578.615659][ C0] vkms_vblank_simulate: vblank timer overrun [ 578.660079][ C0] vkms_vblank_simulate: vblank timer overrun [ 578.691551][ C0] vkms_vblank_simulate: vblank timer overrun [ 578.723034][ C0] vkms_vblank_simulate: vblank timer overrun [ 578.756112][ C0] vkms_vblank_simulate: vblank timer overrun [ 578.788194][ C0] vkms_vblank_simulate: vblank timer overrun [ 578.818938][ C0] vkms_vblank_simulate: vblank timer overrun [ 579.602485][ T5843] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 579.626692][ T5843] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 579.628181][ T5843] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 579.629506][ T5843] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 579.630373][ T5843] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 582.132841][T19421] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 582.155199][T19421] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 582.164439][T19421] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 582.173016][T19510] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 582.186267][T19511] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 588.385580][ T5844] Bluetooth: hci7: command tx timeout [ 588.386330][ T5844] Bluetooth: hci6: command tx timeout [ 589.791107][ T5844] Bluetooth: hci8: unexpected cc 0x0c03 length: 249 > 1 [ 589.827233][ T5844] Bluetooth: hci8: unexpected cc 0x1003 length: 249 > 9 [ 589.830819][ T5844] Bluetooth: hci8: unexpected cc 0x1001 length: 249 > 9 [ 589.832269][ T5844] Bluetooth: hci8: unexpected cc 0x0c23 length: 249 > 4 [ 589.833711][ T5844] Bluetooth: hci8: unexpected cc 0x0c38 length: 249 > 2 [ 590.465940][T19511] Bluetooth: hci6: command tx timeout [ 590.465973][T19511] Bluetooth: hci7: command tx timeout [ 591.905600][ T5844] Bluetooth: hci8: command tx timeout [ 592.545682][ T5844] Bluetooth: hci7: command tx timeout [ 592.545712][ T5844] Bluetooth: hci6: command tx timeout [ 593.985911][T19511] Bluetooth: hci8: command tx timeout [ 594.625441][T19511] Bluetooth: hci6: command tx timeout [ 594.625472][T19511] Bluetooth: hci7: command tx timeout [ 594.657716][T19535] kernel read not supported for file /blkio.throttle.io_service_bytes_recursive (pid: 19535 comm: syz.0.6325) [ 594.700794][ T37] audit: type=1800 audit(1756964932.672:242): pid=19535 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.0.6325" name="blkio.throttle.io_service_bytes_recursive" dev="mqueue" ino=59158 res=0 errno=0 [ 596.065547][ T5844] Bluetooth: hci8: command tx timeout [ 598.146463][ T5844] Bluetooth: hci8: command tx timeout [ 617.759532][ T5844] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 617.788947][ T5844] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 617.790961][ T5844] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 617.792174][ T5844] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 617.793054][ T5844] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 619.905691][ T5844] Bluetooth: hci3: command tx timeout [ 621.985776][ T5844] Bluetooth: hci3: command tx timeout [ 624.067861][ T5844] Bluetooth: hci3: command tx timeout [ 624.428547][ T1322] ieee802154 phy0 wpan0: encryption failed: -22 [ 624.428623][ T1322] ieee802154 phy1 wpan1: encryption failed: -22 [ 626.145535][ T5844] Bluetooth: hci3: command tx timeout [ 635.581241][T19511] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 635.623443][T19511] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 635.632786][T19511] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 635.634709][T19511] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 635.657738][T19511] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 637.745698][T19511] Bluetooth: hci4: command tx timeout [ 638.984560][ T5844] Bluetooth: hci9: unexpected cc 0x0c03 length: 249 > 1 [ 638.998509][ T5844] Bluetooth: hci9: unexpected cc 0x1003 length: 249 > 9 [ 638.999924][ T5844] Bluetooth: hci9: unexpected cc 0x1001 length: 249 > 9 [ 639.001129][ T5844] Bluetooth: hci9: unexpected cc 0x0c23 length: 249 > 4 [ 639.001976][ T5844] Bluetooth: hci9: unexpected cc 0x0c38 length: 249 > 2 [ 639.825953][T19511] Bluetooth: hci4: command tx timeout [ 641.105683][T19511] Bluetooth: hci9: command tx timeout [ 641.905561][T19511] Bluetooth: hci4: command tx timeout [ 641.992250][ T5844] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 642.014758][ T5844] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 642.023865][ T5844] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 642.034911][ T5844] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 642.043504][ T5844] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 643.185891][ T5844] Bluetooth: hci9: command tx timeout [ 643.985437][ T5844] Bluetooth: hci4: command tx timeout [ 644.145588][ T5844] Bluetooth: hci0: command tx timeout [ 645.265504][T19511] Bluetooth: hci9: command tx timeout [ 646.225607][T19511] Bluetooth: hci0: command tx timeout [ 646.946580][T19511] Bluetooth: hci5: command 0x0406 tx timeout [ 647.345939][T19511] Bluetooth: hci9: command tx timeout [ 648.311381][T19511] Bluetooth: hci0: command tx timeout [ 650.214520][ T5843] Bluetooth: hci10: unexpected cc 0x0c03 length: 249 > 1 [ 650.229086][ T5843] Bluetooth: hci10: unexpected cc 0x1003 length: 249 > 9 [ 650.231455][ T5843] Bluetooth: hci10: unexpected cc 0x1001 length: 249 > 9 [ 650.233342][ T5843] Bluetooth: hci10: unexpected cc 0x0c23 length: 249 > 4 [ 650.257130][ T5843] Bluetooth: hci10: unexpected cc 0x0c38 length: 249 > 2 [ 650.395474][T19511] Bluetooth: hci0: command tx timeout [ 657.091011][ T5843] Bluetooth: hci10: command tx timeout [ 659.116094][T19511] Bluetooth: hci10: command tx timeout [ 661.187135][T19511] Bluetooth: hci10: command tx timeout [ 663.265606][T19511] Bluetooth: hci10: command tx timeout [ 678.203876][T19511] Bluetooth: hci11: unexpected cc 0x0c03 length: 249 > 1 [ 678.206761][T19511] Bluetooth: hci11: unexpected cc 0x1003 length: 249 > 9 [ 678.212098][T19511] Bluetooth: hci11: unexpected cc 0x1001 length: 249 > 9 [ 678.325616][T19511] Bluetooth: hci11: unexpected cc 0x0c23 length: 249 > 4 [ 678.326482][T19511] Bluetooth: hci11: unexpected cc 0x0c38 length: 249 > 2 [ 680.398287][ T5844] Bluetooth: hci11: command tx timeout [ 680.860278][T19419] bridge0: port 1(bridge_slave_0) entered blocking state [ 680.907108][T19419] bridge0: port 1(bridge_slave_0) entered disabled state [ 680.907391][T19419] bridge_slave_0: entered allmulticast mode [ 680.946832][T19419] bridge_slave_0: entered promiscuous mode [ 682.472940][ T5844] Bluetooth: hci11: command tx timeout [ 682.795816][ T5844] Bluetooth: hci1: command 0x0406 tx timeout [ 684.545526][ T5844] Bluetooth: hci11: command tx timeout [ 685.885835][ T1322] ieee802154 phy0 wpan0: encryption failed: -22 [ 685.885914][ T1322] ieee802154 phy1 wpan1: encryption failed: -22 [ 686.625602][ T5844] Bluetooth: hci11: command tx timeout [ 695.538042][ T5844] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 695.569308][ T5844] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 695.594975][ T5844] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 695.615928][ T5844] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 695.616752][ T5844] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 697.665530][ T5844] Bluetooth: hci5: command tx timeout [ 699.745556][ T5844] Bluetooth: hci5: command tx timeout [ 699.987548][T19511] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 700.021345][T19511] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 700.039905][T19511] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 700.041240][T19511] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 700.042083][T19511] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 701.835471][ T5844] Bluetooth: hci5: command tx timeout [ 702.145648][ T5844] Bluetooth: hci1: command tx timeout [ 702.498317][T19511] Bluetooth: hci12: unexpected cc 0x0c03 length: 249 > 1 [ 702.503779][T19511] Bluetooth: hci12: unexpected cc 0x1003 length: 249 > 9 [ 702.554572][T19511] Bluetooth: hci12: unexpected cc 0x1001 length: 249 > 9 [ 702.563798][T19511] Bluetooth: hci12: unexpected cc 0x0c23 length: 249 > 4 [ 702.577882][T19511] Bluetooth: hci12: unexpected cc 0x0c38 length: 249 > 2 [ 703.906167][ T5844] Bluetooth: hci5: command tx timeout [ 704.225812][ T5844] Bluetooth: hci1: command tx timeout [ 704.626041][ T5844] Bluetooth: hci12: command tx timeout [ 706.317584][T19511] Bluetooth: hci1: command tx timeout [ 706.705905][ T5844] Bluetooth: hci12: command tx timeout [ 708.400885][ T5844] Bluetooth: hci6: command 0x0406 tx timeout [ 708.400924][ T5844] Bluetooth: hci1: command tx timeout [ 708.785803][ T5843] Bluetooth: hci12: command tx timeout [ 710.420831][ T5844] Bluetooth: hci13: unexpected cc 0x0c03 length: 249 > 1 [ 710.460859][ T5844] Bluetooth: hci13: unexpected cc 0x1003 length: 249 > 9 [ 710.462396][ T5844] Bluetooth: hci13: unexpected cc 0x1001 length: 249 > 9 [ 710.464498][ T5844] Bluetooth: hci13: unexpected cc 0x0c23 length: 249 > 4 [ 710.503803][ T5844] Bluetooth: hci13: unexpected cc 0x0c38 length: 249 > 2 [ 710.865480][ T5843] Bluetooth: hci12: command tx timeout [ 712.705517][ T5844] Bluetooth: hci13: command tx timeout [ 713.515067][ T5844] Bluetooth: hci8: command 0x0406 tx timeout [ 713.529798][ T5844] Bluetooth: hci7: command 0x0406 tx timeout [ 714.802378][T19421] Bluetooth: hci13: command tx timeout [ 716.869966][T19421] Bluetooth: hci13: command tx timeout [ 718.945557][T19421] Bluetooth: hci13: command tx timeout [ 739.940042][T19511] Bluetooth: hci14: unexpected cc 0x0c03 length: 249 > 1 [ 739.974433][T19511] Bluetooth: hci14: unexpected cc 0x1003 length: 249 > 9 [ 739.990197][T19511] Bluetooth: hci14: unexpected cc 0x1001 length: 249 > 9 [ 740.004824][T19511] Bluetooth: hci14: unexpected cc 0x0c23 length: 249 > 4 [ 740.019815][T19511] Bluetooth: hci14: unexpected cc 0x0c38 length: 249 > 2 [ 747.301629][ T1322] ieee802154 phy0 wpan0: encryption failed: -22 [ 747.301706][ T1322] ieee802154 phy1 wpan1: encryption failed: -22 [ 756.603692][T19510] Bluetooth: hci15: unexpected cc 0x0c03 length: 249 > 1 [ 756.628672][T19510] Bluetooth: hci15: unexpected cc 0x1003 length: 249 > 9 [ 756.630313][T19510] Bluetooth: hci15: unexpected cc 0x1001 length: 249 > 9 [ 756.631724][T19510] Bluetooth: hci15: unexpected cc 0x0c23 length: 249 > 4 [ 756.632587][T19510] Bluetooth: hci15: unexpected cc 0x0c38 length: 249 > 2 [ 760.531445][T19421] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 760.566437][T19421] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 760.571639][T19421] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 760.598265][T19421] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 760.599175][T19421] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 763.079578][T19595] Bluetooth: hci16: unexpected cc 0x0c03 length: 249 > 1 [ 763.107995][T19595] Bluetooth: hci16: unexpected cc 0x1003 length: 249 > 9 [ 763.109829][T19595] Bluetooth: hci16: unexpected cc 0x1001 length: 249 > 9 [ 763.111060][T19595] Bluetooth: hci16: unexpected cc 0x0c23 length: 249 > 4 [ 763.111875][T19595] Bluetooth: hci16: unexpected cc 0x0c38 length: 249 > 2 [ 764.717050][T19595] Bluetooth: hci0: command 0x0406 tx timeout [ 771.682347][ T5844] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 771.706828][ T5844] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 771.714517][ T5844] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 771.722672][ T5844] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 771.723598][ T5844] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 800.293078][T19604] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 800.326939][T19604] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 800.328758][T19604] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 800.331126][T19604] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 800.331968][T19604] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 806.504678][T19511] Bluetooth: hci14: command tx timeout [ 808.552834][T19511] Bluetooth: hci14: command tx timeout [ 808.732232][ T1322] ieee802154 phy0 wpan0: encryption failed: -22 [ 808.732311][ T1322] ieee802154 phy1 wpan1: encryption failed: -22 [ 810.625623][T19511] Bluetooth: hci14: command tx timeout [ 812.705417][T19511] Bluetooth: hci14: command tx timeout [ 817.107649][T19421] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 817.134549][T19421] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 817.145617][T19421] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 817.156065][T19421] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 817.185518][T19421] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 817.946341][ T5843] Bluetooth: hci2: command tx timeout [ 817.950069][T19593] Bluetooth: hci16: command tx timeout [ 820.782465][T19511] Bluetooth: hci16: command tx timeout [ 820.783090][T19511] Bluetooth: hci2: command tx timeout [ 820.783397][T19511] Bluetooth: hci15: command tx timeout [ 822.000095][T19511] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 822.040914][T19511] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 822.042969][T19511] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 822.066064][T19511] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 822.066863][T19511] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 822.785861][T19511] Bluetooth: hci15: command tx timeout [ 822.785884][ T5843] Bluetooth: hci2: command tx timeout [ 822.785894][T19511] Bluetooth: hci16: command tx timeout [ 824.314244][T19511] Bluetooth: hci8: unexpected cc 0x0c03 length: 249 > 1 [ 824.335674][T19511] Bluetooth: hci8: unexpected cc 0x1003 length: 249 > 9 [ 824.337760][T19511] Bluetooth: hci8: unexpected cc 0x1001 length: 249 > 9 [ 824.338968][T19511] Bluetooth: hci8: unexpected cc 0x0c23 length: 249 > 4 [ 824.367169][T19511] Bluetooth: hci8: unexpected cc 0x0c38 length: 249 > 2 [ 824.868355][T19511] Bluetooth: hci16: command tx timeout [ 824.868387][T19511] Bluetooth: hci15: command tx timeout [ 824.890117][T19614] Bluetooth: hci2: command tx timeout [ 826.194997][T19614] Bluetooth: hci1: command 0x0406 tx timeout [ 826.195041][T19614] Bluetooth: hci12: command 0x0406 tx timeout [ 826.945401][T19600] Bluetooth: hci15: command tx timeout [ 832.739412][T19614] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 832.763260][T19614] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 832.773430][T19614] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 832.774705][T19614] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 832.835764][T19614] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 833.070242][T19604] Bluetooth: hci3: command tx timeout [ 835.105686][T19614] Bluetooth: hci3: command tx timeout [ 835.106326][T19614] Bluetooth: hci6: command tx timeout [ 836.403323][T19604] Bluetooth: hci13: command 0x0406 tx timeout [ 837.187250][T19604] Bluetooth: hci6: command tx timeout [ 837.187284][T19604] Bluetooth: hci3: command tx timeout [ 839.265889][T19614] Bluetooth: hci3: command tx timeout [ 839.265922][T19614] Bluetooth: hci6: command tx timeout [ 841.345709][T19604] Bluetooth: hci6: command tx timeout [ 842.601716][T19421] Bluetooth: hci4: command tx timeout [ 844.681549][T19421] Bluetooth: hci4: command tx timeout [ 846.715808][T19421] Bluetooth: hci4: command tx timeout [ 848.785513][T19421] Bluetooth: hci4: command tx timeout [ 860.909614][T19421] Bluetooth: hci9: unexpected cc 0x0c03 length: 249 > 1 [ 860.913379][T19421] Bluetooth: hci9: unexpected cc 0x1003 length: 249 > 9 [ 860.914869][T19421] Bluetooth: hci9: unexpected cc 0x1001 length: 249 > 9 [ 860.916230][T19421] Bluetooth: hci9: unexpected cc 0x0c23 length: 249 > 4 [ 860.917022][T19421] Bluetooth: hci9: unexpected cc 0x0c38 length: 249 > 2 [ 870.151606][ T1322] ieee802154 phy0 wpan0: encryption failed: -22 [ 870.151693][ T1322] ieee802154 phy1 wpan1: encryption failed: -22 [ 875.759854][ T5844] Bluetooth: hci7: command tx timeout [ 875.838536][ T5844] Bluetooth: hci0: command tx timeout [ 875.839417][ T5844] Bluetooth: hci8: command tx timeout [ 877.865532][ T5843] Bluetooth: hci7: command tx timeout [ 877.921082][ T5843] Bluetooth: hci8: command tx timeout [ 877.921115][ T5843] Bluetooth: hci0: command tx timeout [ 879.449533][ T5844] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 879.477611][ T5844] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 879.481079][ T5844] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 879.482330][ T5844] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 879.483136][ T5844] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 879.905485][ T5844] Bluetooth: hci7: command tx timeout [ 879.985482][T19600] Bluetooth: hci8: command tx timeout [ 879.986819][ T5844] Bluetooth: hci0: command tx timeout [ 881.985357][ T5844] Bluetooth: hci7: command tx timeout [ 882.070425][ T5844] Bluetooth: hci0: command tx timeout [ 882.070461][ T5844] Bluetooth: hci8: command tx timeout [ 882.677085][ T5844] Bluetooth: hci10: unexpected cc 0x0c03 length: 249 > 1 [ 882.695677][ T5844] Bluetooth: hci10: unexpected cc 0x1003 length: 249 > 9 [ 882.716965][ T5844] Bluetooth: hci10: unexpected cc 0x1001 length: 249 > 9 [ 882.718316][ T5844] Bluetooth: hci10: unexpected cc 0x0c23 length: 249 > 4 [ 882.720142][ T5844] Bluetooth: hci10: unexpected cc 0x0c38 length: 249 > 2 [ 884.587801][T19595] Bluetooth: hci11: unexpected cc 0x0c03 length: 249 > 1 [ 884.626161][T19595] Bluetooth: hci11: unexpected cc 0x1003 length: 249 > 9 [ 884.631311][T19595] Bluetooth: hci11: unexpected cc 0x1001 length: 249 > 9 [ 884.633419][T19595] Bluetooth: hci11: unexpected cc 0x0c23 length: 249 > 4 [ 884.634281][T19595] Bluetooth: hci11: unexpected cc 0x0c38 length: 249 > 2 [ 885.107333][T19510] Bluetooth: hci9: command tx timeout [ 887.185428][T19595] Bluetooth: hci9: command tx timeout [ 887.507106][T19595] Bluetooth: hci10: command tx timeout [ 887.507976][T19595] Bluetooth: hci11: command tx timeout [ 887.585579][ T5844] Bluetooth: hci5: command tx timeout [ 889.284251][ T5844] Bluetooth: hci9: command tx timeout [ 889.587173][ T5844] Bluetooth: hci11: command tx timeout [ 889.587207][ T5844] Bluetooth: hci10: command tx timeout [ 889.679505][T19595] Bluetooth: hci5: command tx timeout [ 891.345549][T19595] Bluetooth: hci9: command tx timeout [ 891.665481][T19595] Bluetooth: hci10: command tx timeout [ 891.665514][T19595] Bluetooth: hci11: command tx timeout [ 891.745665][ T5843] Bluetooth: hci5: command tx timeout [ 892.709198][ T5843] Bluetooth: hci14: command 0x0406 tx timeout [ 893.198471][T19595] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 893.226106][T19595] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 893.230732][T19595] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 893.232425][T19595] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 893.233686][T19595] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 893.745419][ T5843] Bluetooth: hci11: command tx timeout [ 893.745452][ T5843] Bluetooth: hci10: command tx timeout [ 893.826214][T19600] Bluetooth: hci5: command tx timeout [ 895.345982][T19595] Bluetooth: hci1: command tx timeout [ 897.455302][T19595] Bluetooth: hci1: command tx timeout [ 899.505834][ T5844] Bluetooth: hci1: command tx timeout [ 901.590446][ T5844] Bluetooth: hci1: command tx timeout [ 913.193651][ T5844] Bluetooth: hci2: command 0x0406 tx timeout [ 918.305335][ T5844] Bluetooth: hci16: command 0x0406 tx timeout [ 921.765839][ T5843] Bluetooth: hci12: unexpected cc 0x0c03 length: 249 > 1 [ 921.779718][ T5843] Bluetooth: hci12: unexpected cc 0x1003 length: 249 > 9 [ 921.805339][ T5843] Bluetooth: hci12: unexpected cc 0x1001 length: 249 > 9 [ 921.806723][ T5843] Bluetooth: hci12: unexpected cc 0x0c23 length: 249 > 4 [ 921.808047][ T5843] Bluetooth: hci12: unexpected cc 0x0c38 length: 249 > 2 [ 923.275674][ T38] INFO: task kworker/0:14:19532 blocked for more than 144 seconds. [ 923.275700][ T38] Not tainted syzkaller #0 [ 923.275709][ T38] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 923.275718][ T38] task:kworker/0:14 state:D stack:21664 pid:19532 tgid:19532 ppid:2 task_flags:0x4208060 flags:0x00004000 [ 923.275764][ T38] Workqueue: events switchdev_deferred_process_work [ 923.275796][ T38] Call Trace: [ 923.275802][ T38] [ 923.275816][ T38] __schedule+0x16f3/0x4c20 [ 923.275867][ T38] ? __pfx___schedule+0x10/0x10 [ 923.275908][ T38] ? _raw_spin_unlock_irq+0x23/0x50 [ 923.275934][ T38] rt_mutex_schedule+0x77/0xf0 [ 923.275952][ T38] rt_mutex_slowlock_block+0x5ba/0x6d0 [ 923.275971][ T38] ? task_blocks_on_rt_mutex+0x78c/0x1380 [ 923.276009][ T38] rt_mutex_slowlock+0x2b1/0x6e0 [ 923.276030][ T38] ? rt_mutex_slowlock+0x1c9/0x6e0 [ 923.276050][ T38] ? __pfx_rt_mutex_slowlock+0x10/0x10 [ 923.276081][ T38] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 923.276110][ T38] ? process_scheduled_works+0x9ef/0x17b0 [ 923.276136][ T38] ? switchdev_deferred_process_work+0xe/0x20 [ 923.276158][ T38] mutex_lock_nested+0x16a/0x1d0 [ 923.276176][ T38] ? switchdev_deferred_process_work+0xe/0x20 [ 923.276199][ T38] ? process_scheduled_works+0x9ef/0x17b0 [ 923.276222][ T38] switchdev_deferred_process_work+0xe/0x20 [ 923.276244][ T38] process_scheduled_works+0xade/0x17b0 [ 923.276295][ T38] ? __pfx_process_scheduled_works+0x10/0x10 [ 923.276335][ T38] worker_thread+0x8a0/0xda0 [ 923.276384][ T38] kthread+0x70e/0x8a0 [ 923.276412][ T38] ? __pfx_worker_thread+0x10/0x10 [ 923.276432][ T38] ? __pfx_kthread+0x10/0x10 [ 923.276461][ T38] ? __pfx_kthread+0x10/0x10 [ 923.276486][ T38] ret_from_fork+0x3f9/0x770 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 923.276511][ T38] ? __pfx_ret_from_fork+0x10/0x10 [ 923.276546][ T38] ? __switch_to_asm+0x39/0x70 [ 923.276563][ T38] ? __switch_to_asm+0x33/0x70 [ 923.276578][ T38] ? __pfx_kthread+0x10/0x10 [ 923.276602][ T38] ret_from_fork_asm+0x1a/0x30 [ 923.276636][ T38] [ 923.276650][ T38] INFO: task syz-executor:19590 blocked for more than 144 seconds. [ 923.276662][ T38] Not tainted syzkaller #0 [ 923.276671][ T38] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 923.276679][ T38] task:syz-executor state:D stack:26952 pid:19590 tgid:19590 ppid:1 task_flags:0x400140 flags:0x00004004 [ 923.276723][ T38] Call Trace: [ 923.276729][ T38] [ 923.276740][ T38] __schedule+0x16f3/0x4c20 [ 923.276788][ T38] ? __pfx___schedule+0x10/0x10 [ 923.276829][ T38] ? _raw_spin_unlock_irq+0x23/0x50 [ 923.276854][ T38] rt_mutex_schedule+0x77/0xf0 [ 923.276870][ T38] rt_mutex_slowlock_block+0x5ba/0x6d0 [ 923.276889][ T38] ? task_blocks_on_rt_mutex+0xf12/0x1380 [ 923.276927][ T38] rt_mutex_slowlock+0x2b1/0x6e0 [ 923.276948][ T38] ? rt_mutex_slowlock+0x1c9/0x6e0 [ 923.276967][ T38] ? __pfx_rt_mutex_slowlock+0x10/0x10 [ 923.276984][ T38] ? __lock_acquire+0xab9/0xd20 [ 923.277018][ T38] ? inet_rtm_newaddr+0x3b0/0x18b0 [ 923.277043][ T38] ? is_bpf_text_address+0x26/0x2b0 [ 923.277070][ T38] ? inet_rtm_newaddr+0x3b0/0x18b0 [ 923.277085][ T38] mutex_lock_nested+0x16a/0x1d0 [ 923.277109][ T38] inet_rtm_newaddr+0x3b0/0x18b0 [ 923.277137][ T38] ? __pfx_inet_rtm_newaddr+0x10/0x10 [ 923.277173][ T38] ? __pfx_inet_rtm_newaddr+0x10/0x10 [ 923.277190][ T38] rtnetlink_rcv_msg+0x7cf/0xb70 [ 923.277211][ T38] ? __lock_acquire+0xab9/0xd20 [ 923.277234][ T38] ? rtnetlink_rcv_msg+0x1ab/0xb70 [ 923.277253][ T38] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 923.277292][ T38] netlink_rcv_skb+0x208/0x470 [ 923.277312][ T38] ? __lock_acquire+0xab9/0xd20 [ 923.277333][ T38] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 923.277355][ T38] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 923.277386][ [ 923.277386][ T38] ? netlink_deliver_tap+0x2e/0x1b0 [ 923.277416][ T38] netlink_unicast+0x846/0xa10 [ 923.277445][ T38] ? __pfx_netlink_unicast+0x10/0x10 [ 923.277467][ T38] ? netlink_sendmsg+0x642/0xb30 [ 923.277485][ T38] ? skb_put+0x11b/0x210 [ 923.277512][ T38] netlink_sendmsg+0x805/0xb30 [ 923.277548][ T38] ? __pfx_netlink_sendmsg+0x10/0x10 [ 923.277579][ T38] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 923.277596][ T38] ? __pfx_netlink_sendmsg+0x10/0x10 [ 923.277618][ T38] __sock_sendmsg+0x21c/0x270 [ 923.277641][ T38] __sys_sendto+0x3c7/0x520 [ 923.277667][ T38] ? __pfx___sys_sendto+0x10/0x10 [ 923.277717][ T38] ? exc_page_fault+0x76/0xf0 [ 923.277743][ T38] ? do_user_addr_fault+0xc8a/0x1390 [ 923.277769][ T38] __x64_sys_sendto+0xde/0x100 [ 923.277795][ T38] do_syscall_64+0xfa/0x3b0 [ 923.277815][ T38] ? lockdep_hardirqs_on+0x9c/0x150 [ 923.277836][ T38] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 923.277854][ T38] ? clear_bhb_loop+0x60/0xb0 [ 923.277875][ T38] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 923.277893][ T38] RIP: 0033:0x7fd65a180a7c [ 923.277909][ T38] RSP: 002b:00007ffc1d5763c0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 923.277927][ T38] RAX: ffffffffffffffda RBX: 00007fd65aee4620 RCX: 00007fd65a180a7c [ 923.277941][ T38] RDX: 0000000000000028 RSI: 00007fd65aee4670 RDI: 0000000000000003 [ 923.277953][ T38] RBP: 0000000000000000 R08: 00007ffc1d576414 R09: 000000000000000c [ 923.277964][ T38] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003 [ 923.277975][ T38] R13: 0000000000000000 R14: 00007fd65aee4670 R15: 0000000000000000 [ 923.278005][ T38] [ 923.278013][ T38] INFO: task syz-executor:19594 blocked for more than 144 seconds. [ 923.278026][ T38] Not tainted syzkaller #0 [ 923.278034][ T38] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 923.278042][ T38] task:syz-executor state:D stack:26952 pid:19594 tgid:19594 ppid:1 task_flags:0x400140 flags:0x00004004 [ 923.278085][ T38] Call Trace: [ 923.278090][ T38] [ 923.278102][ T38] __schedule+0x16f3/0x4c20 [ 923.278151][ T38] ? __pfx___schedule+0x10/0x10 [ 923.278192][ T38] ? _raw_spin_unlock_irq+0x23/0x50 [ 923.278216][ T38] rt_mutex_schedule+0x77/0xf0 [ 923.278234][ T38] rt_mutex_slowlock_block+0x5ba/0x6d0 [ 923.278252][ T38] ? task_blocks_on_rt_mutex+0xf12/0x1380 [ 923.278288][ T38] rt_mutex_slowlock+0x2b1/0x6e0 [ 923.278309][ T38] ? rt_mutex_slowlock+0x1c9/0x6e0 [ 923.278328][ T38] ? __pfx_rt_mutex_slowlock+0x10/0x10 [ 923.278344][ T38] ? __lock_acquire+0xab9/0xd20 [ 923.278377][ T38] ? inet_rtm_newaddr+0x3b0/0x18b0 [ 923.278402][ T38] ? is_bpf_text_address+0x26/0x2b0 [ 923.278428][ T38] ? inet_rtm_newaddr+0x3b0/0x18b0 [ 923.278442][ T38] mutex_lock_nested+0x16a/0x1d0 [ 923.278466][ T38] inet_rtm_newaddr+0x3b0/0x18b0 [ 923.278493][ T38] ? __pfx_inet_rtm_newaddr+0x10/0x10 [ 923.278530][ T38] ? __pfx_inet_rtm_newaddr+0x10/0x10 [ 923.278553][ T38] rtnetlink_rcv_msg+0x7cf/0xb70 [ 923.278573][ T38] ? __lock_acquire+0xab9/0xd20 [ 923.278595][ T38] ? rtnetlink_rcv_msg+0x1ab/0xb70 [ 923.278615][ T38] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 923.278654][ T38] netlink_rcv_skb+0x208/0x470 [ 923.278672][ T38] ? __lock_acquire+0xab9/0xd20 [ 923.278693][ T38] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 923.278716][ T38] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 923.278749][ T38] ? netlink_deliver_tap+0x2e/0x1b0 [ 923.278779][ T38] netlink_unicast+0x846/0xa10 [ 923.278808][ T38] ? __pfx_netlink_unicast+0x10/0x10 [ 923.278830][ T38] ? netlink_sendmsg+0x642/0xb30 [ 923.278848][ T38] ? skb_put+0x11b/0x210 [ 923.278874][ T38] netlink_sendmsg+0x805/0xb30 [ 923.278905][ T38] ? __pfx_netlink_sendmsg+0x10/0x10 [ 923.278935][ T38] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 923.278952][ T38] ? __pfx_netlink_sendmsg+0x10/0x10 [ 923.278974][ T38] __sock_sendmsg+0x21c/0x270 [ 923.278996][ T38] __sys_sendto+0x3c7/0x520 [ 923.279021][ T38] ? __pfx___sys_sendto+0x10/0x10 [ 923.279072][ T38] ? exc_page_fault+0x76/0xf0 [ 923.279097][ T38] ? do_user_addr_fault+0xc8a/0x1390 [ 923.279123][ T38] __x64_sys_sendto+0xde/0x100 [ 923.279148][ T38] do_syscall_64+0xfa/0x3b0 [ 923.279169][ T38] ? lockdep_hardirqs_on+0x9c/0x150 [ 923.279189][ T38] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 923.279207][ T38] ? clear_bhb_loop+0x60/0xb0 [ 923.279229][ T38] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 923.279245][ T38] RIP: 0033:0x7f1c00ab0a7c [ 923.279259][ T38] RSP: 002b:00007ffe18c21410 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 923.279277][ T38] RAX: ffffffffffffffda RBX: 00007f1c01814620 RCX: 00007f1c00ab0a7c [ 923.279290][ T38] RDX: 0000000000000028 RSI: 00007f1c01814670 RDI: 0000000000000003 [ 923.279302][ T38] RBP: 0000000000000000 R08: 00007ffe18c21464 R09: 000000000000000c [ 923.279313][ T38] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003 [ 923.279324][ T38] R13: 0000000000000000 R14: 00007f1c01814670 R15: 0000000000000000 [ 923.279354][ T38] [ 923.279362][ T38] INFO: task syz-executor:19598 blocked for more than 144 seconds. [ 923.279374][ T38] Not tainted syzkaller #0 [ 923.279383][ T38] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 923.279391][ T38] task:syz-executor state:D stack:26952 pid:19598 tgid:19598 ppid:1 task_flags:0x400140 flags:0x00004004 [ 923.279433][ T38] Call Trace: [ 923.279439][ T38] [ 923.279451][ T38] __schedule+0x16f3/0x4c20 [ 923.279487][ T38] ? is_bpf_text_address+0x26/0x2b0 [ 923.279519][ T38] ? __pfx___schedule+0x10/0x10 [ 923.279565][ T38] ? _raw_spin_unlock_irq+0x23/0x50 [ 923.279590][ T38] rt_mutex_schedule+0x77/0xf0 [ 923.279607][ T38] rt_mutex_slowlock_block+0x5ba/0x6d0 [ 923.279623][ T38] ? task_blocks_on_rt_mutex+0xf12/0x1380 [ 923.279653][ T38] rt_mutex_slowlock+0x2b1/0x6e0 [ 923.279671][ T38] ? rt_mutex_slowlock+0x1c9/0x6e0 [ 923.279688][ T38] ? __pfx_rt_mutex_slowlock+0x10/0x10 [ 923.279702][ T38] ? __lock_acquire+0xab9/0xd20 [ 923.279729][ T38] ? inet_rtm_newaddr+0x3b0/0x18b0 [ 923.279751][ T38] ? is_bpf_text_address+0x26/0x2b0 [ 923.279776][ T38] ? inet_rtm_newaddr+0x3b0/0x18b0 [ 923.279790][ T38] mutex_lock_nested+0x16a/0x1d0 [ 923.279814][ T38] inet_rtm_newaddr+0x3b0/0x18b0 [ 923.279842][ T38] ? __pfx_inet_rtm_newaddr+0x10/0x10 [ 923.279878][ T38] ? __pfx_inet_rtm_newaddr+0x10/0x10 [ 923.279894][ T38] rtnetlink_rcv_msg+0x7cf/0xb70 [ 923.279914][ T38] ? __lock_acquire+0xab9/0xd20 [ 923.279937][ T38] ? rtnetlink_rcv_msg+0x1ab/0xb70 [ 923.279957][ T38] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 923.279994][ T38] netlink_rcv_skb+0x208/0x470 [ 923.280013][ T38] ? __lock_acquire+0xab9/0xd20 [ 923.280035][ T38] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 923.280058][ T38] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 923.280091][ T38] ? netlink_deliver_tap+0x2e/0x1b0 [ 923.280120][ T38] netlink_unicast+0x846/0xa10 [ 923.280150][ T38] ? __pfx_netlink_unicast+0x10/0x10 [ 923.280172][ T38] ? netlink_sendmsg+0x642/0xb30 [ 923.280190][ T38] ? skb_put+0x11b/0x210 [ 923.280216][ T38] netlink_sendmsg+0x805/0xb30 [ 923.280247][ T38] ? __pfx_netlink_sendmsg+0x10/0x10 [ 923.280277][ T38] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 923.280293][ T38] ? __pfx_netlink_sendmsg+0x10/0x10 [ 923.280309][ T38] __sock_sendmsg+0x21c/0x270 [ 923.280326][ T38] __sys_sendto+0x3c7/0x520 [ 923.280346][ T38] ? __pfx___sys_sendto+0x10/0x10 [ 923.280395][ T38] ? exc_page_fault+0x76/0xf0 [ 923.280421][ T38] ? do_user_addr_fault+0xc8a/0x1390 [ 923.280446][ T38] __x64_sys_sendto+0xde/0x100 [ 923.280472][ T38] do_syscall_64+0xfa/0x3b0 [ 923.280492][ T38] ? lockdep_hardirqs_on+0x9c/0x150 [ 923.280513][ T38] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 923.280531][ T38] ? clear_bhb_loop+0x60/0xb0 [ 923.280561][ T38] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 923.280578][ T38] RIP: 0033:0x7fe6a20a0a7c [ 923.280592][ T38] RSP: 002b:00007fff4ae30970 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 923.280610][ T38] RAX: ffffffffffffffda RBX: 00007fe6a2e04620 RCX: 00007fe6a20a0a7c [ 923.280624][ T38] RDX: 0000000000000028 RSI: 00007fe6a2e04670 RDI: 0000000000000003 [ 923.280635][ T38] RBP: 0000000000000000 R08: 00007fff4ae309c4 R09: 000000000000000c [ 923.280646][ T38] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003 [ 923.280657][ T38] R13: 0000000000000000 R14: 00007fe6a2e04670 R15: 0000000000000000 [ 923.280686][ T38] [ 923.280715][ T38] [ 923.280715][ T38] Showing all locks held in the system: [ 923.280724][ T38] 3 locks held by kworker/u8:1/13: [ 923.280735][ T38] #0: ffff88814d2be138 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 923.280781][ T38] #1: ffffc90000127bc0 ((work_completion)(&(&net->ipv6.addr_chk_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 923.280826][ T38] #2: ffffffff8ecd2938 (rtnl_mutex){+.+.}-{4:4}, at: addrconf_verify_work+0x19/0x30 [ 923.280868][ T38] 2 locks held by rcuc/1/28: [ 923.280878][ T38] #0: ffffffff8d84a7a0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 923.280921][ T38] #1: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 923.280963][ T38] 8 locks held by ktimers/1/29: [ 923.280973][ T38] 2 locks held by ksoftirqd/1/30: [ 923.280983][ T38] #0: ffffffff8d84a7a0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 923.281025][ T38] #1: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 923.281069][ T38] 1 lock held by khungtaskd/38: [ 923.281078][ T38] #0: ffffffff8d9a8bc0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180 [ 923.281132][ T38] 6 locks held by kworker/u8:9/1518: [ 923.281143][ T38] #0: ffff88801a6f4138 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 923.281187][ T38] #1: ffffc90005a57bc0 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 923.281229][ T38] #2: ffffffff8ecc5a20 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xf7/0x800 [ 923.281273][ T38] #3: ffff88805bf700d8 (&dev->mutex){....}-{4:4}, at: devlink_pernet_pre_exit+0x10a/0x3d0 [ 923.281320][ T38] #4: ffff88805bf71300 (&devlink->lock_key#5){+.+.}-{4:4}, at: devlink_pernet_pre_exit+0x11c/0x3d0 [ 923.281370][ T38] #5: ffffffff8ecd2938 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_dev_lock+0x257/0x2f0 [ 923.281425][ T38] 3 locks held by kworker/u8:15/4601: [ 923.281435][ T38] #0: ffff888019881138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 923.281478][ T38] #1: ffffc9000f8e7bc0 ((linkwatch_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 923.281522][ T38] #2: ffffffff8ecd2938 (rtnl_mutex){+.+.}-{4:4}, at: linkwatch_event+0xe/0x60 [ 923.281575][ T38] 2 locks held by getty/5602: [ 923.281585][ T38] #0: ffff88823bf3c8a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 923.281631][ T38] #1: ffffc90003e832e0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x444/0x1410 [ 923.281673][ T38] 4 locks held by kworker/u9:3/5843: [ 923.281683][ T38] #0: ffff888048260138 ((wq_completion)hci12#2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 923.281730][ T38] #1: ffffc90004c27bc0 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 923.281774][ T38] #2: ffff8880783840a8 (&hdev->lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x9b/0x8e0 [ 923.281816][ T38] #3: ffffffff8ee3a2b8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x516/0x8e0 [ 923.281860][ T38] 4 locks held by kworker/1:4/5920: [ 923.281870][ T38] #0: ffff888019899138 ((wq_completion)events_long){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 923.281913][ T38] #1: ffffc90005137bc0 ((work_completion)(&(&ipvs->defense_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 923.281956][ T38] #2: ffffffff8d84a7a0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 923.281997][ T38] #3: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 923.282047][ T38] 1 lock held by syz-executor/19419: [ 923.282057][ T38] #0: ffffffff8d9ae570 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570 [ 923.282098][ T38] 4 locks held by kworker/1:12/19439: [ 923.282108][ T38] #0: ffff88803ac40938 ((wq_completion)wg-crypt-wg0#6){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 923.282156][ T38] #1: ffffc90003bcfbc0 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __ptr = (unsigned long) ((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker)))); (typeof((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker))))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 923.282212][ T38] #2: ffffffff8d84a7a0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 923.282254][ T38] #3: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 923.282298][ T38] 3 locks held by kworker/0:14/19532: [ 923.282308][ T38] #0: ffff888019898538 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 923.282350][ T38] #1: ffffc90005c1fbc0 (deferred_process_work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 923.282393][ T38] #2: ffffffff8ecd2938 (rtnl_mutex){+.+.}-{4:4}, at: switchdev_deferred_process_work+0xe/0x20 [ 923.282441][ T38] 1 lock held by syz.0.6329/19549: [ 923.282451][ T38] #0: ffffffff8ecd2938 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x41/0x1c0 [ 923.282495][ T38] 2 locks held by kworker/u8:2/19551: [ 923.282507][ T38] 2 locks held by syz-executor/19587: [ 923.282516][ T38] #0: ffff88807ee94e80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_unregister_dev+0x212/0x510 [ 923.282565][ T38] #1: ffff88807ee940a8 (&hdev->lock){+.+.}-{4:4}, at: hci_dev_close_sync+0x66a/0x1330 [ 923.282609][ T38] 1 lock held by syz-executor/19590: [ 923.282619][ T38] #0: ffffffff8ecd2938 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 923.282659][ T38] 1 lock held by syz-executor/19594: [ 923.282668][ T38] #0: ffffffff8ecd2938 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 923.282707][ T38] 6 locks held by kworker/u9:6/19595: [ 923.282717][ T38] #0: ffff888036bd5138 ((wq_completion)hci2#2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 923.282762][ T38] #1: ffffc90003cafbc0 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 923.282805][ T38] #2: ffff888054b68e80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_cmd_sync_work+0x1d4/0x3a0 [ 923.282844][ T38] #3: ffff888054b680a8 (&hdev->lock){+.+.}-{4:4}, at: hci_abort_conn_sync+0x242/0xe30 [ 923.282888][ T38] #4: ffffffff8ee3a2b8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_failed+0x165/0x310 [ 923.282931][ T38] #5: ffff88807349a358 (&conn->lock#2){+.+.}-{4:4}, at: l2cap_conn_del+0x70/0x680 [ 923.282980][ T38] 1 lock held by syz-executor/19598: [ 923.282990][ T38] #0: ffffffff8ecd2938 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 923.283029][ T38] 5 locks held by kworker/u9:7/19600: [ 923.283039][ T38] #0: ffff888056504138 ((wq_completion)hci16){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 923.283082][ T38] #1: ffffc90003fcfbc0 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 923.283125][ T38] #2: ffff8880760d4e80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_cmd_sync_work+0x1d4/0x3a0 [ 923.283164][ T38] #3: ffff8880760d40a8 (&hdev->lock){+.+.}-{4:4}, at: hci_abort_conn_sync+0x242/0xe30 [ 923.283207][ T38] #4: ffffffff8ee3a2b8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_failed+0x165/0x310 [ 923.283250][ T38] 1 lock held by syz-executor/19602: [ 923.283260][ T38] #0: ffffffff8ecd2938 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 923.283299][ T38] 1 lock held by syz-executor/19606: [ 923.283309][ T38] #0: ffffffff8ecd2938 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 923.283347][ T38] 1 lock held by syz-executor/19609: [ 923.283357][ T38] #0: ffffffff8ecd2938 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 923.283395][ T38] 1 lock held by syz-executor/19612: [ 923.283405][ T38] #0: ffffffff8ecd2938 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 923.283444][ T38] 1 lock held by syz-executor/19616: [ 923.283454][ T38] #0: ffffffff8ecd2938 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 923.283493][ T38] 1 lock held by syz-executor/19619: [ 923.283503][ T38] #0: ffffffff8ecd2938 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 923.283551][ T38] 1 lock held by syz-executor/19622: [ 923.283561][ T38] #0: ffffffff8ecd2938 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 923.283601][ T38] 1 lock held by syz-executor/19625: [ 923.283611][ T38] #0: ffffffff8ecd2938 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 923.283650][ T38] 1 lock held by syz-executor/19628: [ 923.283660][ T38] #0: ffffffff8ecd2938 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 923.283699][ T38] 1 lock held by syz-executor/19631: [ 923.283709][ T38] #0: ffffffff8ecd2938 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 923.283748][ T38] 1 lock held by syz-executor/19634: [ 923.283758][ T38] #0: ffffffff8ecd2938 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 923.283796][ T38] [ 923.283800][ T38] ============================================= [ 923.283800][ T38] [ 923.283817][ T38] NMI backtrace for cpu 0 [ 923.283836][ T38] CPU: 0 UID: 0 PID: 38 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 923.283882][ T38] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 923.283903][ T38] Call Trace: [ 923.283910][ T38] [ 923.283917][ T38] dump_stack_lvl+0x189/0x250 [ 923.283944][ T38] ? __pfx_dump_stack_lvl+0x10/0x10 [ 923.283966][ T38] ? __pfx__printk+0x10/0x10 [ 923.283997][ T38] nmi_cpu_backtrace+0x39e/0x3d0 [ 923.284019][ T38] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 923.284040][ T38] ? __pfx__printk+0x10/0x10 [ 923.284063][ T38] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 923.284085][ T38] nmi_trigger_cpumask_backtrace+0x17a/0x300 [ 923.284107][ T38] watchdog+0xf93/0xfe0 [ 923.284132][ T38] ? watchdog+0x1de/0xfe0 [ 923.284158][ T38] kthread+0x70e/0x8a0 [ 923.284185][ T38] ? __pfx_watchdog+0x10/0x10 [ 923.284204][ T38] ? __pfx_kthread+0x10/0x10 [ 923.284231][ T38] ? __pfx_kthread+0x10/0x10 [ 923.284255][ T38] ret_from_fork+0x3f9/0x770 [ 923.284278][ T38] ? __pfx_ret_from_fork+0x10/0x10 [ 923.284305][ T38] ? __switch_to_asm+0x39/0x70 [ 923.284320][ T38] ? __switch_to_asm+0x33/0x70 [ 923.284334][ T38] ? __pfx_kthread+0x10/0x10 [ 923.284357][ T38] ret_from_fork_asm+0x1a/0x30 [ 923.284389][ T38] [ 923.284395][ T38] Sending NMI from CPU 0 to CPUs 1: [ 923.284420][ C1] NMI backtrace for cpu 1 [ 923.284434][ C1] CPU: 1 UID: 0 PID: 29 Comm: ktimers/1 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 923.284453][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 923.284462][ C1] RIP: 0010:__lock_acquire+0x460/0xd20 [ 923.284486][ C1] Code: ff ff ff 0f 4c e9 ff c5 45 8d 7c 24 01 49 ff cc 44 89 f9 83 c1 fe 78 44 44 89 e3 81 e3 ff ff ff 7f 83 f9 31 73 1d 48 8d 0c 9b <8b> 8c cf 40 0b 00 00 31 c1 41 ff cf 49 ff cc f7 c1 00 60 00 00 74 [ 923.284501][ C1] RSP: 0018:ffffc90000a3e048 EFLAGS: 00000097 [ 923.284515][ C1] RAX: 000000000002000b RBX: 0000000000000000 RCX: 0000000000000000 [ 923.284526][ C1] RDX: 0000000000000003 RSI: 0000000000000000 RDI: ffff88801c6b1dc0 [ 923.284536][ C1] RBP: 0000000000000000 R08: 0000000000000000 R09: ffffffff8172b165 [ 923.284547][ C1] R10: ffffc90000a3e298 R11: ffffffff81aae2f0 R12: 0000000000000000 [ 923.284558][ C1] R13: 0000000000000001 R14: ffff88801c6b29f8 R15: 0000000000000002 [ 923.284569][ C1] FS: 0000000000000000(0000) GS:ffff8881269c1000(0000) knlGS:0000000000000000 [ 923.284583][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 923.284595][ C1] CR2: 00007fc4a3fddb12 CR3: 0000000060914000 CR4: 00000000003526f0 [ 923.284610][ C1] Call Trace: [ 923.284616][ C1] [ 923.284627][ C1] ? unwind_next_frame+0xa5/0x2390 [ 923.284648][ C1] lock_acquire+0x120/0x360 [ 923.284667][ C1] ? unwind_next_frame+0xa5/0x2390 [ 923.284691][ C1] ? unwind_next_frame+0xa5/0x2390 [ 923.284712][ C1] ? get_page_from_freelist+0x2119/0x21b0 [ 923.284728][ C1] ? unwind_next_frame+0xa5/0x2390 [ 923.284749][ C1] unwind_next_frame+0xc2/0x2390 [ 923.284769][ C1] ? unwind_next_frame+0xa5/0x2390 [ 923.284792][ C1] ? unwind_next_frame+0xa5/0x2390 [ 923.284813][ C1] ? post_alloc_hook+0x240/0x2a0 [ 923.284836][ C1] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 923.284854][ C1] arch_stack_walk+0x11c/0x150 [ 923.284879][ C1] ? get_page_from_freelist+0x2119/0x21b0 [ 923.284897][ C1] stack_trace_save+0x9c/0xe0 [ 923.284913][ C1] ? __pfx_stack_trace_save+0x10/0x10 [ 923.284933][ C1] save_stack+0xf7/0x1f0 [ 923.284953][ C1] ? __pfx_save_stack+0x10/0x10 [ 923.284970][ C1] ? post_alloc_hook+0x240/0x2a0 [ 923.284990][ C1] ? get_page_from_freelist+0x2119/0x21b0 [ 923.285011][ C1] ? seqcount_lockdep_reader_access+0x102/0x180 [ 923.285034][ C1] __set_page_owner+0x8d/0x490 [ 923.285054][ C1] ? __pfx___set_page_owner+0x10/0x10 [ 923.285071][ C1] ? rt_spin_trylock+0xfa/0x180 [ 923.285088][ C1] ? __pfx_migrate_enable+0x10/0x10 [ 923.285110][ C1] post_alloc_hook+0x240/0x2a0 [ 923.285135][ C1] get_page_from_freelist+0x2119/0x21b0 [ 923.285157][ C1] ? do_raw_spin_lock+0x121/0x290 [ 923.285179][ C1] __alloc_frozen_pages_noprof+0x181/0x370 [ 923.285196][ C1] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 923.285216][ C1] ? policy_nodemask+0x28b/0x720 [ 923.285239][ C1] alloc_pages_mpol+0xd1/0x380 [ 923.285261][ C1] allocate_slab+0x8a/0x370 [ 923.285279][ C1] ___slab_alloc+0x8d1/0xdd0 [ 923.285309][ C1] ? dst_alloc+0x105/0x170 [ 923.285325][ C1] ? dst_alloc+0x105/0x170 [ 923.285338][ C1] kmem_cache_alloc_noprof+0xe6/0x310 [ 923.285360][ C1] dst_alloc+0x105/0x170 [ 923.285375][ C1] ip_route_output_key_hash_rcu+0x1560/0x23e0 [ 923.285404][ C1] ? ip_route_output_key_hash+0xde/0x2e0 [ 923.285428][ C1] ip_route_output_key_hash+0x1b9/0x2e0 [ 923.285450][ C1] ? __lock_acquire+0xab9/0xd20 [ 923.285470][ C1] ? __pfx_ip_route_output_key_hash+0x10/0x10 [ 923.285497][ C1] ? ip_route_me_harder+0x4ad/0x1030 [ 923.285516][ C1] ip_route_output_flow+0x2a/0x150 [ 923.285536][ C1] ? ip_route_me_harder+0x6c0/0x1030 [ 923.285553][ C1] ip_route_me_harder+0x6d2/0x1030 [ 923.285574][ C1] ? __pfx_ip_route_me_harder+0x10/0x10 [ 923.285603][ C1] synproxy_send_tcp+0x359/0x6c0 [ 923.285626][ C1] synproxy_send_client_synack+0x8bb/0xe20 [ 923.285653][ C1] ? __pfx_synproxy_send_client_synack+0x10/0x10 [ 923.285673][ C1] ? nft_sock_get_eval_cgroupv2+0x18/0x270 [ 923.285696][ C1] ? synproxy_pernet+0x45/0x270 [ 923.285713][ C1] nft_synproxy_eval_v4+0x36e/0x560 [ 923.285738][ C1] ? __pfx_nft_synproxy_eval_v4+0x10/0x10 [ 923.285763][ C1] ? nf_ip_checksum+0x13c/0x510 [ 923.285787][ C1] nft_synproxy_do_eval+0x345/0x570 [ 923.285812][ C1] ? __pfx_nft_synproxy_do_eval+0x10/0x10 [ 923.285843][ C1] nft_do_chain+0x40c/0x1920 [ 923.285871][ C1] ? __pfx_nft_do_chain+0x10/0x10 [ 923.285896][ C1] ? stack_depot_save_flags+0x40/0x860 [ 923.285921][ C1] ? hsr_forward_skb+0x1ac6/0x2860 [ 923.285940][ C1] ? send_hsr_supervision_frame+0x62f/0xb50 [ 923.285957][ C1] ? hsr_announce+0x1d2/0x360 [ 923.285972][ C1] ? call_timer_fn+0x17b/0x5f0 [ 923.285992][ C1] ? handle_softirqs+0x22f/0x710 [ 923.286009][ C1] ? run_ktimerd+0xcf/0x190 [ 923.286029][ C1] ? smpboot_thread_fn+0x53f/0xa60 [ 923.286047][ C1] ? kthread+0x70e/0x8a0 [ 923.286071][ C1] nft_do_chain_inet+0x25d/0x340 [ 923.286093][ C1] ? __pfx_nft_do_chain_inet+0x10/0x10 [ 923.286114][ C1] ? __lock_acquire+0xab9/0xd20 [ 923.286138][ C1] ? NF_HOOK+0x9a/0x3a0 [ 923.286156][ C1] ? __pfx_nft_do_chain_inet+0x10/0x10 [ 923.286179][ C1] nf_hook_slow+0xc2/0x220 [ 923.286223][ C1] NF_HOOK+0x206/0x3a0 [ 923.286242][ C1] ? __pfx_ip_local_deliver_finish+0x10/0x10 [ 923.286260][ C1] ? NF_HOOK+0x9a/0x3a0 [ 923.286277][ C1] ? __pfx_NF_HOOK+0x10/0x10 [ 923.286299][ C1] ? ip_rcv_finish_core+0xda3/0x1c00 [ 923.286319][ C1] ? __pfx_ip_local_deliver_finish+0x10/0x10 [ 923.286339][ C1] ? skb_dst+0x4f/0xd0 [ 923.286356][ C1] ? ip_local_deliver+0x12a/0x1b0 [ 923.286376][ C1] NF_HOOK+0x309/0x3a0 [ 923.286395][ C1] ? __pfx_ip_rcv_finish+0x10/0x10 [ 923.286413][ C1] ? NF_HOOK+0x9a/0x3a0 [ 923.286430][ C1] ? __pfx_NF_HOOK+0x10/0x10 [ 923.286448][ C1] ? __pfx_ip_rcv_finish+0x10/0x10 [ 923.286471][ C1] ? __pfx_ip_rcv+0x10/0x10 [ 923.286488][ C1] __netif_receive_skb+0x143/0x380 [ 923.286505][ C1] ? rt_spin_unlock+0x65/0x80 [ 923.286523][ C1] ? process_backlog+0x27b/0x900 [ 923.286541][ C1] process_backlog+0x31e/0x900 [ 923.286564][ C1] __napi_poll+0xb3/0x540 [ 923.286582][ C1] net_rx_action+0x707/0xe00 [ 923.286608][ C1] ? __pfx_net_rx_action+0x10/0x10 [ 923.286641][ C1] handle_softirqs+0x22f/0x710 [ 923.286663][ C1] ? __pfx_handle_softirqs+0x10/0x10 [ 923.286687][ C1] run_ktimerd+0xcf/0x190 [ 923.286707][ C1] ? __pfx_run_ktimerd+0x10/0x10 [ 923.286726][ C1] ? schedule+0x91/0x360 [ 923.286747][ C1] ? smpboot_thread_fn+0x4d/0xa60 [ 923.286765][ C1] smpboot_thread_fn+0x53f/0xa60 [ 923.286784][ C1] ? smpboot_thread_fn+0x4d/0xa60 [ 923.286807][ C1] kthread+0x70e/0x8a0 [ 923.286829][ C1] ? __pfx_smpboot_thread_fn+0x10/0x10 [ 923.286848][ C1] ? __pfx_kthread+0x10/0x10 [ 923.286872][ C1] ? __pfx_kthread+0x10/0x10 [ 923.286894][ C1] ret_from_fork+0x3f9/0x770 [ 923.286914][ C1] ? __pfx_ret_from_fork+0x10/0x10 [ 923.286936][ C1] ? __switch_to_asm+0x39/0x70 [ 923.286950][ C1] ? __switch_to_asm+0x33/0x70 [ 923.286965][ C1] ? __pfx_kthread+0x10/0x10 [ 923.286987][ C1] ret_from_fork_asm+0x1a/0x30 [ 923.287009][ C1] [ 923.715331][ T38] Kernel panic - not syncing: hung_task: blocked tasks [ 923.715351][ T38] CPU: 0 UID: 0 PID: 38 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 923.715372][ T38] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 923.715383][ T38] Call Trace: [ 923.715391][ T38] [ 923.715400][ T38] dump_stack_lvl+0x99/0x250 [ 923.715429][ T38] ? __asan_memcpy+0x40/0x70 [ 923.715448][ T38] ? __pfx_dump_stack_lvl+0x10/0x10 [ 923.715471][ T38] ? __pfx__printk+0x10/0x10 [ 923.715509][ T38] vpanic+0x281/0x750 [ 923.715535][ T38] ? __pfx_vpanic+0x10/0x10 [ 923.715556][ T38] ? preempt_schedule+0xae/0xc0 [ 923.715579][ T38] ? preempt_schedule_common+0x83/0xd0 [ 923.715606][ T38] panic+0xb9/0xc0 [ 923.715628][ T38] ? __pfx_panic+0x10/0x10 [ 923.715652][ T38] ? preempt_schedule_thunk+0x16/0x30 [ 923.715677][ T38] ? nmi_trigger_cpumask_backtrace+0x2bb/0x300 [ 923.715700][ T38] watchdog+0xfd2/0xfe0 [ 923.715726][ T38] ? watchdog+0x1de/0xfe0 [ 923.715752][ T38] kthread+0x70e/0x8a0 [ 923.715779][ T38] ? __pfx_watchdog+0x10/0x10 [ 923.715799][ T38] ? __pfx_kthread+0x10/0x10 [ 923.715826][ T38] ? __pfx_kthread+0x10/0x10 [ 923.715850][ T38] ret_from_fork+0x3f9/0x770 [ 923.715874][ T38] ? __pfx_ret_from_fork+0x10/0x10 [ 923.715901][ T38] ? __switch_to_asm+0x39/0x70 [ 923.715916][ T38] ? __switch_to_asm+0x33/0x70 [ 923.715931][ T38] ? __pfx_kthread+0x10/0x10 [ 923.715955][ T38] ret_from_fork_asm+0x1a/0x30 [ 923.715987][ T38] [ 923.716305][ T38] Kernel Offset: disabled