last executing test programs: 8m57.745446549s ago: executing program 3 (id=271): syz_emit_ethernet(0x4e, &(0x7f0000000180)=ANY=[], 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e21, @multicast1}, 0x10) connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1d}}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000280)='cdg', 0x3) sendto$inet(r0, &(0x7f0000000000), 0xffffffffffffff94, 0xb, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) socket(0x10, 0x3, 0x0) sendto$inet6(r4, 0x0, 0x0, 0x20000841, &(0x7f0000b63fe4)={0xa, 0x2, 0xfffffffd, @empty}, 0x1c) recvfrom$inet(r0, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0xc9100120, 0x0, 0xfffffffffffffd25) 8m53.608779757s ago: executing program 3 (id=286): r0 = open(0x0, 0x1c1c01, 0x80) getdents(r0, 0x0, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$L2TP_CMD_TUNNEL_CREATE(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0, 0x44}}, 0x40004) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x201) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) timer_create(0x1, &(0x7f0000000800)={0x0, 0x14, 0x4}, &(0x7f0000000000)) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000340)=ANY=[], 0x7c}}, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x4048014) sendmmsg$sock(r2, &(0x7f0000004100)=[{{0x0, 0x0, 0x0}}], 0xffffff80, 0x0) shutdown(r2, 0x1) setsockopt$XDP_UMEM_COMPLETION_RING(0xffffffffffffffff, 0x11b, 0x6, 0x0, 0x0) socket$inet6_udplite(0xa, 0x2, 0x88) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0) mkdir(&(0x7f0000000400)='./file0\x00', 0x0) r3 = syz_io_uring_setup(0x106, 0x0, &(0x7f00000003c0)=0x0, &(0x7f0000000200)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, &(0x7f0000000480)='./file0\x00', 0x0, 0x29c780}) io_uring_enter(r3, 0x203516, 0x4addf, 0x2, 0x0, 0x0) 8m51.270997827s ago: executing program 3 (id=290): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="1b00"/11], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000001800)={0x11, 0xc, &(0x7f0000000c00)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) write$binfmt_script(0xffffffffffffffff, &(0x7f0000000140)={'#! ', './file0', [{0x20, '\x00'}, {0x20, 'kmem_cache_free\x00'}, {0x20, 'GPL\x00'}, {0x20, '%'}], 0xa, "de0a842a419030f3fe661c675d422849659783877a8db73e7821ff2c254c05ac11e46555dcef54377485dcabf856ec3877221f5efcd905becc59b2afc2bab36b69a24952e13934b3b9eadda2b42374099800b57c70de035c7a20303506058b1f340ff2be38f32807"}, 0x8d) r2 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2040, 0x0) fcntl$setlease(r2, 0x400, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2040, 0x0) 8m50.85789641s ago: executing program 3 (id=295): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000240)=@updpolicy={0xcc, 0x13, 0xcb23c9c9931e99e9, 0x0, 0x0, {{@in6=@ipv4={'\x00', '\xff\xff', @private}, @in6=@dev={0xfe, 0x80, '\x00', 0x11}, 0xfffe, 0x400, 0x1000, 0x0, 0x2, 0x0, 0x20, 0x0, 0x0, 0xee01}, {0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x3}}, [@mark={0xc, 0x15, {0x35075b, 0x100}}, @XFRMA_IF_ID={0x8, 0x1f, 0x2}]}, 0xcc}}, 0x0) 8m49.416167648s ago: executing program 3 (id=298): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x6) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000802000074"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="18000000000000000000000000000000181200", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000040000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={0x0, r1}, 0x18) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r2 = getpid() sched_setscheduler(r2, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r5 = socket$inet6(0xa, 0x80002, 0x0) setsockopt$sock_linger(r5, 0x1, 0x3c, 0x0, 0x0) connect$inet6(r5, &(0x7f0000000000)={0xa, 0x4e27, 0xffffffff, @mcast2, 0x5}, 0x1c) sendmmsg$inet6(r5, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}}], 0x400000000000172, 0x4001c00) mount$bpf(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x8011, 0x0) 8m47.653774014s ago: executing program 3 (id=302): r0 = socket$inet_mptcp(0x2, 0x1, 0x106) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e21, @multicast2}, 0x10) r1 = socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, 0x0) r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x50) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r3 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r3, 0x2, &(0x7f00000005c0)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f0000000180)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0xa, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB, @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000d8d60b007b8af8ff00000000bfa200000000000007"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400}, 0x94) eventfd2(0x3, 0x80000) connect$inet(r0, &(0x7f0000000080)={0x2, 0x4e21, @empty}, 0x10) r6 = syz_genetlink_get_family_id$mptcp(&(0x7f0000003040), 0xffffffffffffffff) r7 = socket$nl_generic(0x10, 0x3, 0x10) connect$tipc(0xffffffffffffffff, &(0x7f0000000000)=@id={0x1e, 0x3, 0x0, {0x4e22, 0x2}}, 0x10) sendmsg$MPTCP_PM_CMD_DEL_ADDR(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000003140)={&(0x7f0000003080)={0x28, r6, 0xe6e964277ae08d57, 0x70bd2d, 0x25dfdbfb, {}, [@MPTCP_PM_ATTR_ADDR={0x14, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @loopback}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}]}]}, 0x28}, 0x1, 0x0, 0x0, 0x8040000}, 0x40080) r8 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r8, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xc1}, 0x0) sendmsg$nl_xfrm(r8, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000040)=@allocspi={0xf8, 0x16, 0x1, 0x0, 0x0, {{{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@mcast1}, {@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x0, 0x33}, @in6=@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x29}}, {0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1}, {}, {}, 0x0, 0x0, 0xa}}}, 0xf8}}, 0x0) 8m32.545467378s ago: executing program 32 (id=302): r0 = socket$inet_mptcp(0x2, 0x1, 0x106) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e21, @multicast2}, 0x10) r1 = socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, 0x0) r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x50) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r3 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r3, 0x2, &(0x7f00000005c0)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f0000000180)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0xa, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB, @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000d8d60b007b8af8ff00000000bfa200000000000007"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400}, 0x94) eventfd2(0x3, 0x80000) connect$inet(r0, &(0x7f0000000080)={0x2, 0x4e21, @empty}, 0x10) r6 = syz_genetlink_get_family_id$mptcp(&(0x7f0000003040), 0xffffffffffffffff) r7 = socket$nl_generic(0x10, 0x3, 0x10) connect$tipc(0xffffffffffffffff, &(0x7f0000000000)=@id={0x1e, 0x3, 0x0, {0x4e22, 0x2}}, 0x10) sendmsg$MPTCP_PM_CMD_DEL_ADDR(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000003140)={&(0x7f0000003080)={0x28, r6, 0xe6e964277ae08d57, 0x70bd2d, 0x25dfdbfb, {}, [@MPTCP_PM_ATTR_ADDR={0x14, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @loopback}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}]}]}, 0x28}, 0x1, 0x0, 0x0, 0x8040000}, 0x40080) r8 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r8, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xc1}, 0x0) sendmsg$nl_xfrm(r8, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000040)=@allocspi={0xf8, 0x16, 0x1, 0x0, 0x0, {{{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@mcast1}, {@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x0, 0x33}, @in6=@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x29}}, {0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1}, {}, {}, 0x0, 0x0, 0xa}}}, 0xf8}}, 0x0) 2m8.528669864s ago: executing program 0 (id=2303): openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/clients\x00', 0x0, 0x0) preadv(r0, &(0x7f0000000080)=[{&(0x7f0000004bc0)=""/68, 0x44}], 0x1, 0x8000, 0x0) 2m6.103854752s ago: executing program 0 (id=2307): bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e0000000000000005"], 0x48) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$VT_GETMODE(r0, 0x5601, &(0x7f0000000140)) 2m4.464534464s ago: executing program 0 (id=2312): r0 = socket(0x10, 0x3, 0x0) write(r0, &(0x7f0000000580)="240000001e005f031400ff01000000f80700b3586ff606c2e553797c080008e467dc0000", 0x24) recvmmsg(r0, &(0x7f0000005180), 0x400000000000166, 0x1a000, 0x0) 1m57.653031241s ago: executing program 0 (id=2315): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0x3) ioctl$TIOCSSOFTCAR(r0, 0x5432, 0x0) 1m55.83154163s ago: executing program 0 (id=2319): sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01030000000000000000010000000900010073797a300000000040000000030a01020000000000000000010000000900030073797a32000000001400048008000240326565a708000140000000000900010073797a300000000048000000060a010400000000000000000100000008000b40000000000900010073797a3000000000200004801c0001800b00010072656a"], 0xd0}}, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="280500003d0007010000000000000000027c0000040000000c"], 0x528}, 0x1, 0x0, 0x0, 0x4000}, 0xc000) 1m55.071217418s ago: executing program 0 (id=2321): r0 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000000), 0xe8902, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0x5) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)) 1m42.306277858s ago: executing program 4 (id=2341): semop(0x0, &(0x7f00000002c0)=[{0x0, 0x9b6a}], 0x1) semop(0x0, &(0x7f0000000200), 0x53) semctl$GETNCNT(0x0, 0x0, 0xe, 0x0) 1m39.850148344s ago: executing program 33 (id=2321): r0 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000000), 0xe8902, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0x5) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)) 1m38.544908564s ago: executing program 4 (id=2345): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ieee802154(&(0x7f00000011c0), r0) sendmsg$IEEE802154_LLSEC_LIST_DEV(r0, &(0x7f0000001280)={0x0, 0x0, &(0x7f0000001240)={&(0x7f0000001200)={0x14, r1, 0x301, 0x70bd27, 0x25dfdbfc}, 0x14}}, 0x40004) 1m38.544591246s ago: executing program 1 (id=2346): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000008c0)={{0x14}, [@NFT_MSG_NEWRULE={0x50, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x24, 0x4, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @ct={{0x7}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_CT_DREG={0x8, 0x1, 0x1, 0x0, 0x17}, @NFTA_CT_KEY={0x8, 0x2, 0x1, 0x0, 0x14}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x78}}, 0x0) 1m38.113121776s ago: executing program 4 (id=2348): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x81, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_GSI_ROUTING(r1, 0x4008ae6a, 0x0) 1m37.227926104s ago: executing program 1 (id=2350): r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$VT_OPENQRY(r1, 0x5600, &(0x7f0000000140)) 1m35.879427916s ago: executing program 1 (id=2352): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x28012, r0, 0xac926000) madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0xc) 1m35.69019521s ago: executing program 4 (id=2353): r0 = openat$mice(0xffffffffffffff9c, &(0x7f0000000100), 0x101) write$FUSE_INIT(r0, &(0x7f0000000000)={0x50, 0xfffffffffffffffe, 0x0, {0x7, 0x2b, 0xf3f1, 0x10020802, 0x6, 0x5, 0xfffffffb, 0xfffffff7, 0x0, 0x0, 0x1, 0x10001}}, 0x50) ppoll(&(0x7f00000001c0)=[{r0, 0x2002}], 0x1, &(0x7f0000002640)={0x0, 0x3938700}, 0x0, 0x0) 1m34.698704726s ago: executing program 1 (id=2354): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000740)=@newtfilter={0x24, 0x2c, 0xd27, 0x30bd28, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, {0x0, 0xfff3}, {0x0, 0x1}, {0x10, 0x10}}}, 0x24}, 0x1, 0x0, 0x0, 0x20048084}, 0x2008c010) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000740)=ANY=[], 0x40}, 0x1, 0x0, 0x0, 0x200440c0}, 0x4008804) 1m34.241250506s ago: executing program 1 (id=2356): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000480)={{0x14}, [@NFT_MSG_NEWRULE={0x4c, 0x6, 0xa, 0x401, 0x0, 0x0, {0x2, 0x0, 0xffff}, [@NFTA_RULE_EXPRESSIONS={0x20, 0x4, 0x0, 0x1, [{0x1c, 0x1, 0x0, 0x1, @exthdr={{0xb}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_EXTHDR_FLAGS={0x8, 0x6, 0x1, 0x0, 0x2}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x74}}, 0x0) 1m33.236892553s ago: executing program 1 (id=2359): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x2000, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_IRQCHIP(r1, 0xc048aec8, 0x0) 1m31.883717389s ago: executing program 4 (id=2360): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$TIPC_NL_MEDIA_GET(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000200)=ANY=[@ANYBLOB='l\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01002bbd700100000000030000005800018044000400200001000a00000000000000fe800000000000000000000000000010f8000000200002000a00000000000005ff64c100000000000000000000000001000000000d0001007564703a73"], 0x6c}}, 0x0) 1m29.831628387s ago: executing program 4 (id=2363): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'pimreg0\x00', 0x7c2}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000000)={0x3, &(0x7f00000005c0)=[{0x2, 0x0, 0x3, 0xb}, {0x20}, {0x16, 0x0, 0x1, 0xfffffffe}]}) 1m20.494307375s ago: executing program 5 (id=2370): r0 = socket(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000700)=@newqdisc={0x58, 0x24, 0x3fe3aa0262d8c583, 0x70bd2c, 0x25dfdbfd, {0x0, 0x0, 0x0, r1, {0x0, 0xf}, {0xffff, 0xffff}, {0x6}}, [@qdisc_kind_options=@q_sfb={{0x8}, {0x2c, 0x2, @TCA_SFB_PARMS={0x28, 0x1, {0x4, 0x8000, 0x2, 0x5, 0x3, 0x1000, 0x0, 0xd2d, 0x8}}}}]}, 0x58}, 0x1, 0x0, 0x0, 0x2}, 0x2000400c) 1m17.7076063s ago: executing program 34 (id=2359): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x2000, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_IRQCHIP(r1, 0xc048aec8, 0x0) 1m16.246446163s ago: executing program 5 (id=2374): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[@ANYBLOB="3800000020000100ecc2000000000000020020000000000100000000140003006c6f0000000000000000000000000000080002"], 0x38}, 0x1, 0x0, 0x0, 0x40008c4}, 0x8000) sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0) 1m14.66523607s ago: executing program 5 (id=2375): r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000380), 0x101040) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000300)={{0x0, 0x2, 0xd, 0x0, 0x3}}) ioctl$SNDRV_TIMER_IOCTL_INFO(r0, 0x5423, 0x0) 1m13.70348994s ago: executing program 35 (id=2363): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'pimreg0\x00', 0x7c2}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000000)={0x3, &(0x7f00000005c0)=[{0x2, 0x0, 0x3, 0xb}, {0x20}, {0x16, 0x0, 0x1, 0xfffffffe}]}) 1m11.373398627s ago: executing program 5 (id=2379): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = gettid() sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000400)=ANY=[@ANYBLOB="3c0000001000030425bd70000000000000000000", @ANYRES32=0x0, @ANYBLOB="0085000000000000140012800900010076657468000400000000028008001300", @ANYRES32=r1], 0x3c}, 0x1, 0x0, 0x0, 0x20000804}, 0x8000) 1m7.447905023s ago: executing program 5 (id=2380): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x4000000) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000007c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x7}}, [@NFT_MSG_NEWRULE={0x7c, 0x6, 0xa, 0x403, 0x0, 0x0, {0xa, 0x0, 0x5}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_RULE_EXPRESSIONS={0x50, 0x4, 0x0, 0x1, [{0x4c, 0x1, 0x0, 0x1, @target={{0xb}, @val={0x3c, 0x2, 0x0, 0x1, [@NFTA_TARGET_INFO={0x24, 0x3, "7339f2f30455afb9fdd672bad09dfb78c7699c74e891a0c70000000000000000"}, @NFTA_TARGET_REV={0x8}, @NFTA_TARGET_NAME={0xc, 0x1, 'RATEEST\x00'}]}}}]}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0xa4}, 0x1, 0x0, 0x0, 0x4000850}, 0x20040040) 1m5.499439019s ago: executing program 5 (id=2382): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000018c0)={'team0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=@newlink={0x48, 0x10, 0x49920d862a92153b, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, 0x41, 0x15001}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @gtp={{0x8}, {0x14, 0x2, 0x0, 0x1, [@IFLA_GTP_FD0={0x8}, @IFLA_GTP_PDP_HASHSIZE={0x8, 0x3, 0x5d07}]}}}, @IFLA_MASTER={0x8, 0xa, r1}]}, 0x48}}, 0x0) 48.479751959s ago: executing program 36 (id=2382): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000018c0)={'team0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=@newlink={0x48, 0x10, 0x49920d862a92153b, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, 0x41, 0x15001}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @gtp={{0x8}, {0x14, 0x2, 0x0, 0x1, [@IFLA_GTP_FD0={0x8}, @IFLA_GTP_PDP_HASHSIZE={0x8, 0x3, 0x5d07}]}}}, @IFLA_MASTER={0x8, 0xa, r1}]}, 0x48}}, 0x0) 38.775211953s ago: executing program 2 (id=2392): unshare(0x400) r0 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000180)=@bpf_lsm={0x6, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000003f000000000000000000f195"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00}, 0x94) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000240)={r0, 0xf, 0x2c, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40) 34.596961802s ago: executing program 2 (id=2393): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) mount$tmpfs(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000180), 0x400, &(0x7f0000000080)={[{@mpol={'mpol', 0x3d, {'prefer', '', @val={0x3a, [0x30]}}}}]}) mount$tmpfs(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x420, &(0x7f00000000c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 31.574837711s ago: executing program 2 (id=2394): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$inet_int(r0, 0x0, 0x3, &(0x7f0000000000)=0x6, 0x4) syz_emit_ethernet(0x46, &(0x7f0000000000)={@link_local={0x3}, @random="97000000000f", @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x38, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0x3, 0x4, 0x0, 0x12, 0x0, 0x3f18, {0x5, 0x2, 0x0, 0x0, 0x0, 0x68, 0x0, 0x0, 0x1, 0xd, @remote, @loopback}, "00186371ae9b1c03"}}}}}, 0x0) 28.263883045s ago: executing program 2 (id=2395): r0 = socket(0xa, 0x3, 0x3a) setsockopt$MRT6_INIT(r0, 0x29, 0xc8, &(0x7f0000000340), 0x4) syz_emit_ethernet(0x4e, &(0x7f0000002e40)={@local, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "7428dd", 0x18, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_na={0x89, 0x0, 0x0, 0x0, '\x00', @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}}}}}}, 0x0) 20.806652609s ago: executing program 2 (id=2396): r0 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r0, 0x107, 0xf, &(0x7f0000000000), 0x49) sendmsg$kcm(r0, &(0x7f00000001c0)={&(0x7f0000000100)=@phonet={0x23, 0x0, 0x0, 0xd}, 0x80, &(0x7f0000000080)=[{&(0x7f0000000180)="27050200420014000600002fb96dbcf706e10500070088a8000088a8", 0x58}, {&(0x7f0000000440)="c16d88a8af3295a8eef1", 0xa}], 0x2}, 0x0) 16.635672718s ago: executing program 2 (id=2397): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=@newlink={0x44, 0x10, 0x401, 0x20000, 0x0, {0x0, 0x0, 0x0, 0x0, 0x8003}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @ipvlan={{0xb}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r1}, @IFLA_MASTER={0x8, 0xa, r1}]}, 0x44}, 0x1, 0x0, 0x0, 0x240008c4}, 0x4054) 0s ago: executing program 37 (id=2397): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=@newlink={0x44, 0x10, 0x401, 0x20000, 0x0, {0x0, 0x0, 0x0, 0x0, 0x8003}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @ipvlan={{0xb}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r1}, @IFLA_MASTER={0x8, 0xa, r1}]}, 0x44}, 0x1, 0x0, 0x0, 0x240008c4}, 0x4054) kernel console output (not intermixed with test programs): th: hci5: link tx timeout [ 276.496758][ T5802] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa [ 276.497506][ T5802] Bluetooth: hci5: link tx timeout [ 276.497555][ T5802] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa [ 276.497946][ T5802] Bluetooth: hci5: link tx timeout [ 276.497991][ T5802] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa [ 276.498476][ T5802] Bluetooth: hci5: link tx timeout [ 276.498488][ T5802] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa [ 277.489562][ T7529] netlink: 8 bytes leftover after parsing attributes in process `syz.1.529'. [ 277.666215][ T7537] overlayfs: missing 'lowerdir' [ 278.139883][ T7548] netlink: 8 bytes leftover after parsing attributes in process `syz.0.532'. [ 279.018026][ T5802] Bluetooth: hci5: command 0x0406 tx timeout [ 279.721728][ T5959] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 279.778608][ T7050] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 279.850508][ T7050] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 280.821376][ T5959] usb 3-1: Using ep0 maxpacket: 8 [ 280.895272][ T5959] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 280.895303][ T5959] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 280.895327][ T5959] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 280.895348][ T5959] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 280.895385][ T5959] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 280.895405][ T5959] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 280.958504][ T7050] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 281.117372][ T7050] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 282.194319][ T5959] usb 3-1: usb_control_msg returned -71 [ 282.194365][ T5959] usbtmc 3-1:16.0: can't read capabilities [ 282.239837][ T5959] usb 3-1: USB disconnect, device number 6 [ 282.318523][ T7050] 8021q: adding VLAN 0 to HW filter on device bond0 [ 282.387676][ T7050] 8021q: adding VLAN 0 to HW filter on device team0 [ 282.402238][ T7611] libceph: resolve '400' (ret=-3): failed [ 282.466338][ T6226] bridge0: port 1(bridge_slave_0) entered blocking state [ 282.466547][ T6226] bridge0: port 1(bridge_slave_0) entered forwarding state [ 282.538794][ T66] bridge0: port 2(bridge_slave_1) entered blocking state [ 282.538946][ T66] bridge0: port 2(bridge_slave_1) entered forwarding state [ 282.753670][ T7621] netlink: 8 bytes leftover after parsing attributes in process `syz.0.553'. [ 282.753695][ T7621] netlink: 24 bytes leftover after parsing attributes in process `syz.0.553'. [ 282.753711][ T7621] netlink: 24 bytes leftover after parsing attributes in process `syz.0.553'. [ 283.085580][ T7624] workqueue: Failed to create a rescuer kthread for wq "ceph-watch-notify": -EINTR [ 288.865642][ T7643] netlink: 4 bytes leftover after parsing attributes in process `syz.1.558'. [ 289.493373][ T7662] netlink: 'syz.2.565': attribute type 1 has an invalid length. [ 289.493393][ T7662] netlink: 10916 bytes leftover after parsing attributes in process `syz.2.565'. [ 289.493559][ T7662] nbd: couldn't find device at index 53 [ 290.667630][ T5802] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 290.691948][ T5802] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 290.693301][ T5802] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 290.694804][ T5802] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 290.705351][ T5802] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 292.731931][ T5802] Bluetooth: hci2: command tx timeout [ 293.764659][ T7677] chnl_net:caif_netlink_parms(): no params data found [ 294.813176][ T5802] Bluetooth: hci2: command tx timeout [ 294.814539][ T7802] kernel read not supported for file / 7âW)s!Qfsl{Tr)rO2:"T+͟v|ղDvc֠rXY (pid: 7802 comm: syz.4.611) [ 294.833876][ T37] audit: type=1800 audit(2000000050.420:17): pid=7802 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.4.611" name=20019C1437B3CFFCC3A25729EB7393A7C721518FF6ECA56673F56C7B548772D22972A7D6084F9A98F5323A22F412C0542BCD9F767C8DD5B24476638E93D8D6A0727F185805599819 dev="mqueue" ino=15003 res=0 errno=0 [ 296.149149][ T7814] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR [ 297.842327][ T7859] workqueue: Failed to create a rescuer kthread for wq "ceph-completion": -EINTR [ 297.895643][ T5804] Bluetooth: hci2: command tx timeout [ 298.658922][ T7677] bridge0: port 1(bridge_slave_0) entered blocking state [ 298.659102][ T7677] bridge0: port 1(bridge_slave_0) entered disabled state [ 298.659299][ T7677] bridge_slave_0: entered allmulticast mode [ 298.689244][ T7677] bridge_slave_0: entered promiscuous mode [ 298.702688][ T7677] bridge0: port 2(bridge_slave_1) entered blocking state [ 298.702905][ T7677] bridge0: port 2(bridge_slave_1) entered disabled state [ 298.703101][ T7677] bridge_slave_1: entered allmulticast mode [ 298.705844][ T7677] bridge_slave_1: entered promiscuous mode [ 299.932448][ T5804] Bluetooth: hci2: command tx timeout [ 300.134722][ T7677] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 300.139085][ T7677] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 300.568759][ T7677] team0: Port device team_slave_0 added [ 300.641850][ T5869] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 300.655006][ T7677] team0: Port device team_slave_1 added [ 300.794545][ T5869] usb 1-1: config index 0 descriptor too short (expected 65188, got 149) [ 300.794573][ T5869] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 300.797686][ T5869] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 300.797712][ T5869] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 300.797730][ T5869] usb 1-1: Product: syz [ 300.797742][ T5869] usb 1-1: Manufacturer: syz [ 300.797755][ T5869] usb 1-1: SerialNumber: syz [ 300.850131][ T7913] binder: 7912:7913 ioctl 400c620e 200000000000 returned -22 [ 300.924084][ T5869] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 300.991752][ T6493] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 301.013650][ T5862] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 301.151012][ T6493] usb 2-1: New USB device found, idVendor=0af0, idProduct=7a05, bcdDevice= 0.02 [ 301.151043][ T6493] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 301.151063][ T6493] usb 2-1: Product: syz [ 301.151076][ T6493] usb 2-1: Manufacturer: syz [ 301.151162][ T6493] usb 2-1: SerialNumber: syz [ 301.207704][ T6493] usb 2-1: config 0 descriptor?? [ 301.231117][ T37] audit: type=1326 audit(2000000056.830:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7916 comm="syz.4.653" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f21297eeec9 code=0x7ffc0000 [ 301.260983][ T7898] random: crng reseeded on system resumption [ 301.284239][ T37] audit: type=1326 audit(2000000056.860:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7916 comm="syz.4.653" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f21297eeec9 code=0x7ffc0000 [ 301.284294][ T37] audit: type=1326 audit(2000000056.870:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7916 comm="syz.4.653" exe="/root/syz-executor" sig=0 arch=c000003e syscall=461 compat=0 ip=0x7f21297eeec9 code=0x7ffc0000 [ 301.284337][ T37] audit: type=1326 audit(2000000056.870:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7916 comm="syz.4.653" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f21297eeec9 code=0x7ffc0000 [ 301.284379][ T37] audit: type=1326 audit(2000000056.870:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7916 comm="syz.4.653" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f21297eeec9 code=0x7ffc0000 [ 301.383288][ T5898] usb 1-1: USB disconnect, device number 5 [ 301.458657][ T6493] hso 2-1:0.0: Failed to find BULK IN ep [ 301.593489][ T7677] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 301.593505][ T7677] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 301.593529][ T7677] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 301.620396][ T7677] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 301.620411][ T7677] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 301.620435][ T7677] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 301.649844][ T5917] usb 2-1: USB disconnect, device number 6 [ 301.715490][ T7923] netlink: 'syz.4.656': attribute type 1 has an invalid length. [ 301.715510][ T7923] netlink: 244 bytes leftover after parsing attributes in process `syz.4.656'. [ 301.993221][ T43] bridge_slave_1: left allmulticast mode [ 301.993245][ T43] bridge_slave_1: left promiscuous mode [ 301.993525][ T43] bridge0: port 2(bridge_slave_1) entered disabled state [ 302.092413][ T5862] ath9k_htc 1-1:1.0: ath9k_htc: Target is unresponsive [ 302.092935][ T5862] ath9k_htc: Failed to initialize the device [ 302.096031][ T5898] usb 1-1: ath9k_htc: USB layer deinitialized [ 302.124272][ T43] bridge_slave_0: left allmulticast mode [ 302.124297][ T43] bridge_slave_0: left promiscuous mode [ 302.124535][ T43] bridge0: port 1(bridge_slave_0) entered disabled state [ 304.709674][ T7945] binder: 7944:7945 ioctl c0306201 2000000001c0 returned -22 [ 306.409949][ T43] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 306.492825][ T43] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 306.514407][ T43] bond0 (unregistering): Released all slaves [ 306.688909][ T7677] hsr_slave_0: entered promiscuous mode [ 306.697012][ T7677] hsr_slave_1: entered promiscuous mode [ 306.707071][ T7677] debugfs: 'hsr0' already exists in 'hsr' [ 306.707095][ T7677] Cannot create hsr debugfs directory [ 306.837456][ T5804] Bluetooth: hci3: unexpected event for opcode 0x2041 [ 307.881920][ T43] hsr_slave_0: left promiscuous mode [ 308.051852][ T5959] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 308.091989][ T43] hsr_slave_1: left promiscuous mode [ 308.093069][ T43] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 308.141825][ T43] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 308.204709][ T5959] usb 1-1: Using ep0 maxpacket: 16 [ 308.208235][ T5959] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 308.208257][ T5959] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 308.213987][ T5959] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 308.214012][ T5959] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 308.214030][ T5959] usb 1-1: Product: syz [ 308.214043][ T5959] usb 1-1: Manufacturer: syz [ 308.214056][ T5959] usb 1-1: SerialNumber: syz [ 308.561790][ T5898] libceph: connect (1)[c::]:6789 error -101 [ 308.565005][ T5898] libceph: mon0 (1)[c::]:6789 connect error [ 308.575738][ T5898] libceph: connect (1)[c::]:6789 error -101 [ 308.576036][ T5898] libceph: mon0 (1)[c::]:6789 connect error [ 308.643669][ T5959] usb 1-1: cannot find UAC_HEADER [ 308.740184][ T7992] ceph: No mds server is up or the cluster is laggy [ 308.847200][ T5917] libceph: connect (1)[c::]:6789 error -101 [ 308.847482][ T5917] libceph: mon0 (1)[c::]:6789 connect error [ 308.860280][ T5959] snd-usb-audio 1-1:1.0: probe with driver snd-usb-audio failed with error -22 [ 308.880348][ T5959] usb 1-1: USB disconnect, device number 6 [ 308.980474][ T7442] udevd[7442]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 309.773459][ T43] team0 (unregistering): Port device team_slave_1 removed [ 309.973397][ T43] team0 (unregistering): Port device team_slave_0 removed [ 311.824216][ T7988] veth1_to_bond: entered promiscuous mode [ 311.837542][ T8003] netlink: 4 bytes leftover after parsing attributes in process `syz.0.689'. [ 312.120886][ T37] audit: type=1326 audit(2000000067.720:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8016 comm="syz.4.695" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f21297eeec9 code=0x7ffc0000 [ 312.120953][ T37] audit: type=1326 audit(2000000067.720:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8016 comm="syz.4.695" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f21297eeec9 code=0x7ffc0000 [ 312.206006][ T37] audit: type=1326 audit(2000000067.810:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8016 comm="syz.4.695" exe="/root/syz-executor" sig=0 arch=c000003e syscall=232 compat=0 ip=0x7f21297eeec9 code=0x7ffc0000 [ 312.206126][ T37] audit: type=1326 audit(2000000067.810:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8016 comm="syz.4.695" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f21297eeec9 code=0x7ffc0000 [ 314.280966][ C0] vkms_vblank_simulate: vblank timer overrun [ 314.510998][ C0] vkms_vblank_simulate: vblank timer overrun [ 317.224874][ T1322] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.224972][ T1322] ieee802154 phy1 wpan1: encryption failed: -22 [ 319.035151][ T8082] netlink: 'syz.2.716': attribute type 1 has an invalid length. [ 319.035185][ T8082] netlink: 'syz.2.716': attribute type 1 has an invalid length. [ 319.586437][ T8105] netlink: 1284 bytes leftover after parsing attributes in process `syz.0.725'. [ 320.871802][ T995] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 321.174568][ T995] usb 1-1: config 1 contains an unexpected descriptor of type 0x1, skipping [ 321.174594][ T995] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 321.174612][ T995] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 321.174630][ T995] usb 1-1: config 1 has no interface number 0 [ 321.174662][ T995] usb 1-1: too many endpoints for config 1 interface 1 altsetting 1: 32, using maximum allowed: 30 [ 321.174700][ T995] usb 1-1: config 1 interface 1 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 32 [ 321.177885][ T995] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 321.177909][ T995] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 321.177927][ T995] usb 1-1: Product: syz [ 321.177940][ T995] usb 1-1: Manufacturer: syz [ 321.177953][ T995] usb 1-1: SerialNumber: syz [ 321.795038][ T50] usb 1-1: USB disconnect, device number 7 [ 321.865780][ T8136] netlink: 44 bytes leftover after parsing attributes in process `syz.4.734'. [ 321.865805][ T8136] netlink: 43 bytes leftover after parsing attributes in process `syz.4.734'. [ 321.865819][ T8136] netlink: 'syz.4.734': attribute type 5 has an invalid length. [ 321.865831][ T8136] netlink: 43 bytes leftover after parsing attributes in process `syz.4.734'. [ 322.009911][ T8138] netlink: 4 bytes leftover after parsing attributes in process `syz.2.733'. [ 322.761280][ T7677] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 322.890766][ T7677] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 323.032691][ T7677] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 323.084960][ T8145] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+ [ 323.085281][ T8145] block device autoloading is deprecated and will be removed. [ 323.134154][ T7677] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 323.316266][ T8158] netlink: 16 bytes leftover after parsing attributes in process `syz.0.738'. [ 323.712820][ T7677] 8021q: adding VLAN 0 to HW filter on device bond0 [ 323.825120][ T7677] 8021q: adding VLAN 0 to HW filter on device team0 [ 323.863455][ T1747] bridge0: port 1(bridge_slave_0) entered blocking state [ 323.863640][ T1747] bridge0: port 1(bridge_slave_0) entered forwarding state [ 324.678056][ T8180] netlink: 4 bytes leftover after parsing attributes in process `syz.4.746'. [ 325.645375][ T3580] bridge0: port 2(bridge_slave_1) entered blocking state [ 325.646547][ T3580] bridge0: port 2(bridge_slave_1) entered forwarding state [ 326.705215][ T7677] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 327.966818][ T7677] veth0_vlan: entered promiscuous mode [ 328.017576][ T7677] veth1_vlan: entered promiscuous mode [ 328.846009][ T7677] veth0_macvtap: entered promiscuous mode [ 328.862268][ T7677] veth1_macvtap: entered promiscuous mode [ 329.067961][ T7677] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 329.126791][ T7677] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 329.210176][ T1285] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 329.210223][ T1285] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 329.210257][ T1285] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 329.210290][ T1285] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 329.268900][ T8257] netlink: 288 bytes leftover after parsing attributes in process `syz.4.766'. [ 330.345536][ T8268] netlink: 'syz.4.769': attribute type 13 has an invalid length. [ 330.667671][ T8268] gretap0: refused to change device tx_queue_len [ 330.667692][ T8268] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 330.988028][ T6249] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 330.988047][ T6249] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 331.118619][ T1285] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 331.118637][ T1285] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 335.224919][ T5862] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 335.383259][ T5862] usb 6-1: Using ep0 maxpacket: 8 [ 335.386173][ T5862] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 335.386202][ T5862] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 335.386224][ T5862] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 335.386245][ T5862] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 335.386284][ T5862] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 335.386305][ T5862] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 335.602292][ T8393] net veth1_virt_wifi : renamed from virt_wifi0 [ 335.655789][ T5862] usb 6-1: usb_control_msg returned -71 [ 335.655836][ T5862] usbtmc 6-1:16.0: can't read capabilities [ 335.717227][ T5862] usb 6-1: USB disconnect, device number 2 [ 336.374794][ T50] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 336.399426][ T5804] Bluetooth: hci2: link tx timeout [ 336.399678][ T5804] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 336.428079][ T5802] Bluetooth: hci2: link tx timeout [ 336.428095][ T5802] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 336.428767][ T5802] Bluetooth: hci2: link tx timeout [ 336.428834][ T5802] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 336.430080][ T5802] Bluetooth: hci2: link tx timeout [ 336.430136][ T5802] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 336.430750][ T5802] Bluetooth: hci2: link tx timeout [ 336.430819][ T5802] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 336.431490][ T5802] Bluetooth: hci2: link tx timeout [ 336.431548][ T5802] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 336.432257][ T5802] Bluetooth: hci2: link tx timeout [ 336.432270][ T5802] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 336.432938][ T5802] Bluetooth: hci2: link tx timeout [ 336.433005][ T5802] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 336.433460][ T5802] Bluetooth: hci2: link tx timeout [ 336.433517][ T5802] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 336.436096][ T5802] Bluetooth: hci2: link tx timeout [ 336.436110][ T5802] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 336.436803][ T5802] Bluetooth: hci2: link tx timeout [ 336.436871][ T5802] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 336.437318][ T5802] Bluetooth: hci2: link tx timeout [ 336.437374][ T5802] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 336.438079][ T5802] Bluetooth: hci2: link tx timeout [ 336.438091][ T5802] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 336.438869][ T5802] Bluetooth: hci2: link tx timeout [ 336.438926][ T5802] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 336.439373][ T5802] Bluetooth: hci2: link tx timeout [ 336.439424][ T5802] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 336.440828][ T5802] Bluetooth: hci2: link tx timeout [ 336.440841][ T5802] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 336.441504][ T5802] Bluetooth: hci2: link tx timeout [ 336.441516][ T5802] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 336.533123][ T50] usb 3-1: Using ep0 maxpacket: 8 [ 336.552440][ T50] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 336.552484][ T50] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 336.552572][ T50] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 336.552595][ T50] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 336.552636][ T50] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 336.552657][ T50] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 336.867096][ T50] usb 3-1: usb_control_msg returned -71 [ 336.867286][ T50] usbtmc 3-1:16.0: can't read capabilities [ 337.156115][ T50] usb 3-1: USB disconnect, device number 7 [ 337.519659][ T5802] Bluetooth: hci2: link tx timeout [ 337.519678][ T5802] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 337.981850][ T5898] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 338.136094][ T5898] usb 5-1: config 0 has an invalid interface number: 122 but max is 0 [ 338.136121][ T5898] usb 5-1: config 0 has no interface number 0 [ 338.136153][ T5898] usb 5-1: config 0 interface 122 has no altsetting 0 [ 338.164244][ T5898] usb 5-1: New USB device found, idVendor=13d3, idProduct=3219, bcdDevice=7a.67 [ 338.164270][ T5898] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 338.164289][ T5898] usb 5-1: Product: syz [ 338.164303][ T5898] usb 5-1: Manufacturer: syz [ 338.164316][ T5898] usb 5-1: SerialNumber: syz [ 338.501852][ T5802] Bluetooth: hci2: command 0x0406 tx timeout [ 338.506987][ T5898] usb 5-1: config 0 descriptor?? [ 339.038198][ T5898] usb 5-1: USB disconnect, device number 5 [ 339.039365][ T5898] dvb-usb: generic DVB-USB module successfully deinitialized and disconnected. [ 339.414958][ T50] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 339.721781][ T50] usb 3-1: Using ep0 maxpacket: 8 [ 339.724418][ T50] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 339.724449][ T50] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 339.724473][ T50] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 339.724495][ T50] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 339.724535][ T50] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 339.724557][ T50] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 340.712043][ T50] usb 3-1: usb_control_msg returned -71 [ 340.712089][ T50] usbtmc 3-1:16.0: can't read capabilities [ 340.758241][ T50] usb 3-1: USB disconnect, device number 8 [ 341.010983][ T8496] misc userio: No port type given on /dev/userio [ 341.888854][ T5804] Bluetooth: hci2: unexpected event for opcode 0x0c03 [ 343.396713][ T8561] netlink: 'syz.1.875': attribute type 10 has an invalid length. [ 343.416764][ T8561] hsr0: A HSR master's MTU cannot be greater than the smallest MTU of its slaves minus the HSR Tag length (6 octets). [ 344.114980][ T8566] workqueue: Failed to create a rescuer kthread for wq "ceph-completion": -EINTR [ 344.195730][ T8571] netlink: 8 bytes leftover after parsing attributes in process `syz.2.878'. [ 344.195764][ T8571] netlink: 8 bytes leftover after parsing attributes in process `syz.2.878'. [ 344.195792][ T8571] netlink: 2 bytes leftover after parsing attributes in process `syz.2.878'. [ 346.181677][ T8617] netlink: 4 bytes leftover after parsing attributes in process `syz.5.890'. [ 348.368307][ T8643] tmpfs: Bad value for 'mpol' [ 349.723356][ T5862] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 349.798000][ T8668] netlink: 4 bytes leftover after parsing attributes in process `syz.2.909'. [ 350.098864][ T5862] usb 6-1: Using ep0 maxpacket: 8 [ 350.615338][ T5862] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 350.615371][ T5862] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 350.615394][ T5862] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 350.615416][ T5862] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 350.615456][ T5862] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 350.615477][ T5862] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 351.075951][ T5862] usb 6-1: usb_control_msg returned -71 [ 351.075998][ T5862] usbtmc 6-1:16.0: can't read capabilities [ 351.113468][ T5862] usb 6-1: USB disconnect, device number 3 [ 351.445124][ T37] audit: type=1326 audit(2000000107.050:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8689 comm="syz.0.916" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6bc6dbeec9 code=0x7ffc0000 [ 351.450091][ T37] audit: type=1326 audit(2000000107.050:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8689 comm="syz.0.916" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6bc6dbeec9 code=0x7ffc0000 [ 351.496375][ T37] audit: type=1326 audit(2000000107.100:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8689 comm="syz.0.916" exe="/root/syz-executor" sig=0 arch=c000003e syscall=322 compat=0 ip=0x7f6bc6dbeec9 code=0x7ffc0000 [ 351.496684][ T37] audit: type=1326 audit(2000000107.100:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8689 comm="syz.0.916" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6bc6dbeec9 code=0x7ffc0000 [ 351.786635][ T8699] netlink: 132 bytes leftover after parsing attributes in process `syz.1.918'. [ 352.199240][ T8711] netlink: 8 bytes leftover after parsing attributes in process `syz.2.920'. [ 354.352003][ T8735] netlink: 'syz.5.929': attribute type 1 has an invalid length. [ 354.352024][ T8735] netlink: 224 bytes leftover after parsing attributes in process `syz.5.929'. [ 354.352039][ T8735] netlink: 8 bytes leftover after parsing attributes in process `syz.5.929'. [ 354.570008][ T8742] netlink: 4 bytes leftover after parsing attributes in process `syz.2.926'. [ 355.761952][ T8751] netlink: zone id is out of range [ 355.761966][ T8751] netlink: zone id is out of range [ 355.761974][ T8751] netlink: zone id is out of range [ 355.761982][ T8751] netlink: zone id is out of range [ 355.761989][ T8751] netlink: zone id is out of range [ 355.761996][ T8751] netlink: zone id is out of range [ 355.762002][ T8751] netlink: zone id is out of range [ 355.762010][ T8751] netlink: zone id is out of range [ 355.762017][ T8751] netlink: zone id is out of range [ 355.762024][ T8751] netlink: zone id is out of range [ 357.527702][ T37] audit: type=1326 audit(2000000113.130:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8783 comm="syz.2.942" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f56cf5ceec9 code=0x7ffc0000 [ 357.528019][ T37] audit: type=1326 audit(2000000113.130:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8783 comm="syz.2.942" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f56cf5ceec9 code=0x7ffc0000 [ 357.530203][ T37] audit: type=1326 audit(2000000113.130:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8783 comm="syz.2.942" exe="/root/syz-executor" sig=0 arch=c000003e syscall=128 compat=0 ip=0x7f56cf5ceec9 code=0x7ffc0000 [ 357.530480][ T37] audit: type=1326 audit(2000000113.130:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8783 comm="syz.2.942" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f56cf5ceec9 code=0x7ffc0000 [ 357.642026][ T37] audit: type=1326 audit(2000000113.130:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8783 comm="syz.2.942" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f56cf5ceec9 code=0x7ffc0000 [ 357.870406][ C0] vkms_vblank_simulate: vblank timer overrun [ 358.000086][ C0] vkms_vblank_simulate: vblank timer overrun [ 358.122668][ T8800] netlink: 4 bytes leftover after parsing attributes in process `syz.0.945'. [ 358.953650][ C0] vkms_vblank_simulate: vblank timer overrun [ 359.158228][ C0] vkms_vblank_simulate: vblank timer overrun [ 360.244997][ T8821] workqueue: Failed to create a rescuer kthread for wq "ceph-watch-notify": -EINTR [ 360.510033][ C0] vkms_vblank_simulate: vblank timer overrun [ 360.715857][ T8833] vti0: entered promiscuous mode [ 360.715887][ T8833] vti0: entered allmulticast mode [ 361.171933][ T8854] netlink: 68 bytes leftover after parsing attributes in process `syz.5.966'. [ 361.171959][ T8854] netlink: 68 bytes leftover after parsing attributes in process `syz.5.966'. [ 361.171975][ T8854] netlink: 10 bytes leftover after parsing attributes in process `syz.5.966'. [ 361.289621][ C0] vkms_vblank_simulate: vblank timer overrun [ 361.455827][ T8858] netlink: 4 bytes leftover after parsing attributes in process `syz.2.964'. [ 361.874604][ C0] vkms_vblank_simulate: vblank timer overrun [ 362.063328][ C0] vkms_vblank_simulate: vblank timer overrun [ 362.206430][ C0] vkms_vblank_simulate: vblank timer overrun [ 362.403422][ C0] vkms_vblank_simulate: vblank timer overrun [ 362.826755][ C0] vkms_vblank_simulate: vblank timer overrun [ 364.289545][ C0] vkms_vblank_simulate: vblank timer overrun [ 364.742259][ T5862] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 365.591764][ T5862] usb 5-1: Using ep0 maxpacket: 32 [ 365.595438][ T5862] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xA6, changing to 0x86 [ 365.595466][ T5862] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x86 has an invalid bInterval 0, changing to 7 [ 365.595490][ T5862] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x86 has invalid wMaxPacketSize 0 [ 365.595510][ T5862] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x7 has an invalid bInterval 0, changing to 7 [ 365.598560][ T5862] usb 5-1: New USB device found, idVendor=05ef, idProduct=020a, bcdDevice=91.36 [ 365.598585][ T5862] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 365.598604][ T5862] usb 5-1: Product: syz [ 365.598617][ T5862] usb 5-1: Manufacturer: syz [ 365.598632][ T5862] usb 5-1: SerialNumber: syz [ 365.644223][ C0] vkms_vblank_simulate: vblank timer overrun [ 365.711787][ T5791] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 365.714860][ T5917] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 365.741272][ T5862] usb 5-1: config 0 descriptor?? [ 365.869647][ C0] vkms_vblank_simulate: vblank timer overrun [ 365.892063][ T5791] usb 3-1: Using ep0 maxpacket: 16 [ 365.892607][ T5917] usb 1-1: Using ep0 maxpacket: 8 [ 365.896658][ T5917] usb 1-1: config index 0 descriptor too short (expected 301, got 45) [ 365.896714][ T5917] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 365.896735][ T5917] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 365.896758][ T5917] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 365.896780][ T5917] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 365.896819][ T5917] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 365.896841][ T5917] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 365.908005][ T5791] usb 3-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 365.908031][ T5791] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 365.908050][ T5791] usb 3-1: Product: syz [ 365.908063][ T5791] usb 3-1: Manufacturer: syz [ 365.908077][ T5791] usb 3-1: SerialNumber: syz [ 365.979308][ T5791] r8152-cfgselector 3-1: Unknown version 0x0000 [ 365.979395][ T5791] r8152-cfgselector 3-1: config 0 descriptor?? [ 366.165761][ T8916] netlink: 4 bytes leftover after parsing attributes in process `syz.1.983'. [ 366.941744][ C0] vkms_vblank_simulate: vblank timer overrun [ 366.946654][ T5862] iforce 5-1:0.0: usb_submit_urb failed: -71 [ 366.947113][ T5862] iforce 5-1:0.0: usb_submit_urb failed: -71 [ 366.947561][ T5862] iforce 5-1:0.0: usb_submit_urb failed: -71 [ 366.948776][ T5862] iforce 5-1:0.0: usb_submit_urb failed: -71 [ 366.952166][ T5862] iforce 5-1:0.0: usb_submit_urb failed: -71 [ 366.952583][ T5862] iforce 5-1:0.0: usb_submit_urb failed: -71 [ 366.953013][ T5862] iforce 5-1:0.0: usb_submit_urb failed: -71 [ 366.953461][ T5862] iforce 5-1:0.0: usb_submit_urb failed: -71 [ 366.953894][ T5862] iforce 5-1:0.0: usb_submit_urb failed: -71 [ 366.954331][ T5862] iforce 5-1:0.0: usb_submit_urb failed: -71 [ 366.954760][ T5862] iforce 5-1:0.0: usb_submit_urb failed: -71 [ 366.955196][ T5862] iforce 5-1:0.0: usb_submit_urb failed: -71 [ 366.958815][ T5862] iforce 5-1:0.0: usb_submit_urb failed: -71 [ 366.977093][ T5862] iforce 5-1:0.0: usb_submit_urb failed: -71 [ 367.019368][ T5791] r8152-cfgselector 3-1: Unknown version 0x0000 [ 367.021798][ T5862] iforce 5-1:0.0: usb_submit_urb failed: -71 [ 367.048162][ T5791] r8152-cfgselector 3-1: bad CDC descriptors [ 367.080232][ T5862] iforce 5-1:0.0: usb_submit_urb failed: -71 [ 367.081301][ T5862] iforce 5-1:0.0: usb_submit_urb failed: -71 [ 367.093862][ T5862] iforce 5-1:0.0: usb_submit_urb failed: -71 [ 367.094396][ T5862] iforce 5-1:0.0: usb_submit_urb failed: -71 [ 367.094446][ T5862] input input13: Timeout waiting for response from device. [ 367.213606][ C0] vkms_vblank_simulate: vblank timer overrun [ 367.234004][ T5791] r8152-cfgselector 3-1: USB disconnect, device number 9 [ 367.266926][ T5862] usb 5-1: USB disconnect, device number 6 [ 367.371974][ T5917] usb 1-1: USB disconnect, device number 8 [ 369.077633][ T5791] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 370.261219][ T5791] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x85 has an invalid bInterval 0, changing to 7 [ 370.261252][ T5791] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 370.261282][ T5791] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 370.261321][ T5791] usb 6-1: New USB device found, idVendor=2040, idProduct=1605, bcdDevice= a.94 [ 370.261342][ T5791] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 370.325817][ T5791] usb 6-1: config 0 descriptor?? [ 370.335977][ T8969] net_ratelimit: 333 callbacks suppressed [ 370.335993][ T8969] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 370.409994][ T5791] em28xx 6-1:0.0: New device @ 480 Mbps (2040:1605, interface 0, class 0) [ 370.410023][ T5791] em28xx 6-1:0.0: Audio interface 0 found (Vendor Class) [ 370.652080][ T5791] em28xx 6-1:0.0: unknown em28xx chip ID (0) [ 370.652427][ T5791] em28xx 6-1:0.0: Config register raw data: 0xfffffffb [ 370.653030][ T5791] em28xx 6-1:0.0: AC97 chip type couldn't be determined [ 370.653039][ T5791] em28xx 6-1:0.0: No AC97 audio processor [ 370.741912][ T5791] usb 6-1: USB disconnect, device number 4 [ 370.745841][ T5791] em28xx 6-1:0.0: Disconnecting em28xx [ 370.771861][ T5862] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 370.791312][ T5791] em28xx 6-1:0.0: Freeing device [ 370.921874][ T5862] usb 5-1: Using ep0 maxpacket: 32 [ 370.924472][ T5862] usb 5-1: config 0 has an invalid interface number: 51 but max is 0 [ 370.924495][ T5862] usb 5-1: config 0 has no interface number 0 [ 370.924543][ T5862] usb 5-1: config 0 interface 51 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 370.924563][ T5862] usb 5-1: config 0 interface 51 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0 [ 370.928213][ T5862] usb 5-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 370.928239][ T5862] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 370.928257][ T5862] usb 5-1: Product: syz [ 370.928270][ T5862] usb 5-1: Manufacturer: syz [ 370.928283][ T5862] usb 5-1: SerialNumber: syz [ 370.940568][ T5862] usb 5-1: config 0 descriptor?? [ 370.949668][ T5862] quatech2 5-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 371.086205][ T8971] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1006'. [ 371.564035][ T5862] usb 5-1: qt2_setup_urbs - submit read urb failed -90 [ 371.564377][ T5862] quatech2 5-1:0.51: probe with driver quatech2 failed with error -90 [ 371.773875][ T995] usb 5-1: USB disconnect, device number 7 [ 372.785832][ T9010] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1023'. [ 373.248139][ T9026] netlink: 16098 bytes leftover after parsing attributes in process `syz.4.1031'. [ 373.311757][ T5791] usb 2-1: new full-speed USB device number 7 using dummy_hcd [ 373.680514][ T5791] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 373.993071][ T5791] usb 2-1: New USB device found, idVendor=0fe6, idProduct=9800, bcdDevice=d1.9a [ 373.993100][ T5791] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 373.993110][ T5791] usb 2-1: Product: syz [ 373.993117][ T5791] usb 2-1: Manufacturer: syz [ 373.993124][ T5791] usb 2-1: SerialNumber: syz [ 373.999124][ T5791] usb 2-1: config 0 descriptor?? [ 374.063266][ T5791] CoreChips 2-1:0.0: probe with driver CoreChips failed with error -22 [ 374.264699][ T9031] bond1: entered promiscuous mode [ 374.411911][ T9041] netlink: 60 bytes leftover after parsing attributes in process `syz.4.1036'. [ 374.412453][ T9041] unsupported nlmsg_type 40 [ 375.872909][ T9062] : renamed from batadv_slave_1 (while UP) [ 376.110204][ T5862] usb 2-1: USB disconnect, device number 7 [ 376.872608][ T44] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 377.261841][ T44] usb 2-1: Using ep0 maxpacket: 16 [ 377.264138][ T44] usb 2-1: config 0 has an invalid interface number: 126 but max is 0 [ 377.264163][ T44] usb 2-1: config 0 has an invalid descriptor of length 48, skipping remainder of the config [ 377.264181][ T44] usb 2-1: config 0 has no interface number 0 [ 377.264228][ T44] usb 2-1: config 0 interface 126 altsetting 0 has an endpoint descriptor with address 0xB7, changing to 0x87 [ 377.264253][ T44] usb 2-1: config 0 interface 126 altsetting 0 endpoint 0x87 has invalid maxpacket 34328, setting to 1024 [ 377.264279][ T44] usb 2-1: config 0 interface 126 altsetting 0 endpoint 0xA has invalid maxpacket 512, setting to 64 [ 377.264304][ T44] usb 2-1: config 0 interface 126 altsetting 0 endpoint 0x4 has invalid maxpacket 26159, setting to 1024 [ 377.264329][ T44] usb 2-1: config 0 interface 126 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 1024 [ 377.264350][ T44] usb 2-1: config 0 interface 126 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 4 [ 377.264390][ T44] usb 2-1: New USB device found, idVendor=0763, idProduct=1015, bcdDevice=56.88 [ 377.264411][ T44] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 377.391570][ T44] usb 2-1: config 0 descriptor?? [ 377.402891][ T9083] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 377.403287][ T9083] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 377.457952][ T44] usb 2-1: Quirk or no altset; falling back to MIDI 1.0 [ 377.791860][ T44] usb 2-1: USB disconnect, device number 8 [ 378.742418][ T1322] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.742489][ T1322] ieee802154 phy1 wpan1: encryption failed: -22 [ 378.992128][ T6493] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 379.142569][ T6493] usb 1-1: Using ep0 maxpacket: 8 [ 379.144941][ T6493] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 379.144970][ T6493] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 379.144993][ T6493] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 379.145015][ T6493] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 379.145054][ T6493] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 379.145075][ T6493] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 380.598569][ T6493] usb 1-1: usb_control_msg returned -71 [ 380.598598][ T6493] usbtmc 1-1:16.0: can't read capabilities [ 380.641557][ T6493] usb 1-1: USB disconnect, device number 9 [ 380.745714][ T9133] XFS (nullb0): Invalid superblock magic number [ 382.361884][ T9157] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1080'. [ 382.423770][ T9157] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1080'. [ 383.982630][ T5862] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 384.631808][ T5862] usb 5-1: Using ep0 maxpacket: 8 [ 384.634246][ T5862] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 384.634276][ T5862] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 384.634300][ T5862] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 384.634322][ T5862] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 384.634362][ T5862] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 384.634384][ T5862] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 385.953596][ T5862] usb 5-1: usb_control_msg returned -71 [ 385.953645][ T5862] usbtmc 5-1:16.0: can't read capabilities [ 385.981822][ T5862] usb 5-1: USB disconnect, device number 8 [ 386.402088][ T9209] nft_compat: unsupported protocol 1 [ 386.775599][ T9222] netlink: 'syz.1.1108': attribute type 2 has an invalid length. [ 388.302702][ T9261] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1123'. [ 388.611883][ T9261] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1123'. [ 389.553372][ T9268] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1125'. [ 390.412783][ T5917] libceph: connect (1)[c::]:6789 error -101 [ 390.413708][ T5917] libceph: mon0 (1)[c::]:6789 connect error [ 390.420504][ T5917] libceph: connect (1)[c::]:6789 error -101 [ 390.420671][ T5917] libceph: mon0 (1)[c::]:6789 connect error [ 390.712009][ T9270] ceph: No mds server is up or the cluster is laggy [ 390.886038][ T10] libceph: connect (1)[c::]:6789 error -101 [ 390.886236][ T10] libceph: mon0 (1)[c::]:6789 connect error [ 391.391957][ T9280] netlink: 48 bytes leftover after parsing attributes in process `syz.1.1128'. [ 391.391978][ T9280] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1128'. [ 391.495228][ T5804] Bluetooth: hci2: link tx timeout [ 391.495247][ T5804] Bluetooth: hci2: killing stalled connection 10:aa:aa:aa:aa:aa [ 392.384550][ T9289] trusted_key: encrypted_key: master key parameter is missing [ 393.212018][ T5802] Bluetooth: hci2: link tx timeout [ 393.212039][ T5802] Bluetooth: hci2: killing stalled connection 10:aa:aa:aa:aa:aa [ 395.927485][ T5802] Bluetooth: hci2: command 0x0406 tx timeout [ 396.749111][ T9323] workqueue: Failed to create a rescuer kthread for wq "ceph-completion": -EINTR [ 396.879644][ T50] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 397.647289][ T44] usb 2-1: new full-speed USB device number 9 using dummy_hcd [ 398.037210][ T9362] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1159'. [ 398.058321][ T44] usb 2-1: config 0 has an invalid interface number: 235 but max is 0 [ 398.058346][ T44] usb 2-1: config 0 has no interface number 0 [ 398.058419][ T44] usb 2-1: config 0 interface 235 altsetting 16 endpoint 0x5 has invalid wMaxPacketSize 0 [ 398.058440][ T44] usb 2-1: config 0 interface 235 has no altsetting 0 [ 398.784125][ T44] usb 2-1: New USB device found, idVendor=06cd, idProduct=0112, bcdDevice=3e.18 [ 398.784156][ T44] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 398.784176][ T44] usb 2-1: Product: syz [ 398.784190][ T44] usb 2-1: Manufacturer: syz [ 398.784204][ T44] usb 2-1: SerialNumber: syz [ 398.841057][ T44] usb 2-1: config 0 descriptor?? [ 398.866124][ T44] keyspan 2-1:0.235: Keyspan 1 port adapter converter detected [ 398.866876][ T44] keyspan 2-1:0.235: found no endpoint descriptor for endpoint 87 [ 398.866983][ T44] keyspan 2-1:0.235: found no endpoint descriptor for endpoint 7 [ 398.869322][ T44] keyspan 2-1:0.235: found no endpoint descriptor for endpoint 81 [ 398.869417][ T44] keyspan 2-1:0.235: found no endpoint descriptor for endpoint 1 [ 398.869545][ T44] keyspan 2-1:0.235: found no endpoint descriptor for endpoint 85 [ 398.930645][ T44] usb 2-1: Keyspan 1 port adapter converter now attached to ttyUSB0 [ 399.296836][ T10] usb 2-1: USB disconnect, device number 9 [ 400.202897][ T10] keyspan_1 ttyUSB0: Keyspan 1 port adapter converter now disconnected from ttyUSB0 [ 400.203966][ T10] keyspan 2-1:0.235: device disconnected [ 400.721448][ T9391] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1171'. [ 400.721474][ T9391] netlink: 60 bytes leftover after parsing attributes in process `syz.2.1171'. [ 400.721491][ T9391] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1171'. [ 400.722592][ T9391] netlink: 60 bytes leftover after parsing attributes in process `syz.2.1171'. [ 400.722627][ T9391] netlink: 104 bytes leftover after parsing attributes in process `syz.2.1171'. [ 401.061791][ T995] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 401.218988][ T995] usb 6-1: Using ep0 maxpacket: 16 [ 401.234715][ T995] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xD7, changing to 0x87 [ 401.234744][ T995] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x87 has an invalid bInterval 0, changing to 7 [ 401.234770][ T995] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 401.242101][ T995] usb 6-1: New USB device found, idVendor=05ac, idProduct=9226, bcdDevice=b2.89 [ 401.242137][ T995] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 401.242156][ T995] usb 6-1: Product: syz [ 401.242170][ T995] usb 6-1: Manufacturer: syz [ 401.242183][ T995] usb 6-1: SerialNumber: syz [ 401.346079][ T995] usb 6-1: config 0 descriptor?? [ 402.342485][ T995] appledisplay: Apple Cinema Display connected [ 402.681811][ T50] usb 6-1: USB disconnect, device number 5 [ 402.681985][ C0] usb 6-1: appledisplay_complete - usb_submit_urb failed with result -19 [ 402.754104][ T50] appledisplay: Apple Cinema Display disconnected [ 403.293257][ T9448] netlink: 'syz.0.1194': attribute type 1 has an invalid length. [ 404.481152][ T9472] netlink: 'syz.5.1205': attribute type 10 has an invalid length. [ 404.587391][ T9476] overlayfs: failed to resolve './file0': -2 [ 404.743394][ T9472] bond0: (slave geneve1): Enslaving as an active interface with an up link [ 404.913890][ T9490] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1209'. [ 405.035188][ T37] audit: type=1326 audit(2000000160.640:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9494 comm="syz.1.1213" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f62ba9feec9 code=0x7ffc0000 [ 405.037063][ T37] audit: type=1326 audit(2000000160.640:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9494 comm="syz.1.1213" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f62ba9feec9 code=0x7ffc0000 [ 405.040513][ T37] audit: type=1326 audit(2000000160.640:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9494 comm="syz.1.1213" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f62ba9feec9 code=0x7ffc0000 [ 405.040886][ T37] audit: type=1326 audit(2000000160.640:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9494 comm="syz.1.1213" exe="/root/syz-executor" sig=0 arch=c000003e syscall=140 compat=0 ip=0x7f62ba9feec9 code=0x7ffc0000 [ 405.041170][ T37] audit: type=1326 audit(2000000160.640:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9494 comm="syz.1.1213" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f62ba9feec9 code=0x7ffc0000 [ 405.041575][ T37] audit: type=1326 audit(2000000160.640:41): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9494 comm="syz.1.1213" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f62ba9feec9 code=0x7ffc0000 [ 405.041804][ T37] audit: type=1326 audit(2000000160.640:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9494 comm="syz.1.1213" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f62ba9feec9 code=0x7ffc0000 [ 405.072960][ T37] audit: type=1326 audit(2000000160.680:43): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9494 comm="syz.1.1213" exe="/root/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7f62ba9feec9 code=0x7ffc0000 [ 405.073011][ T37] audit: type=1326 audit(2000000160.680:44): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9494 comm="syz.1.1213" exe="/root/syz-executor" sig=0 arch=c000003e syscall=231 compat=0 ip=0x7f62ba9feec9 code=0x7ffc0000 [ 405.312900][ T37] audit: type=1326 audit(2000000160.920:45): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9496 comm="syz.4.1214" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f21297eeec9 code=0x7ffc0000 [ 405.613132][ T9513] netlink: 2 bytes leftover after parsing attributes in process `syz.0.1222'. [ 405.775741][ T9517] netlink: 48 bytes leftover after parsing attributes in process `syz.1.1224'. [ 405.924261][ T9520] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1219'. [ 408.178937][ T5804] Bluetooth: hci2: unexpected event for opcode 0x080d [ 408.238816][ T9546] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1233'. [ 410.529108][ T9564] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1242'. [ 410.529142][ T9564] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1242'. [ 412.074300][ T9593] netlink: 'syz.0.1252': attribute type 10 has an invalid length. [ 412.074324][ T9593] netlink: 156 bytes leftover after parsing attributes in process `syz.0.1252'. [ 412.378374][ T9606] netdevsim netdevsim0 netdevsim0: entered allmulticast mode [ 412.391057][ T9606] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 413.668581][ T9626] workqueue: Failed to create a rescuer kthread for wq "ceph-watch-notify": -EINTR [ 414.312761][ T9647] netlink: 56 bytes leftover after parsing attributes in process `syz.1.1273'. [ 414.312786][ T9647] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1273'. [ 414.312803][ T9647] netlink: 31 bytes leftover after parsing attributes in process `syz.1.1273'. [ 414.312817][ T9647] netlink: 'syz.1.1273': attribute type 2 has an invalid length. [ 414.312829][ T9647] netlink: 31 bytes leftover after parsing attributes in process `syz.1.1273'. [ 415.477762][ T9667] workqueue: Failed to create a rescuer kthread for wq "ceph-watch-notify": -EINTR [ 415.735464][ T9674] netlink: 'syz.5.1282': attribute type 5 has an invalid length. [ 415.735518][ T9674] netlink: 3657 bytes leftover after parsing attributes in process `syz.5.1282'. [ 420.885255][ T9700] netlink: 16 bytes leftover after parsing attributes in process `syz.5.1290'. [ 422.000997][ T9710] workqueue: Failed to create a rescuer kthread for wq "ceph-completion": -EINTR [ 422.744145][ T9743] netlink: 72 bytes leftover after parsing attributes in process `syz.2.1306'. [ 422.883653][ T9752] syz.2.1309 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 423.051865][ T5791] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 423.231552][ T5791] usb 5-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config [ 423.231579][ T5791] usb 5-1: config 16 has 1 interface, different from the descriptor's value: 4 [ 423.251281][ T5791] usb 5-1: New USB device found, idVendor=2639, idProduct=0002, bcdDevice=45.93 [ 423.251311][ T5791] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 423.692631][ T5791] usb 5-1: string descriptor 0 read error: -71 [ 423.710930][ T5791] usb 5-1: USB disconnect, device number 9 [ 423.981905][ T5917] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 424.166250][ T5917] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0 [ 424.166280][ T5917] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0xA has an invalid bInterval 0, changing to 7 [ 424.169291][ T5917] usb 1-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 424.169317][ T5917] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 424.169334][ T5917] usb 1-1: Product: syz [ 424.169346][ T5917] usb 1-1: Manufacturer: syz [ 424.169358][ T5917] usb 1-1: SerialNumber: syz [ 424.237876][ T5917] usb 1-1: config 0 descriptor?? [ 424.265355][ T5917] usb 1-1: 0:0 : invalid sync pipe. is_playback 1, ep 0a, bSynchAddress 07 [ 425.757942][ T9804] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 425.921615][ T5917] usb 1-1: USB disconnect, device number 10 [ 426.663067][ T9808] workqueue: Failed to create a rescuer kthread for wq "ceph-watch-notify": -EINTR [ 428.681025][ T9848] openvswitch: netlink: Message has 4 unknown bytes. [ 429.464168][ T9855] workqueue: Failed to create a rescuer kthread for wq "ceph-completion": -EINTR [ 429.735486][ T9864] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1352'. [ 429.735523][ T9864] netlink: 40 bytes leftover after parsing attributes in process `syz.5.1352'. [ 430.265743][ T9883] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1360'. [ 430.265767][ T9883] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1360'. [ 431.477321][ T9902] workqueue: Failed to create a rescuer kthread for wq "ceph-watch-notify": -EINTR [ 433.202161][ T5804] Bluetooth: hci3: unexpected cc 0x042f length: 9 > 7 [ 433.202207][ T5804] Bluetooth: hci3: unexpected event for opcode 0x042f [ 434.454842][ T5804] Bluetooth: hci1: unexpected event for opcode 0x080f [ 435.146818][ T9979] netlink: 'syz.2.1398': attribute type 1 has an invalid length. [ 435.146855][ T9979] nbd: couldn't find a device at index 393224 [ 437.773581][ T9993] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(3) [ 437.773607][ T9993] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 437.781283][T10002] vhci_hcd: connection closed [ 437.795151][ T9993] vhci_hcd vhci_hcd.0: Device attached [ 437.801715][ T6540] vhci_hcd: stop threads [ 437.802695][ T6540] vhci_hcd: release socket [ 437.802771][ T6540] vhci_hcd: disconnect device [ 437.830152][T10005] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 437.830290][T10005] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 438.216038][T10019] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1414'. [ 439.002959][ T5802] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0 [ 439.003104][ T5802] Bluetooth: hci1: Injecting HCI hardware error event [ 439.005177][ T5117] Bluetooth: hci1: hardware error 0x00 [ 439.383770][T10035] netlink: 10 bytes leftover after parsing attributes in process `syz.0.1415'. [ 439.482142][T10036] binder: 10018:10036 ioctl c0306201 0 returned -14 [ 439.851817][ T5802] Bluetooth: hci2: command 0x0406 tx timeout [ 440.096853][ T1322] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.096952][ T1322] ieee802154 phy1 wpan1: encryption failed: -22 [ 441.076610][ T50] usb 6-1: new high-speed USB device number 6 using dummy_hcd [ 441.392411][ T50] usb 6-1: Using ep0 maxpacket: 8 [ 441.421875][ T50] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 441.421909][ T50] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 441.421934][ T50] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 441.421956][ T50] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 441.421998][ T50] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 441.422020][ T50] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 441.451820][ T5117] Bluetooth: hci1: Opcode 0x0c03 failed: -110 [ 441.907663][T10031] binder: 10025:10031 ioctl c0306201 0 returned -14 [ 442.134622][T10074] netlink: 68 bytes leftover after parsing attributes in process `syz.2.1434'. [ 443.107767][T10078] workqueue: Failed to create a rescuer kthread for wq "ceph-watch-notify": -EINTR [ 443.361514][ T50] usb 6-1: usb_control_msg returned -71 [ 443.361563][ T50] usbtmc 6-1:16.0: can't read capabilities [ 443.504604][ T50] usb 6-1: USB disconnect, device number 6 [ 445.050370][ C0] vkms_vblank_simulate: vblank timer overrun [ 445.937886][T10116] workqueue: Failed to create a rescuer kthread for wq "ceph-watch-notify": -EINTR [ 446.208896][ C0] vkms_vblank_simulate: vblank timer overrun [ 446.412799][ T50] usb 6-1: new high-speed USB device number 7 using dummy_hcd [ 446.572352][ T50] usb 6-1: Using ep0 maxpacket: 8 [ 446.574645][ T50] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 7 [ 446.577692][ T50] usb 6-1: New USB device found, idVendor=082d, idProduct=0100, bcdDevice=70.4b [ 446.577717][ T50] usb 6-1: New USB device strings: Mfr=44, Product=2, SerialNumber=3 [ 446.577735][ T50] usb 6-1: Product: syz [ 446.577748][ T50] usb 6-1: Manufacturer: syz [ 446.577761][ T50] usb 6-1: SerialNumber: syz [ 446.851026][ T50] usb 6-1: Handspring Visor / Palm OS: No valid connect info available [ 446.851048][ T50] usb 6-1: Handspring Visor / Palm OS: port 0, is for Generic use [ 446.851065][ T50] usb 6-1: Handspring Visor / Palm OS: port 0, is for Generic use [ 446.851081][ T50] usb 6-1: Handspring Visor / Palm OS: Number of ports: 2 [ 447.054413][ T50] visor 6-1:1.0: Handspring Visor / Palm OS converter detected [ 447.059902][ T50] usb 6-1: Handspring Visor / Palm OS converter now attached to ttyUSB0 [ 447.081761][ T44] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 447.107298][ T50] usb 6-1: Handspring Visor / Palm OS converter now attached to ttyUSB1 [ 447.271798][ T44] usb 5-1: Using ep0 maxpacket: 8 [ 447.274916][ T44] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 447.274946][ T44] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 447.274970][ T44] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 447.274993][ T44] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 447.275032][ T44] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 447.275054][ T44] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 447.299719][ T995] usb 6-1: USB disconnect, device number 7 [ 447.332092][ T995] visor ttyUSB0: Handspring Visor / Palm OS converter now disconnected from ttyUSB0 [ 447.361594][ T995] visor ttyUSB1: Handspring Visor / Palm OS converter now disconnected from ttyUSB1 [ 447.365353][ T995] visor 6-1:1.0: device disconnected [ 448.718898][T10162] workqueue: Failed to create a rescuer kthread for wq "ceph-watch-notify": -EINTR [ 449.555992][T10180] process 'syz.0.1475' launched '/dev/fd/3' with NULL argv: empty string added [ 449.732298][T10187] netlink: 60 bytes leftover after parsing attributes in process `syz.5.1478'. [ 449.734054][T10185] netlink: 60 bytes leftover after parsing attributes in process `syz.5.1478'. [ 449.779072][ T44] usb 5-1: usb_control_msg returned -71 [ 449.779122][ T44] usbtmc 5-1:16.0: can't read capabilities [ 449.838717][ T44] usb 5-1: USB disconnect, device number 10 [ 450.396585][T10213] capability: warning: `syz.1.1489' uses 32-bit capabilities (legacy support in use) [ 452.450771][T10252] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount. [ 452.450797][T10252] CIFS mount error: No usable UNC path provided in device string! [ 452.450797][T10252] [ 452.451056][T10252] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 452.631767][ T6493] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 452.783224][ T6493] usb 5-1: Using ep0 maxpacket: 8 [ 452.790078][ T6493] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 452.790109][ T6493] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 452.790133][ T6493] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 452.790155][ T6493] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 452.790196][ T6493] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 452.790217][ T6493] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 454.531883][ T6493] usb 5-1: usb_control_msg returned -71 [ 454.531930][ T6493] usbtmc 5-1:16.0: can't read capabilities [ 454.626742][ T6493] usb 5-1: USB disconnect, device number 11 [ 455.250921][T10303] PKCS8: Unsupported PKCS#8 version [ 456.042519][ T6493] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 456.401788][ T6493] usb 2-1: Using ep0 maxpacket: 8 [ 456.410794][ T6493] usb 2-1: New USB device found, idVendor=0fe9, idProduct=db01, bcdDevice=e9.9b [ 456.410824][ T6493] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 456.410843][ T6493] usb 2-1: Product: syz [ 456.410856][ T6493] usb 2-1: Manufacturer: syz [ 456.410878][ T6493] usb 2-1: SerialNumber: syz [ 456.459903][ T6493] usb 2-1: config 0 descriptor?? [ 456.475473][ T6493] dvb-usb: found a 'DViCO FusionHDTV DVB-T USB (LGZ201)' in warm state. [ 456.481234][ T6493] dvb-usb: bulk message failed: -22 (2/0) [ 457.140476][ T6493] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 457.158696][ T6493] dvbdev: DVB: registering new adapter (DViCO FusionHDTV DVB-T USB (LGZ201)) [ 457.159945][ T6493] usb 2-1: media controller created [ 457.250182][ T6493] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 457.328922][ T6493] dvb-usb: bulk message failed: -22 (1/0) [ 457.386515][ T6493] DVB: Unable to find symbol mt352_attach() [ 457.386549][ T6493] dvb-usb: no frontend was attached by 'DViCO FusionHDTV DVB-T USB (LGZ201)' [ 458.341766][ T6493] rc_core: IR keymap rc-dvico-portable not found [ 458.341785][ T6493] Registered IR keymap rc-empty [ 458.344415][ T6493] rc rc0: DViCO FusionHDTV DVB-T USB (LGZ201) as /devices/platform/dummy_hcd.1/usb2/2-1/rc/rc0 [ 458.348243][ T6493] input: DViCO FusionHDTV DVB-T USB (LGZ201) as /devices/platform/dummy_hcd.1/usb2/2-1/rc/rc0/input25 [ 458.399873][ T6493] dvb-usb: schedule remote query interval to 100 msecs. [ 458.399896][ T6493] dvb-usb: DViCO FusionHDTV DVB-T USB (LGZ201) successfully initialized and connected. [ 458.424849][ T6493] usb 2-1: USB disconnect, device number 10 [ 458.600586][T10349] program syz.4.1540 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 458.780615][ T6493] dvb-usb: DViCO FusionHDTV DVB-T USB (LGZ201) successfully deinitialized and disconnected. [ 459.410460][T10364] veth1_macvtap: left promiscuous mode [ 459.410611][T10364] macsec0: entered promiscuous mode [ 459.644062][ T6493] usb 1-1: new full-speed USB device number 11 using dummy_hcd [ 459.891859][T10370] veth1_macvtap: entered promiscuous mode [ 459.892260][T10370] macsec0: left promiscuous mode [ 460.006094][ T6493] usb 1-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 460.006125][ T6493] usb 1-1: config 0 interface 0 has no altsetting 0 [ 460.009214][ T6493] usb 1-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 460.009241][ T6493] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 460.009259][ T6493] usb 1-1: Product: syz [ 460.009273][ T6493] usb 1-1: Manufacturer: syz [ 460.009286][ T6493] usb 1-1: SerialNumber: syz [ 460.098097][ T6493] usb 1-1: config 0 descriptor?? [ 460.163886][ T6493] usb 1-1: selecting invalid altsetting 0 [ 460.273134][T10374] veth0_to_team: entered promiscuous mode [ 460.355564][ T6493] usb 1-1: USB disconnect, device number 11 [ 460.504181][ T9701] udevd[9701]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 460.672568][T10389] program syz.4.1554 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 461.408746][T10424] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1568'. [ 461.408953][T10424] netlink: 76 bytes leftover after parsing attributes in process `syz.5.1568'. [ 461.517019][T10427] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1572'. [ 461.520310][ T37] kauditd_printk_skb: 3 callbacks suppressed [ 461.520326][ T37] audit: type=1326 audit(2000000217.120:49): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10428 comm="syz.5.1573" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff72718eec9 code=0x7ffc0000 [ 461.520480][ T37] audit: type=1326 audit(2000000217.120:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10428 comm="syz.5.1573" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff72718eec9 code=0x7ffc0000 [ 461.520954][ T37] audit: type=1326 audit(2000000217.120:51): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10428 comm="syz.5.1573" exe="/root/syz-executor" sig=0 arch=c000003e syscall=80 compat=0 ip=0x7ff72718eec9 code=0x7ffc0000 [ 461.521165][ T37] audit: type=1326 audit(2000000217.120:52): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10428 comm="syz.5.1573" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff72718eec9 code=0x7ffc0000 [ 461.521321][ T37] audit: type=1326 audit(2000000217.120:53): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10428 comm="syz.5.1573" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff72718eec9 code=0x7ffc0000 [ 461.774793][T10441] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1578'. [ 461.950279][T10449] Invalid ELF header magic: != ELF [ 462.223211][ C1] vkms_vblank_simulate: vblank timer overrun [ 462.611505][ C1] vkms_vblank_simulate: vblank timer overrun [ 462.917697][ C1] vkms_vblank_simulate: vblank timer overrun [ 466.461830][ T6493] usb 6-1: new high-speed USB device number 8 using dummy_hcd [ 466.498870][T10513] netlink: 'syz.2.1604': attribute type 33 has an invalid length. [ 466.498891][T10513] netlink: 152 bytes leftover after parsing attributes in process `syz.2.1604'. [ 466.498921][T10513] `: renamed from team0 (while UP) [ 466.611812][ T6493] usb 6-1: Using ep0 maxpacket: 8 [ 466.614882][ T6493] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 466.614913][ T6493] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 466.614937][ T6493] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 466.614960][ T6493] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 466.615001][ T6493] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 466.615022][ T6493] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 467.015003][T10523] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1608'. [ 469.595744][T10567] sctp: [Deprecated]: syz.0.1627 (pid 10567) Use of int in max_burst socket option. [ 469.595744][T10567] Use struct sctp_assoc_value instead [ 470.857908][T10581] A link change request failed with some changes committed already. Interface batadv_slave_1 may have been left with an inconsistent configuration, please check. [ 471.160150][ T995] usb 1-1: new high-speed USB device number 12 using dummy_hcd [ 471.301811][ T995] usb 1-1: Using ep0 maxpacket: 16 [ 471.304130][ T995] usb 1-1: config 0 interface 0 altsetting 13 endpoint 0x81 has invalid maxpacket 33620, setting to 1024 [ 471.304162][ T995] usb 1-1: config 0 interface 0 has no altsetting 0 [ 471.304196][ T995] usb 1-1: New USB device found, idVendor=056a, idProduct=00cc, bcdDevice= 0.00 [ 471.304218][ T995] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 471.371842][ T995] usb 1-1: config 0 descriptor?? [ 471.427107][T10594] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1635'. [ 471.792872][ T6493] usb 6-1: usb_control_msg returned -110 [ 471.793947][ T6493] usbtmc 6-1:16.0: can't read capabilities [ 472.404625][ T5862] usb 3-1: new high-speed USB device number 11 using dummy_hcd [ 472.641240][ T50] usb 6-1: USB disconnect, device number 8 [ 472.645674][ T5862] usb 3-1: Using ep0 maxpacket: 8 [ 472.648003][ T5862] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 472.648032][ T5862] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 472.648056][ T5862] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 472.648077][ T5862] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 472.648125][ T5862] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 472.648147][ T5862] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 472.879039][ T995] usb 1-1: USB disconnect, device number 12 [ 474.187095][T10626] netlink: 36 bytes leftover after parsing attributes in process `syz.4.1646'. [ 474.507991][ T5862] usb 3-1: usb_control_msg returned -71 [ 474.508041][ T5862] usbtmc 3-1:16.0: can't read capabilities [ 474.522478][ T5862] usb 3-1: USB disconnect, device number 11 [ 481.314057][ T6493] usb 1-1: new high-speed USB device number 13 using dummy_hcd [ 481.611792][ T5117] Bluetooth: hci2: command 0x0406 tx timeout [ 481.662071][ T6493] usb 1-1: Using ep0 maxpacket: 16 [ 482.308600][T10731] workqueue: Failed to create a rescuer kthread for wq "ceph-completion": -EINTR [ 482.347910][ T6493] usb 1-1: config 0 interface 0 altsetting 9 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 482.347947][ T6493] usb 1-1: config 0 interface 0 has no altsetting 0 [ 482.347981][ T6493] usb 1-1: New USB device found, idVendor=0458, idProduct=0087, bcdDevice= 0.00 [ 482.348004][ T6493] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 482.378551][ T6493] usb 1-1: config 0 descriptor?? [ 482.621111][T10733] tty tty1: ldisc open failed (-12), clearing slot 0 [ 482.838937][ T6493] kye 0003:0458:0087.0002: unknown main item tag 0x0 [ 482.838978][ T6493] kye 0003:0458:0087.0002: unknown main item tag 0x0 [ 482.839005][ T6493] kye 0003:0458:0087.0002: unknown main item tag 0x0 [ 482.839030][ T6493] kye 0003:0458:0087.0002: unknown main item tag 0x0 [ 482.839056][ T6493] kye 0003:0458:0087.0002: unknown main item tag 0x0 [ 482.966719][ T6493] kye 0003:0458:0087.0002: hidraw0: USB HID v0.05 Device [HID 0458:0087] on usb-dummy_hcd.0-1/input0 [ 483.008422][ T6493] usb 1-1: USB disconnect, device number 13 [ 483.162950][T10747] fido_id[10747]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/report_descriptor': No such file or directory [ 487.429442][T10838] netlink: 'syz.5.1726': attribute type 16 has an invalid length. [ 488.093407][ T5917] usb 2-1: new high-speed USB device number 11 using dummy_hcd [ 488.530452][ T5917] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 488.530484][ T5917] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 488.530522][ T5917] usb 2-1: New USB device found, idVendor=05a4, idProduct=8003, bcdDevice= 0.00 [ 488.530544][ T5917] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 488.589792][T10860] Bluetooth: MGMT ver 1.23 [ 488.599870][ T5917] usb 2-1: config 0 descriptor?? [ 488.799642][T10869] netlink: 72 bytes leftover after parsing attributes in process `syz.2.1739'. [ 488.799721][T10869] tc_dump_action: action bad kind [ 488.888074][T10872] syz.5.1741 uses old SIOCAX25GETINFO [ 489.054937][ T5917] ortek 0003:05A4:8003.0003: item fetching failed at offset 5/7 [ 489.056791][ T5917] ortek 0003:05A4:8003.0003: probe with driver ortek failed with error -22 [ 489.267218][ T5917] usb 2-1: USB disconnect, device number 11 [ 490.441814][ T995] usb 6-1: new high-speed USB device number 9 using dummy_hcd [ 490.559264][ C1] vkms_vblank_simulate: vblank timer overrun [ 490.604761][ T995] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 490.604813][ T995] usb 6-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 490.604869][ T995] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 491.125531][ C1] vkms_vblank_simulate: vblank timer overrun [ 491.579698][ C1] vkms_vblank_simulate: vblank timer overrun [ 491.741026][ C1] vkms_vblank_simulate: vblank timer overrun [ 491.789534][ T995] usb 6-1: config 0 descriptor?? [ 493.239237][ T995] keytouch 0003:0926:3333.0004: fixing up Keytouch IEC report descriptor [ 493.537152][ T995] input: HID 0926:3333 as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/0003:0926:3333.0004/input/input27 [ 494.866844][ T995] keytouch 0003:0926:3333.0004: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.5-1/input0 [ 494.926821][ T995] usb 6-1: USB disconnect, device number 9 [ 495.003190][T10931] fido_id[10931]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.5/usb6/6-1/report_descriptor': No such file or directory [ 496.121286][T10939] bond1: invalid ARP target 0.0.0.0 specified for addition [ 496.121317][T10939] bond1: option arp_ip_target: invalid value (0) [ 496.269786][T10939] bond1 (unregistering): Released all slaves [ 497.335830][T10965] vim2m vim2m.0: vidioc_s_fmt queue busy [ 497.726964][T10971] 8021q: adding VLAN 0 to HW filter on device bond0 [ 498.205836][T10971] bond0: (slave rose0): Enslaving as an active interface with an up link [ 498.794045][T10991] netlink: 40 bytes leftover after parsing attributes in process `syz.5.1787'. [ 500.406424][ T37] audit: type=1326 audit(2000000256.010:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11025 comm="syz.0.1800" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6bc6dbeec9 code=0x7ffc0000 [ 500.410311][ T37] audit: type=1326 audit(2000000256.010:55): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11025 comm="syz.0.1800" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6bc6dbeec9 code=0x7ffc0000 [ 500.444719][ T37] audit: type=1326 audit(2000000256.050:56): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11025 comm="syz.0.1800" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7f6bc6dbeec9 code=0x7ffc0000 [ 500.444772][ T37] audit: type=1326 audit(2000000256.050:57): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11025 comm="syz.0.1800" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6bc6dbeec9 code=0x7ffc0000 [ 500.444814][ T37] audit: type=1326 audit(2000000256.050:58): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11025 comm="syz.0.1800" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6bc6dbeec9 code=0x7ffc0000 [ 500.444855][ T37] audit: type=1326 audit(2000000256.050:59): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11025 comm="syz.0.1800" exe="/root/syz-executor" sig=0 arch=c000003e syscall=327 compat=0 ip=0x7f6bc6dbeec9 code=0x7ffc0000 [ 500.445710][ T37] audit: type=1326 audit(2000000256.050:60): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11025 comm="syz.0.1800" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6bc6dbeec9 code=0x7ffc0000 [ 500.445757][ T37] audit: type=1326 audit(2000000256.050:61): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11025 comm="syz.0.1800" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6bc6dbeec9 code=0x7ffc0000 [ 501.065414][T11045] genirq: Flags mismatch irq 4. 00202000 (aio_iiro_16) vs. 00202080 (ttyS0) [ 502.158932][ T1322] ieee802154 phy0 wpan0: encryption failed: -22 [ 502.159004][ T1322] ieee802154 phy1 wpan1: encryption failed: -22 [ 502.580032][T11077] usb usb2: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 502.839949][T11087] autofs: Bad value for 'fd' [ 503.301143][T11107] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1827'. [ 505.079619][T11138] netlink: 'syz.5.1839': attribute type 11 has an invalid length. [ 505.079640][T11138] netlink: 36 bytes leftover after parsing attributes in process `syz.5.1839'. [ 505.145651][T11143] netlink: 156 bytes leftover after parsing attributes in process `syz.1.1841'. [ 505.270067][T11149] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1843'. [ 506.215926][T11160] block nbd0: not configured, cannot reconfigure [ 506.672567][T11182] random: crng reseeded on system resumption [ 506.767170][T11182] Restarting kernel threads ... [ 506.775469][T11182] Done restarting kernel threads. [ 508.306106][ T6493] usb 6-1: new high-speed USB device number 10 using dummy_hcd [ 508.491772][ T6493] usb 6-1: Using ep0 maxpacket: 8 [ 508.494001][ T6493] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 508.494028][ T6493] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 508.494049][ T6493] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 508.494068][ T6493] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 508.494102][ T6493] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 508.494120][ T6493] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 511.351807][ T6493] usb 6-1: usb_control_msg returned -71 [ 511.351853][ T6493] usbtmc 6-1:16.0: can't read capabilities [ 511.835444][T11249] workqueue: Failed to create a rescuer kthread for wq "ceph-completion": -EINTR [ 512.021933][ T6493] usb 6-1: USB disconnect, device number 10 [ 512.528896][ T50] usb 2-1: new high-speed USB device number 12 using dummy_hcd [ 512.792597][ T50] usb 2-1: Using ep0 maxpacket: 8 [ 513.061002][ T50] usb 2-1: config 0 has an invalid interface number: 55 but max is 0 [ 513.061030][ T50] usb 2-1: config 0 has no interface number 0 [ 513.061081][ T50] usb 2-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 513.061104][ T50] usb 2-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 513.061129][ T50] usb 2-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 513.061154][ T50] usb 2-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 513.061196][ T50] usb 2-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 513.061218][ T50] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 513.298825][ T50] usb 2-1: config 0 descriptor?? [ 513.333521][ T50] ldusb 2-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 514.357101][T11277] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1887'. [ 514.357132][T11277] bridge: RTM_NEWNEIGH bridge0 without NUD_PERMANENT [ 515.041837][ T5917] usb 6-1: new high-speed USB device number 11 using dummy_hcd [ 515.647191][T11297] workqueue: Failed to create a rescuer kthread for wq "ceph-watch-notify": -EINTR [ 515.838451][ T50] usb 2-1: USB disconnect, device number 12 [ 515.896358][ T50] ldusb 2-1:0.55: LD USB Device #0 now disconnected [ 516.095302][ T5917] usb 6-1: config 0 interface 0 has no altsetting 0 [ 516.095346][ T5917] usb 6-1: New USB device found, idVendor=046d, idProduct=0a0e, bcdDevice=94.75 [ 516.095369][ T5917] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 516.123313][ T5917] usb 6-1: config 0 descriptor?? [ 516.475960][T11319] netlink: 56 bytes leftover after parsing attributes in process `syz.1.1906'. [ 516.754743][ T5917] video4linux radio48: keene_cmd_set failed (-71) [ 516.754769][ T5917] radio-keene 6-1:0.0: V4L2 device registered as radio48 [ 516.785199][ T5917] usb 6-1: USB disconnect, device number 11 [ 517.819329][T11341] workqueue: Failed to create a rescuer kthread for wq "ceph-watch-notify": -EINTR [ 518.046905][ C0] vkms_vblank_simulate: vblank timer overrun [ 518.357820][ T10] usb 3-1: new high-speed USB device number 12 using dummy_hcd [ 518.501807][ T10] usb 3-1: Using ep0 maxpacket: 8 [ 518.507816][ T10] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 7 [ 518.521818][ T5917] usb 6-1: new high-speed USB device number 12 using dummy_hcd [ 518.540313][ T10] usb 3-1: New USB device found, idVendor=082d, idProduct=0100, bcdDevice=70.4b [ 518.540340][ T10] usb 3-1: New USB device strings: Mfr=44, Product=2, SerialNumber=3 [ 518.540358][ T10] usb 3-1: Product: syz [ 518.540372][ T10] usb 3-1: Manufacturer: syz [ 518.540384][ T10] usb 3-1: SerialNumber: syz [ 518.671798][ T5917] usb 6-1: Using ep0 maxpacket: 8 [ 518.674037][ T5917] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 518.674067][ T5917] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 518.674146][ T5917] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 518.674169][ T5917] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 518.674208][ T5917] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 518.674229][ T5917] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 518.808438][ T10] usb 3-1: Handspring Visor / Palm OS: No valid connect info available [ 518.808460][ T10] usb 3-1: Handspring Visor / Palm OS: port 0, is for HotSync use [ 518.808478][ T10] usb 3-1: Handspring Visor / Palm OS: port 0, is for Generic use [ 518.808495][ T10] usb 3-1: Handspring Visor / Palm OS: Number of ports: 2 [ 518.966655][ T5917] usb 6-1: usb_control_msg returned -71 [ 518.967106][ T5917] usbtmc 6-1:16.0: can't read capabilities [ 519.018069][ T10] usb 3-1: palm_os_3_probe - error -71 getting bytes available request [ 519.021178][ T10] visor 3-1:1.0: Handspring Visor / Palm OS converter detected [ 519.055159][ T5917] usb 6-1: USB disconnect, device number 12 [ 519.056490][ T10] usb 3-1: Handspring Visor / Palm OS converter now attached to ttyUSB0 [ 519.090663][ T10] usb 3-1: Handspring Visor / Palm OS converter now attached to ttyUSB1 [ 519.106187][ T10] usb 3-1: USB disconnect, device number 12 [ 519.129188][ T10] visor ttyUSB0: Handspring Visor / Palm OS converter now disconnected from ttyUSB0 [ 519.148661][ T10] visor ttyUSB1: Handspring Visor / Palm OS converter now disconnected from ttyUSB1 [ 519.149725][ T10] visor 3-1:1.0: device disconnected [ 519.510246][T11372] netlink: 92 bytes leftover after parsing attributes in process `syz.4.1925'. [ 519.510312][T11372] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1925'. [ 520.684107][T11391] workqueue: Failed to create a rescuer kthread for wq "ceph-watch-notify": -EINTR [ 520.889022][T11395] bond1: invalid ARP target 0.0.0.0 specified for addition [ 520.889050][T11395] bond1: option arp_ip_target: invalid value (0) [ 520.941047][ C0] vkms_vblank_simulate: vblank timer overrun [ 520.996515][T11395] bond1 (unregistering): Released all slaves [ 521.394565][T11416] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1945'. [ 521.821883][ T50] usb 5-1: new high-speed USB device number 12 using dummy_hcd [ 521.892403][ T44] usb 1-1: new high-speed USB device number 14 using dummy_hcd [ 521.973467][ T50] usb 5-1: Using ep0 maxpacket: 8 [ 522.002779][ T50] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 522.002922][ T50] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 522.003055][ T50] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 522.003581][ T50] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 522.005676][ T50] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 522.006776][ T50] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 522.063253][ T44] usb 1-1: Using ep0 maxpacket: 32 [ 522.440289][ T44] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 522.440338][ T44] usb 1-1: New USB device found, idVendor=0c70, idProduct=f014, bcdDevice= 0.00 [ 522.440362][ T44] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 522.557217][ T44] usb 1-1: config 0 descriptor?? [ 522.784249][ T50] usb 5-1: usb_control_msg returned -71 [ 522.784350][ T50] usbtmc 5-1:16.0: can't read capabilities [ 522.909423][T11441] erspan0: entered promiscuous mode [ 522.909779][T11441] macsec1: entered promiscuous mode [ 522.931556][ T50] usb 5-1: USB disconnect, device number 12 [ 522.955922][T11441] erspan0: left promiscuous mode [ 523.543689][ T44] aquacomputer_d5next 0003:0C70:F014.0005: hidraw0: USB HID v0.00 Device [HID 0c70:f014] on usb-dummy_hcd.0-1/input0 [ 523.914623][ T44] usb 1-1: USB disconnect, device number 14 [ 524.146389][T11448] fido_id[11448]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/report_descriptor': No such file or directory [ 524.336444][T11461] bond2: invalid ARP target 0.0.0.0 specified for addition [ 524.336480][T11461] bond2: option arp_ip_target: invalid value (0) [ 524.371400][T11461] bond2 (unregistering): Released all slaves [ 524.451851][T11466] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1958'. [ 524.451872][T11466] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1958'. [ 524.451896][T11466] netlink: 'syz.1.1958': attribute type 7 has an invalid length. [ 525.099745][T11492] netlink: 96 bytes leftover after parsing attributes in process `syz.4.1967'. [ 526.031847][ T5862] usb 2-1: new high-speed USB device number 13 using dummy_hcd [ 526.211887][ T5862] usb 2-1: Using ep0 maxpacket: 8 [ 526.232521][ T5862] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 526.232555][ T5862] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 526.232618][ T5862] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 526.232675][ T5862] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 526.232798][ T5862] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 526.232853][ T5862] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 526.640020][ T5862] usb 2-1: usb_control_msg returned -71 [ 526.640049][ T5862] usbtmc 2-1:16.0: can't read capabilities [ 526.669830][ T5862] usb 2-1: USB disconnect, device number 13 [ 526.858869][T11519] bond2: invalid ARP target 0.0.0.0 specified for addition [ 526.858895][T11519] bond2: option arp_ip_target: invalid value (0) [ 526.899048][T11519] bond2 (unregistering): Released all slaves [ 527.021896][ T44] usb 1-1: new high-speed USB device number 15 using dummy_hcd [ 527.121824][ T5869] usb 5-1: new high-speed USB device number 13 using dummy_hcd [ 527.262513][ T44] usb 1-1: Using ep0 maxpacket: 32 [ 527.264952][ T44] usb 1-1: config 0 has an invalid interface number: 184 but max is 0 [ 527.264977][ T44] usb 1-1: config 0 has no interface number 0 [ 527.265028][ T44] usb 1-1: config 0 interface 184 has no altsetting 0 [ 527.271108][ T44] usb 1-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 527.271135][ T44] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 527.271153][ T44] usb 1-1: Product: syz [ 527.271167][ T44] usb 1-1: Manufacturer: syz [ 527.271180][ T44] usb 1-1: SerialNumber: syz [ 527.281395][ T44] usb 1-1: config 0 descriptor?? [ 527.305357][ T44] smsc75xx v1.0.0 [ 527.321849][ T5869] usb 5-1: Using ep0 maxpacket: 8 [ 527.325243][ T5869] usb 5-1: config 0 has an invalid interface number: 55 but max is 0 [ 527.325266][ T5869] usb 5-1: config 0 has no interface number 0 [ 527.325364][ T5869] usb 5-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 527.325388][ T5869] usb 5-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 527.325411][ T5869] usb 5-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 527.325436][ T5869] usb 5-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 527.325546][ T5869] usb 5-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 527.325569][ T5869] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 527.391038][ T5869] usb 5-1: config 0 descriptor?? [ 527.510440][ T5869] ldusb 5-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 527.752763][ T5869] usb 5-1: USB disconnect, device number 13 [ 527.828045][ T5869] ldusb 5-1:0.55: LD USB Device #0 now disconnected [ 527.939124][ T44] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71 [ 527.939155][ T44] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -71 [ 527.939174][ T44] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): device not ready in smsc75xx_bind [ 527.939543][ T44] smsc75xx 1-1:0.184: probe with driver smsc75xx failed with error -71 [ 527.967990][ T44] usb 1-1: USB disconnect, device number 15 [ 528.190793][T11548] tipc: Started in network mode [ 528.190816][T11548] tipc: Node identity aaaaaaaaaa33, cluster identity 4711 [ 528.199926][T11548] tipc: Enabled bearer , priority 2 [ 528.329606][T11554] ptrace attach of "./syz-executor exec"[5801] was attempted by "R~sۄ9!+làvs\x22~Uxa*fPyw.6iB֡O ^$ w*? ;-b?3ASѭKkr\x0aؙ:y>sy\x1bSD8\x1bu\x0a2.bfhݹ5cM+wk|(Hn'cCj<,ᨊr.u(lnvNFQ+&iЁk&ȍĤ>貥fbRs󷖾\x0c~1%^?\x1bY\x1bg-3˩VO|\x0a᳷[.'3DAzrcO ,;j!poUe{s%@OtnZbB&+4?pRN!YˑNjgiq[6hvN|ՠxiPo54(%* ħlLUD䧥7`z8h“=-ei}\x5c\x09v:-ם\x099.VE&\x09 b&hΚA`R&֕AO ݛ/\x1bL\x07&DuoO^C'S1 @#^^V156r詴tU\x0c0鴲>ŪMVj\x07=}]MXUtY[%>p*js;x9K4m{yWp5p\x0cV\x0c\x0a(UηX8'C}ħJ=6Ww&u]8?+3q(*R\x09-e\x22gNN?-݋0ުJx~~/ALI8o$a3e@JcT ̑ѧ8%p缑/܏!/%V'Rjoqsvgqc]\x09 [ 529.304430][ T5869] tipc: Node number set to 10070698 [ 534.096016][ T995] usb 3-1: new high-speed USB device number 13 using dummy_hcd [ 534.265839][ T995] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 534.267393][ T995] usb 3-1: New USB device found, idVendor=0079, idProduct=1846, bcdDevice= 0.00 [ 534.267420][ T995] usb 3-1: New USB device strings: Mfr=64, Product=0, SerialNumber=0 [ 534.267439][ T995] usb 3-1: Manufacturer: syz [ 534.315327][ T995] usb 3-1: config 0 descriptor?? [ 534.818410][ T995] hid_mf 0003:0079:1846.0006: nested delimiters [ 534.818430][ T995] hid_mf 0003:0079:1846.0006: item 0 1 2 10 parsing failed [ 534.837090][ T995] hid_mf 0003:0079:1846.0006: HID parse failed. [ 534.837172][ T995] hid_mf 0003:0079:1846.0006: probe with driver hid_mf failed with error -22 [ 534.982193][ T44] usb 3-1: USB disconnect, device number 13 [ 535.275870][T11675] program syz.0.2030 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 535.452039][ T5117] Bluetooth: hci2: command 0x0406 tx timeout [ 536.397914][T11695] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2041'. [ 537.931811][ T995] usb 2-1: new high-speed USB device number 14 using dummy_hcd [ 538.100372][ T995] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 538.100420][ T995] usb 2-1: New USB device found, idVendor=1532, idProduct=010d, bcdDevice= 0.00 [ 538.100442][ T995] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 538.176527][ T995] usb 2-1: config 0 descriptor?? [ 538.760378][ T995] razer 0003:1532:010D.0007: hidraw0: USB HID v0.00 Device [HID 1532:010d] on usb-dummy_hcd.1-1/input0 [ 539.891629][ T5869] usb 2-1: USB disconnect, device number 14 [ 540.393760][ C0] vkms_vblank_simulate: vblank timer overrun [ 540.853285][ T5917] usb 5-1: new high-speed USB device number 14 using dummy_hcd [ 541.011884][ T5917] usb 5-1: Using ep0 maxpacket: 8 [ 541.014495][ T5917] usb 5-1: config index 0 descriptor too short (expected 30, got 18) [ 541.048478][ T5917] usb 5-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea [ 541.048506][ T5917] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 541.048525][ T5917] usb 5-1: Product: syz [ 541.048538][ T5917] usb 5-1: Manufacturer: syz [ 541.048552][ T5917] usb 5-1: SerialNumber: syz [ 541.115307][ T5917] usb 5-1: config 0 descriptor?? [ 541.145873][ T5917] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state. [ 541.145948][ T5917] usb 5-1: setting power ON [ 541.145966][ T5917] dvb-usb: bulk message failed: -22 (2/0) [ 541.237658][ T5917] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 541.240843][ T5917] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID)) [ 541.240904][ T5917] usb 5-1: media controller created [ 541.350281][T11742] dvb-usb: bulk message failed: -22 (3/0) [ 541.350304][T11742] cxusb: i2c wr: len=80 is too big! [ 541.350304][T11742] [ 541.418459][ T5917] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 541.504530][ T5917] usb 5-1: selecting invalid altsetting 6 [ 541.504553][ T5917] usb 5-1: digital interface selection failed (-22) [ 541.504570][ T5917] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)' [ 541.509934][ T5917] usb 5-1: setting power OFF [ 541.510078][ T5917] dvb-usb: bulk message failed: -22 (2/0) [ 541.510097][ T5917] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected. [ 541.510108][ T5917] (NULL device *): no alternate interface [ 541.686153][ T5917] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected. [ 541.714906][ T5917] usb 5-1: USB disconnect, device number 14 [ 542.111961][ T5791] usb 6-1: new high-speed USB device number 13 using dummy_hcd [ 542.270783][ T5791] usb 6-1: config 0 has an invalid interface number: 92 but max is 0 [ 542.270809][ T5791] usb 6-1: config 0 has no interface number 0 [ 542.270913][ T5791] usb 6-1: config 0 interface 92 altsetting 3 has an endpoint descriptor with address 0x1E, changing to 0xE [ 542.270940][ T5791] usb 6-1: config 0 interface 92 altsetting 3 bulk endpoint 0x1 has invalid maxpacket 1023 [ 542.270962][ T5791] usb 6-1: config 0 interface 92 altsetting 3 bulk endpoint 0x9 has invalid maxpacket 32 [ 542.270985][ T5791] usb 6-1: config 0 interface 92 altsetting 3 endpoint 0xD has invalid maxpacket 1023, setting to 64 [ 542.271010][ T5791] usb 6-1: config 0 interface 92 has no altsetting 0 [ 542.271043][ T5791] usb 6-1: New USB device found, idVendor=1199, idProduct=6812, bcdDevice=e8.59 [ 542.271064][ T5791] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 542.371956][ T5791] usb 6-1: config 0 descriptor?? [ 542.373109][T11761] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 542.373240][T11761] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 542.406928][ T5791] sierra 6-1:0.92: Sierra USB modem converter detected [ 542.745243][ T5791] usb 6-1: Sierra USB modem converter now attached to ttyUSB0 [ 542.841940][ T5791] usb 6-1: USB disconnect, device number 13 [ 542.900267][ T5791] sierra ttyUSB0: Sierra USB modem converter now disconnected from ttyUSB0 [ 542.901270][ T5791] sierra 6-1:0.92: device disconnected [ 543.581744][T11787] IPVS: sync thread started: state = BACKUP, mcast_ifn = vcan0, syncid = 0, id = 0 [ 544.148329][T11798] netlink: 32 bytes leftover after parsing attributes in process `syz.1.2080'. [ 544.175695][ T5791] usb 1-1: new full-speed USB device number 16 using dummy_hcd [ 544.353424][ T5791] usb 1-1: config 2 has an invalid descriptor of length 0, skipping remainder of the config [ 544.359358][ T5791] usb 1-1: New USB device found, idVendor=7a69, idProduct=0001, bcdDevice=a8.6b [ 544.359385][ T5791] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 544.359404][ T5791] usb 1-1: Product: syz [ 544.359417][ T5791] usb 1-1: Manufacturer: syz [ 544.359431][ T5791] usb 1-1: SerialNumber: syz [ 544.446227][ T5791] usb 1-1: dvb_usb_v2: found a '774 Friio White ISDB-T USB2.0' in warm state [ 545.110624][ T5791] usb 1-1: dvb_usb_v2: this USB2.0 device cannot be run on a USB1.1 port (it lacks a hardware PID filter) [ 545.148814][ T5791] usb 1-1: USB disconnect, device number 16 [ 545.791774][ T5791] usb 6-1: new high-speed USB device number 14 using dummy_hcd [ 545.841842][ T995] usb 2-1: new full-speed USB device number 15 using dummy_hcd [ 545.961836][ T5791] usb 6-1: too many endpoints for config 0 interface 0 altsetting 11: 132, using maximum allowed: 30 [ 545.961888][ T5791] usb 6-1: config 0 interface 0 altsetting 11 has 1 endpoint descriptor, different from the interface descriptor's value: 132 [ 545.962013][ T5791] usb 6-1: config 0 interface 0 has no altsetting 0 [ 545.962047][ T5791] usb 6-1: New USB device found, idVendor=045e, idProduct=009d, bcdDevice= 0.00 [ 545.962069][ T5791] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 546.043580][ T5791] usb 6-1: config 0 descriptor?? [ 546.048004][ T995] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 546.048046][ T995] usb 2-1: New USB device found, idVendor=044f, idProduct=b605, bcdDevice= 0.00 [ 546.048069][ T995] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 546.450859][ T37] audit: type=1326 audit(2000000302.050:62): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11833 comm="syz.2.2096" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f56cf5ceec9 code=0x7ffc0000 [ 546.451190][ T37] audit: type=1326 audit(2000000302.050:63): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11833 comm="syz.2.2096" exe="/root/syz-executor" sig=0 arch=c000003e syscall=61 compat=0 ip=0x7f56cf5ceec9 code=0x7ffc0000 [ 546.562106][ T995] usb 2-1: config 0 descriptor?? [ 546.654734][ T37] audit: type=1326 audit(2000000302.260:64): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11833 comm="syz.2.2096" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f56cf5ceec9 code=0x7ffc0000 [ 546.853037][ T5791] microsoft 0003:045E:009D.0008: unbalanced collection at end of report description [ 546.859664][ T5791] microsoft 0003:045E:009D.0008: parse failed [ 546.859827][ T5791] microsoft 0003:045E:009D.0008: probe with driver microsoft failed with error -22 [ 546.996440][ T5917] usb 6-1: USB disconnect, device number 14 [ 547.019846][ T995] thrustmaster 0003:044F:B605.0009: item fetching failed at offset 0/2 [ 547.049505][ T995] thrustmaster 0003:044F:B605.0009: parse failed [ 547.049591][ T995] thrustmaster 0003:044F:B605.0009: probe with driver thrustmaster failed with error -22 [ 547.270976][ T5917] usb 2-1: USB disconnect, device number 15 [ 547.456001][T11843] bond1: entered promiscuous mode [ 547.456036][T11843] bond1: entered allmulticast mode [ 547.456591][T11843] 8021q: adding VLAN 0 to HW filter on device bond1 [ 549.834990][ C0] vkms_vblank_simulate: vblank timer overrun [ 550.871385][T11901] netlink: 'syz.5.2120': attribute type 1 has an invalid length. [ 550.966679][ C0] vkms_vblank_simulate: vblank timer overrun [ 552.599640][ C0] vkms_vblank_simulate: vblank timer overrun [ 554.878484][T11843] bond1 (unregistering): Released all slaves [ 556.622141][ T995] usb 6-1: new full-speed USB device number 15 using dummy_hcd [ 556.792805][ T995] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 556.792872][ T995] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 556.792991][ T995] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 26984, setting to 64 [ 556.793065][ T995] usb 6-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 556.793089][ T995] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 556.944253][T11952] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 556.947405][ T995] hub 6-1:1.0: bad descriptor, ignoring hub [ 556.947443][ T995] hub 6-1:1.0: probe with driver hub failed with error -5 [ 556.949140][ T995] cdc_wdm 6-1:1.0: skipping garbage [ 556.949156][ T995] cdc_wdm 6-1:1.0: skipping garbage [ 557.002798][ T995] cdc_wdm 6-1:1.0: cdc-wdm0: USB WDM device [ 557.003437][ T995] cdc_wdm 6-1:1.0: Unknown control protocol [ 557.792013][ T995] usb 6-1: USB disconnect, device number 15 [ 557.910280][T11963] netlink: 256 bytes leftover after parsing attributes in process `syz.4.2141'. [ 562.986000][ T1322] ieee802154 phy0 wpan0: encryption failed: -22 [ 562.986072][ T1322] ieee802154 phy1 wpan1: encryption failed: -22 [ 563.761810][ T995] usb 2-1: new high-speed USB device number 16 using dummy_hcd [ 563.929674][ T995] usb 2-1: config index 0 descriptor too short (expected 23569, got 27) [ 563.929744][ T995] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 563.930917][ T995] usb 2-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 563.930943][ T995] usb 2-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 563.930961][ T995] usb 2-1: Manufacturer: syz [ 563.994049][ T995] usb 2-1: config 0 descriptor?? [ 564.254995][ T995] rc_core: IR keymap rc-hauppauge not found [ 564.255016][ T995] Registered IR keymap rc-empty [ 564.280598][ T995] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0 [ 564.310177][ T995] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0/input34 [ 564.881018][ T995] usb 2-1: USB disconnect, device number 16 [ 567.241295][T12047] delete_channel: no stack [ 567.590665][T12059] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2178'. [ 569.996406][T12100] vimc link validate: Sensor B:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 1:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 570.294471][T12101] tmpfs: Too few inodes for current use [ 572.431811][T12123] syz.2.2204 (12123) used obsolete PPPIOCDETACH ioctl [ 572.681812][ T5917] usb 1-1: new high-speed USB device number 17 using dummy_hcd [ 572.834297][ T5917] usb 1-1: New USB device found, idVendor=055f, idProduct=c420, bcdDevice=6a.33 [ 572.834327][ T5917] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 572.846014][ T5917] usb 1-1: config 0 descriptor?? [ 572.874906][ T5917] gspca_main: sunplus-2.14.0 probing 055f:c420 [ 573.503487][ T5917] gspca_sunplus: reg_w_riv err -71 [ 573.503589][ T5917] sunplus 1-1:0.0: probe with driver sunplus failed with error -71 [ 573.520164][ T5917] usb 1-1: USB disconnect, device number 17 [ 583.094862][T12159] syz.2.2217 (12159): drop_caches: 2 [ 583.134093][ T5117] Bluetooth: hci2: command 0x0406 tx timeout [ 584.141946][T12186] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2227'. [ 584.361805][ T995] usb 6-1: new high-speed USB device number 16 using dummy_hcd [ 584.527761][ T995] usb 6-1: New USB device found, idVendor=0547, idProduct=0201, bcdDevice=11.64 [ 584.527790][ T995] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 584.527808][ T995] usb 6-1: Product: syz [ 584.527822][ T995] usb 6-1: Manufacturer: syz [ 584.527835][ T995] usb 6-1: SerialNumber: syz [ 584.603577][ T995] usb 6-1: config 0 descriptor?? [ 584.648694][ T995] dvb-usb: found a 'Nebula Electronics uDigiTV DVB-T USB2.0)' in warm state. [ 584.667115][T12178] ceph: No mds server is up or the cluster is laggy [ 584.692314][ T5959] libceph: connect (1)[c::]:6789 error -101 [ 584.692523][ T5959] libceph: mon0 (1)[c::]:6789 connect error [ 584.745502][ T995] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 584.751417][ T995] dvbdev: DVB: registering new adapter (Nebula Electronics uDigiTV DVB-T USB2.0)) [ 584.751601][ T995] usb 6-1: media controller created [ 585.129816][ T995] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 585.458346][ T995] DVB: Unable to find symbol mt352_attach() [ 585.742986][ T995] DVB: Unable to find symbol nxt6000_attach() [ 585.743002][ T995] dvb-usb: no frontend was attached by 'Nebula Electronics uDigiTV DVB-T USB2.0)' [ 585.791525][ T995] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.5/usb6/6-1/input/input36 [ 585.833078][ T995] dvb-usb: schedule remote query interval to 1000 msecs. [ 585.833101][ T995] dvb-usb: Nebula Electronics uDigiTV DVB-T USB2.0) successfully initialized and connected. [ 585.833314][ T995] dvb-usb: bulk message failed: -22 (7/0) [ 585.833332][ T995] dvb-usb: bulk message failed: -22 (7/0) [ 585.892935][ T995] usb 6-1: USB disconnect, device number 16 [ 588.491822][ T5802] Bluetooth: hci2: command 0x0406 tx timeout [ 589.691348][ T995] dvb-usb: Nebula Electronics uDigiTV DVB-T USB2.0 successfully deinitialized and disconnected. [ 591.647858][T12268] netlink: 20 bytes leftover after parsing attributes in process `syz.5.2260'. [ 591.708248][T12272] random: crng reseeded on system resumption [ 592.420384][T12282] veth1_macvtap: left promiscuous mode [ 592.420411][T12282] macsec0: entered promiscuous mode [ 592.420428][T12282] macsec0: entered allmulticast mode [ 592.667303][ T37] audit: type=1326 audit(2000000348.270:65): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12288 comm="syz.5.2270" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff72718eec9 code=0x7ffc0000 [ 592.667659][ T37] audit: type=1326 audit(2000000348.270:66): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12288 comm="syz.5.2270" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff72718eec9 code=0x7ffc0000 [ 592.728406][ T37] audit: type=1326 audit(2000000348.270:67): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12288 comm="syz.5.2270" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff72718eec9 code=0x7ffc0000 [ 592.728459][ T37] audit: type=1326 audit(2000000348.330:68): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12288 comm="syz.5.2270" exe="/root/syz-executor" sig=0 arch=c000003e syscall=249 compat=0 ip=0x7ff72718eec9 code=0x7ffc0000 [ 592.728504][ T37] audit: type=1326 audit(2000000348.330:69): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12288 comm="syz.5.2270" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff72718eec9 code=0x7ffc0000 [ 592.728545][ T37] audit: type=1326 audit(2000000348.330:70): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12288 comm="syz.5.2270" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff72718eec9 code=0x7ffc0000 [ 592.728593][ T37] audit: type=1326 audit(2000000348.330:71): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12288 comm="syz.5.2270" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff72718eec9 code=0x7ffc0000 [ 592.728635][ T37] audit: type=1326 audit(2000000348.330:72): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12288 comm="syz.5.2270" exe="/root/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7ff72718eec9 code=0x7ffc0000 [ 592.728678][ T37] audit: type=1326 audit(2000000348.330:73): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12288 comm="syz.5.2270" exe="/root/syz-executor" sig=0 arch=c000003e syscall=231 compat=0 ip=0x7ff72718eec9 code=0x7ffc0000 [ 593.797983][T12294] netlink: 'syz.2.2271': attribute type 8 has an invalid length. [ 593.798003][T12294] netlink: 216 bytes leftover after parsing attributes in process `syz.2.2271'. [ 594.982068][T12316] syz.1.2280 uses obsolete (PF_INET,SOCK_PACKET) [ 600.002735][ T44] usb 6-1: new high-speed USB device number 17 using dummy_hcd [ 600.312364][ T44] usb 6-1: Using ep0 maxpacket: 32 [ 600.384517][ T5862] usb 5-1: new high-speed USB device number 15 using dummy_hcd [ 600.471292][ T44] usb 6-1: config 0 has an invalid interface number: 1 but max is 0 [ 600.471319][ T44] usb 6-1: config 0 has no interface number 0 [ 600.525432][ T44] usb 6-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=b6.d8 [ 600.525462][ T44] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 600.525481][ T44] usb 6-1: Product: syz [ 600.525494][ T44] usb 6-1: Manufacturer: syz [ 600.525507][ T44] usb 6-1: SerialNumber: syz [ 600.905655][ T5862] usb 5-1: Using ep0 maxpacket: 8 [ 601.622005][ T5862] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 601.622040][ T5862] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 601.622064][ T5862] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 601.622086][ T5862] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 601.622127][ T5862] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 601.622149][ T5862] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 601.692800][ T44] usb 6-1: config 0 descriptor?? [ 602.838439][ T5862] usb 5-1: can't set config #16, error -71 [ 602.871475][ T5862] usb 5-1: USB disconnect, device number 15 [ 602.919020][ T44] usb 6-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state [ 602.919057][ T44] usb 6-1: selecting invalid altsetting 1 [ 602.919072][ T44] usb 6-1: dvb_usb_ce6230: usb_set_interface() failed=-22 [ 603.123746][ T44] usb 6-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 603.124205][ T44] dvbdev: DVB: registering new adapter (Intel CE9500 reference design) [ 603.124263][ T44] usb 6-1: media controller created [ 603.474008][ T44] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 604.174579][ T44] usb 6-1: dvb_usb_ce6230: usb_control_msg() failed=-71 [ 604.174638][ T44] zl10353_read_register: readreg error (reg=127, ret==-71) [ 604.180477][ T44] usb 6-1: dvb_usb_ce6230: usb_set_interface() failed=-71 [ 604.650142][ T44] usb 6-1: USB disconnect, device number 17 [ 604.981817][ T5791] usb 2-1: new high-speed USB device number 17 using dummy_hcd [ 606.025563][ T5791] usb 2-1: Using ep0 maxpacket: 32 [ 606.133432][ T5791] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 606.133480][ T5791] usb 2-1: New USB device found, idVendor=1b1c, idProduct=1c0b, bcdDevice= 0.00 [ 606.133503][ T5791] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 606.201108][ T5791] usb 2-1: config 0 descriptor?? [ 607.774759][ T5791] corsair-psu 0003:1B1C:1C0B.000A: unbalanced delimiter at end of report description [ 607.775682][ T5791] corsair-psu 0003:1B1C:1C0B.000A: probe with driver corsair-psu failed with error -22 [ 608.472752][ T5791] usb 2-1: USB disconnect, device number 17 [ 609.430991][T12384] workqueue: Failed to create a rescuer kthread for wq "ceph-watch-notify": -EINTR [ 619.963876][ T5959] IPVS: starting estimator thread 0... [ 620.162164][T12417] IPVS: using max 7 ests per chain, 16800 per kthread [ 621.600361][T12424] netlink: 1272 bytes leftover after parsing attributes in process `syz.0.2319'. [ 622.255336][ T5959] usb 2-1: new high-speed USB device number 18 using dummy_hcd [ 623.283259][T12432] vimc link validate: Sensor A:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 0:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 623.312266][T12433] program syz.2.2322 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 623.436717][ T5959] usb 2-1: device descriptor read/all, error -71 [ 623.666407][T12430] mkiss: ax0: crc mode is auto. [ 624.432371][ T1322] ieee802154 phy0 wpan0: encryption failed: -22 [ 624.432443][ T1322] ieee802154 phy1 wpan1: encryption failed: -22 [ 634.406567][ C1] vkms_vblank_simulate: vblank timer overrun [ 634.525875][ C1] vkms_vblank_simulate: vblank timer overrun [ 635.175234][ C1] vkms_vblank_simulate: vblank timer overrun [ 635.463917][ C1] vkms_vblank_simulate: vblank timer overrun [ 636.326029][ C1] vkms_vblank_simulate: vblank timer overrun [ 636.426900][ C1] vkms_vblank_simulate: vblank timer overrun [ 637.156279][ C1] vkms_vblank_simulate: vblank timer overrun [ 637.361745][ C1] vkms_vblank_simulate: vblank timer overrun [ 637.466699][ C1] vkms_vblank_simulate: vblank timer overrun [ 637.576658][ C1] vkms_vblank_simulate: vblank timer overrun [ 637.605276][ C1] vkms_vblank_simulate: vblank timer overrun [ 637.775045][ C1] vkms_vblank_simulate: vblank timer overrun [ 637.806643][ C1] vkms_vblank_simulate: vblank timer overrun [ 637.976718][ C1] vkms_vblank_simulate: vblank timer overrun [ 638.025779][ C1] vkms_vblank_simulate: vblank timer overrun [ 639.981768][ T5862] usb 3-1: new high-speed USB device number 14 using dummy_hcd [ 640.211948][ T5862] usb 3-1: Using ep0 maxpacket: 8 [ 640.214314][ T5862] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x2 has invalid maxpacket 19910, setting to 64 [ 640.214345][ T5862] usb 3-1: config 0 interface 0 has no altsetting 0 [ 640.217343][ T5862] usb 3-1: New USB device found, idVendor=0e41, idProduct=4142, bcdDevice=d4.6e [ 640.217368][ T5862] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 640.217386][ T5862] usb 3-1: Product: syz [ 640.217400][ T5862] usb 3-1: Manufacturer: syz [ 640.217413][ T5862] usb 3-1: SerialNumber: syz [ 640.710954][ T5862] usb 3-1: config 0 descriptor?? [ 640.780349][ T5862] snd_usb_toneport 3-1:0.0: Line 6 TonePort UX2 found [ 641.223857][ T5862] snd_usb_toneport 3-1:0.0: Line 6 TonePort UX2 now disconnected [ 641.227239][ T5862] snd_usb_toneport 3-1:0.0: probe with driver snd_usb_toneport failed with error -22 [ 641.369423][ T5862] usb 3-1: USB disconnect, device number 14 [ 642.768584][T12504] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2354'. [ 643.885002][ T5802] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 643.906553][ T5802] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 643.908124][ T5802] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 643.909867][ T5802] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 643.911523][ T5802] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 646.093982][ T5117] Bluetooth: hci5: command tx timeout [ 646.840444][T12521] tipc: Started in network mode [ 646.840475][T12521] tipc: Node identity fe80000000000000000000000000001, cluster identity 4711 [ 646.840528][T12521] tipc: Enabling of bearer rejected, failed to enable media [ 648.171816][ T5117] Bluetooth: hci5: command tx timeout [ 650.251808][ T5117] Bluetooth: hci5: command tx timeout [ 652.358206][ T5117] Bluetooth: hci5: command tx timeout [ 652.552952][T12535] comedi comedi3: rti802: a I/O base address must be specified [ 662.325323][T12511] chnl_net:caif_netlink_parms(): no params data found [ 666.257670][T12568] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2379'. [ 668.980548][T12568] veth3: entered promiscuous mode [ 670.167191][ T5802] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 670.178978][ T5802] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 670.180437][ T5802] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 670.182470][ T5802] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 670.183584][ T5802] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 672.110242][ T5802] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 672.127923][ T5802] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 672.140079][ T5802] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 672.156028][ T5802] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 672.166721][ T5802] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 672.251881][ T5117] Bluetooth: hci6: command tx timeout [ 672.475107][T12580] team0: Device gtp0 is of different type [ 674.251913][ T5117] Bluetooth: hci7: command tx timeout [ 674.331809][ T5117] Bluetooth: hci6: command tx timeout [ 676.344683][ T5117] Bluetooth: hci7: command tx timeout [ 676.411797][ T5117] Bluetooth: hci6: command tx timeout [ 678.411825][ T5117] Bluetooth: hci7: command tx timeout [ 678.491884][ T5117] Bluetooth: hci6: command tx timeout [ 678.494557][T12511] bridge0: port 1(bridge_slave_0) entered blocking state [ 678.542613][T12511] bridge0: port 1(bridge_slave_0) entered disabled state [ 678.564771][T12511] bridge_slave_0: entered allmulticast mode [ 678.911225][T12511] bridge_slave_0: entered promiscuous mode [ 679.898886][T12511] bridge0: port 2(bridge_slave_1) entered blocking state [ 679.899031][T12511] bridge0: port 2(bridge_slave_1) entered disabled state [ 679.899264][T12511] bridge_slave_1: entered allmulticast mode [ 680.431827][T12511] bridge_slave_1: entered promiscuous mode [ 680.517451][ T5117] Bluetooth: hci7: command tx timeout [ 685.912489][ T1322] ieee802154 phy0 wpan0: encryption failed: -22 [ 685.912569][ T1322] ieee802154 phy1 wpan1: encryption failed: -22 [ 691.135087][T12511] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 691.514731][T12511] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 695.555303][T12436] Falling back ldisc for ttyprintk. [ 697.925779][ T44] usb 3-1: new high-speed USB device number 15 using dummy_hcd [ 698.565958][T12511] team0: Port device team_slave_0 added [ 699.156422][T12511] team0: Port device team_slave_1 added [ 704.300090][ T5802] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 704.318201][ T5802] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 704.322343][ T5802] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 704.338088][ T5802] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 704.341924][ T5802] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 707.109426][ T5117] Bluetooth: hci4: command tx timeout [ 709.212033][ T5117] Bluetooth: hci4: command tx timeout [ 709.859306][ T5802] Bluetooth: hci8: unexpected cc 0x0c03 length: 249 > 1 [ 710.488894][ T5802] Bluetooth: hci8: unexpected cc 0x1003 length: 249 > 9 [ 710.709351][ T5802] Bluetooth: hci8: unexpected cc 0x1001 length: 249 > 9 [ 710.720754][ T5802] Bluetooth: hci8: unexpected cc 0x0c23 length: 249 > 4 [ 710.721500][ T5802] Bluetooth: hci8: unexpected cc 0x0c38 length: 249 > 2 [ 711.291819][ T5117] Bluetooth: hci4: command tx timeout [ 712.811833][ T5117] Bluetooth: hci8: command tx timeout [ 713.371874][ T5117] Bluetooth: hci4: command tx timeout [ 714.892067][ T5117] Bluetooth: hci8: command tx timeout [ 716.972033][ T5117] Bluetooth: hci8: command tx timeout [ 719.051784][ T5117] Bluetooth: hci8: command tx timeout [ 727.195009][T12627] 8021q: adding VLAN 0 to HW filter on device ipvlan2 [ 727.196111][T12627] bond0: (slave ipvlan2): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 727.496528][ T5802] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 727.542356][ T5802] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 727.607390][ T5802] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 727.674895][ T5802] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 727.692022][ T5802] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 729.855345][ T5117] Bluetooth: hci5: command tx timeout [ 731.157481][ T5802] Bluetooth: hci9: unexpected cc 0x0c03 length: 249 > 1 [ 731.182215][ T5802] Bluetooth: hci9: unexpected cc 0x1003 length: 249 > 9 [ 731.185573][ T5802] Bluetooth: hci9: unexpected cc 0x1001 length: 249 > 9 [ 731.186662][ T5802] Bluetooth: hci9: unexpected cc 0x0c23 length: 249 > 4 [ 731.187938][ T5802] Bluetooth: hci9: unexpected cc 0x0c38 length: 249 > 2 [ 731.932670][ T5117] Bluetooth: hci5: command tx timeout [ 733.531792][ T5802] Bluetooth: hci9: command tx timeout [ 734.011803][ T5802] Bluetooth: hci5: command tx timeout [ 735.617200][ T5802] Bluetooth: hci9: command tx timeout [ 736.103338][ T5802] Bluetooth: hci5: command tx timeout [ 737.691865][ T5802] Bluetooth: hci9: command tx timeout [ 740.013193][ T5802] Bluetooth: hci9: command tx timeout [ 747.298276][ T1322] ieee802154 phy0 wpan0: encryption failed: -22 [ 747.298383][ T1322] ieee802154 phy1 wpan1: encryption failed: -22 [ 748.563648][T12644] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 748.570140][T12644] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 748.828916][T12644] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 748.841961][T12644] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 748.859317][T12644] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 751.365882][T12644] Bluetooth: hci7: command tx timeout [ 753.371817][T12644] Bluetooth: hci7: command tx timeout [ 755.491877][T12644] Bluetooth: hci7: command tx timeout [ 757.532927][ T5802] Bluetooth: hci7: command tx timeout [ 757.813203][ T5802] Bluetooth: hci10: unexpected cc 0x0c03 length: 249 > 1 [ 757.838796][ T5802] Bluetooth: hci10: unexpected cc 0x1003 length: 249 > 9 [ 757.854119][ T5802] Bluetooth: hci10: unexpected cc 0x1001 length: 249 > 9 [ 757.855359][ T5802] Bluetooth: hci10: unexpected cc 0x0c23 length: 249 > 4 [ 757.856573][ T5802] Bluetooth: hci10: unexpected cc 0x0c38 length: 249 > 2 [ 760.171811][T12644] Bluetooth: hci10: command tx timeout [ 762.251901][T12644] Bluetooth: hci10: command tx timeout [ 764.344631][T12644] Bluetooth: hci10: command tx timeout [ 766.425518][T12644] Bluetooth: hci10: command tx timeout [ 770.130048][ T5802] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 770.161203][ T5802] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 770.165692][ T5802] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 770.188050][ T5802] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 770.188938][ T5802] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 770.430941][T12637] chnl_net:caif_netlink_parms(): no params data found [ 772.203164][T12631] chnl_net:caif_netlink_parms(): no params data found [ 772.571903][ T5802] Bluetooth: hci4: command tx timeout [ 774.651812][ T5802] Bluetooth: hci4: command tx timeout [ 777.081851][ T5802] Bluetooth: hci4: command tx timeout [ 779.221784][ T5802] Bluetooth: hci4: command tx timeout [ 788.856763][T12637] workqueue: Failed to create a rescuer kthread for wq "wg-crypt-wg0": -EINTR [ 794.773406][T12646] Bluetooth: hci8: unexpected cc 0x0c03 length: 249 > 1 [ 794.817008][T12646] Bluetooth: hci8: unexpected cc 0x1003 length: 249 > 9 [ 794.818761][T12646] Bluetooth: hci8: unexpected cc 0x1001 length: 249 > 9 [ 794.820089][T12646] Bluetooth: hci8: unexpected cc 0x0c23 length: 249 > 4 [ 794.820916][T12646] Bluetooth: hci8: unexpected cc 0x0c38 length: 249 > 2 [ 795.604795][T12646] Bluetooth: hci6: command 0x0406 tx timeout [ 796.526116][T12646] Bluetooth: hci11: unexpected cc 0x0c03 length: 249 > 1 [ 796.556353][T12646] Bluetooth: hci11: unexpected cc 0x1003 length: 249 > 9 [ 796.559009][T12646] Bluetooth: hci11: unexpected cc 0x1001 length: 249 > 9 [ 796.591832][T12646] Bluetooth: hci11: unexpected cc 0x0c23 length: 249 > 4 [ 796.595349][T12646] Bluetooth: hci11: unexpected cc 0x0c38 length: 249 > 2 [ 797.212131][T12646] Bluetooth: hci8: command tx timeout [ 798.115422][T12641] chnl_net:caif_netlink_parms(): no params data found [ 799.311816][T12646] Bluetooth: hci8: command tx timeout [ 800.412039][ T38] INFO: task syz.4.2363:12528 blocked for more than 143 seconds. [ 800.412074][ T38] Not tainted syzkaller #0 [ 800.412085][ T38] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 800.412094][ T38] task:syz.4.2363 state:D stack:25160 pid:12528 tgid:12528 ppid:5807 task_flags:0x400040 flags:0x00080003 [ 800.412162][ T38] Call Trace: [ 800.412172][ T38] [ 800.412186][ T38] __schedule+0x16f3/0x4c20 [ 800.412249][ T38] ? __pfx___schedule+0x10/0x10 [ 800.412296][ T38] ? _raw_spin_unlock_irq+0x23/0x50 [ 800.412326][ T38] rt_mutex_schedule+0x77/0xf0 [ 800.412351][ T38] rt_mutex_slowlock_block+0x5ba/0x6d0 [ 800.412375][ T38] ? task_blocks_on_rt_mutex+0xf12/0x1380 [ 800.412417][ T38] rt_mutex_slowlock+0x2b1/0x6e0 [ 800.412443][ T38] ? rt_mutex_slowlock+0x1c9/0x6e0 [ 800.412467][ T38] ? __pfx_rt_mutex_slowlock+0x10/0x10 [ 800.412488][ T38] ? __lock_acquire+0xab9/0xd20 [ 800.412520][ T38] ? rcu_barrier+0x4c/0x570 [ 800.412559][ T38] ? rcu_barrier+0x4c/0x570 [ 800.412581][ T38] mutex_lock_nested+0x16a/0x1d0 [ 800.412602][ T38] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 800.412627][ T38] ? __pfx_tun_chr_close+0x10/0x10 [ 800.412650][ T38] rcu_barrier+0x4c/0x570 [ 800.412679][ T38] ? __pfx_tun_chr_close+0x10/0x10 [ 800.412702][ T38] ? __pfx_tun_chr_close+0x10/0x10 [ 800.412724][ T38] netdev_run_todo+0x327/0xea0 [ 800.412749][ T38] ? __pfx_netif_state_change+0x10/0x10 [ 800.412774][ T38] ? __pfx_netdev_run_todo+0x10/0x10 [ 800.412794][ T38] ? lockdep_hardirqs_on+0x9c/0x150 [ 800.412831][ T38] ? netdev_state_change+0x1ca/0x220 [ 800.412855][ T38] ? __pfx_tun_chr_close+0x10/0x10 [ 800.412876][ T38] tun_chr_close+0x13f/0x1c0 [ 800.412899][ T38] __fput+0x45b/0xa80 [ 800.412937][ T38] task_work_run+0x1d4/0x260 [ 800.412965][ T38] ? __pfx_task_work_run+0x10/0x10 [ 800.412993][ T38] ? exit_to_user_mode_loop+0x40/0x130 [ 800.413017][ T38] exit_to_user_mode_loop+0xe9/0x130 [ 800.413038][ T38] do_syscall_64+0x2bd/0xfa0 [ 800.413070][ T38] ? lockdep_hardirqs_on+0x9c/0x150 [ 800.413096][ T38] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 800.413115][ T38] ? clear_bhb_loop+0x60/0xb0 [ 800.413139][ T38] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 800.413159][ T38] RIP: 0033:0x7f21297eeec9 [ 800.413180][ T38] RSP: 002b:00007fff859b5828 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 800.413200][ T38] RAX: 0000000000000000 RBX: 000000000009e4fb RCX: 00007f21297eeec9 [ 800.413214][ T38] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 800.413226][ T38] RBP: 00007f2129a47da0 R08: 0000000000000001 R09: 00000003859b5b1f [ 800.413239][ T38] R10: 0000001b2e420000 R11: 0000000000000246 R12: 00007f2129a45fac [ 800.413253][ T38] R13: 00007f2129a45fa0 R14: ffffffffffffffff R15: 00007fff859b5940 [ 800.413288][ T38] [ 800.413320][ T38] [ 800.413320][ T38] Showing all locks held in the system: [ 800.413333][ T38] 2 locks held by ktimers/0/16: [ 800.413346][ T38] 4 locks held by rcuc/0/20: [ 800.413358][ T38] 1 lock held by khungtaskd/38: [ 800.413368][ T38] #0: ffffffff8d7aa4c0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180 [ 800.413427][ T38] 4 locks held by kworker/u8:8/1285: [ 800.413450][ T38] 2 locks held by getty/5558: [ 800.413460][ T38] #0: ffff88823bf380a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 800.413514][ T38] #1: ffffc90003e732e0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x444/0x1400 [ 800.413569][ T38] 3 locks held by kworker/u8:16/6247: [ 800.413580][ T38] #0: ffff88813fe29938 ((wq_completion)events_unbound#2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 800.413638][ T38] #1: ffffc90005b87ba0 ((linkwatch_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 800.413691][ T38] #2: ffffffff8ea78478 (rtnl_mutex){+.+.}-{4:4}, at: linkwatch_event+0xe/0x60 [ 800.413738][ T38] 1 lock held by syz.0.2321/12436: [ 800.413748][ T38] #0: ffffffff8d7afe70 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570 [ 800.413798][ T38] 1 lock held by syz-executor/12511: [ 800.413808][ T38] #0: ffffffff8d7afe70 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570 [ 800.413857][ T38] 1 lock held by syz.1.2359/12517: [ 800.413908][ T38] #0: ffffffff8d7afe70 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570 [ 800.413958][ T38] 1 lock held by syz.4.2363/12528: [ 800.413968][ T38] #0: ffffffff8d7afe70 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570 [ 800.414018][ T38] 2 locks held by syz-executor/12570: [ 800.414028][ T38] #0: ffffffff8ea6b560 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x337/0x4e0 [ 800.414083][ T38] #1: ffffffff8d7afe70 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570 [ 800.414133][ T38] 2 locks held by syz.5.2382/12580: [ 800.414144][ T38] #0: ffffffff8ef79548 (&ops->srcu#2){.+.+}-{0:0}, at: rtnl_link_ops_get+0x23/0x250 [ 800.414195][ T38] #1: ffffffff8d7afe70 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570 [ 800.414245][ T38] 1 lock held by syz-executor/12581: [ 800.414256][ T38] #0: ffffffff8d7afe70 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570 [ 800.414304][ T38] 1 lock held by syz-executor/12609: [ 800.414314][ T38] #0: ffffffff8d7afe70 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570 [ 800.414363][ T38] 1 lock held by syz-executor/12617: [ 800.414373][ T38] #0: ffffffff8d7afe70 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570 [ 800.414423][ T38] 2 locks held by syz.2.2397/12627: [ 800.414434][ T38] #0: ffffffff8e1d6480 (&ops->srcu#2){.+.+}-{0:0}, at: rtnl_link_ops_get+0x23/0x250 [ 800.414488][ T38] #1: ffffffff8d7afe70 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570 [ 800.414537][ T38] 1 lock held by syz-executor/12631: [ 800.414548][ T38] #0: ffffffff8ea78478 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x41/0x1c0 [ 800.414594][ T38] 1 lock held by syz-executor/12637: [ 800.414605][ T38] 1 lock held by syz-executor/12641: [ 800.414618][ T38] 1 lock held by syz-executor/12652: [ 800.414629][ T38] #0: ffffffff8ea78478 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x8e9/0x1c80 [ 800.414679][ T38] 1 lock held by syz-executor/12662: [ 800.414690][ T38] #0: ffffffff8ea78478 (rtnl_mutex){+.+.}-{4:4}, at: inet6_rtm_newaddr+0x5b7/0xd20 [ 800.414741][ T38] 2 locks held by syz-executor/12679: [ 800.414752][ T38] #0: ffffffff8ea6b560 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x337/0x4e0 [ 800.414800][ T38] #1: ffffffff8ea78478 (rtnl_mutex){+.+.}-{4:4}, at: ip_tunnel_init_net+0x2ab/0x800 [ 800.414849][ T38] 1 lock held by syz-executor/12685: [ 800.414860][ T38] #0: ffffffff8ea78478 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x8e9/0x1c80 [ 800.414908][ T38] 5 locks held by syz-executor/12690: [ 800.414919][ T38] [ 800.414924][ T38] ============================================= [ 800.414924][ T38] [ 800.414942][ T38] NMI backtrace for cpu 1 [ 800.414968][ T38] CPU: 1 UID: 0 PID: 38 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 800.415018][ T38] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 800.415043][ T38] Call Trace: [ 800.415059][ T38] [ 800.415073][ T38] dump_stack_lvl+0x189/0x250 [ 800.415099][ T38] ? __pfx_dump_stack_lvl+0x10/0x10 [ 800.415121][ T38] ? __pfx__printk+0x10/0x10 [ 800.415155][ T38] nmi_cpu_backtrace+0x39e/0x3d0 [ 800.415182][ T38] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 800.415206][ T38] ? __pfx__printk+0x10/0x10 [ 800.415233][ T38] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 800.415261][ T38] nmi_trigger_cpumask_backtrace+0x17a/0x300 [ 800.415287][ T38] watchdog+0xf60/0xfa0 [ 800.415312][ T38] ? watchdog+0x1e2/0xfa0 [ 800.415338][ T38] kthread+0x711/0x8a0 [ 800.415363][ T38] ? __pfx_watchdog+0x10/0x10 [ 800.415383][ T38] ? __pfx_kthread+0x10/0x10 [ 800.415400][ T38] ? rt_spin_unlock+0x150/0x200 [ 800.415427][ T38] ? rt_spin_unlock+0x161/0x200 [ 800.415447][ T38] ? __pfx_kthread+0x10/0x10 [ 800.415468][ T38] ret_from_fork+0x4bc/0x870 [ 800.415497][ T38] ? __pfx_ret_from_fork+0x10/0x10 [ 800.415530][ T38] ? __switch_to_asm+0x39/0x70 [ 800.415552][ T38] ? __switch_to_asm+0x33/0x70 [ 800.415574][ T38] ? __pfx_kthread+0x10/0x10 [ 800.415595][ T38] ret_from_fork_asm+0x1a/0x30 [ 800.415636][ T38] [ 800.415643][ T38] Sending NMI from CPU 1 to CPUs 0: [ 800.415668][ C0] NMI backtrace for cpu 0 [ 800.415685][ C0] CPU: 0 UID: 0 PID: 16 Comm: ktimers/0 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 800.415726][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 800.415736][ C0] RIP: 0010:lock_is_held_type+0x119/0x190 [ 800.415764][ C0] Code: 00 00 00 48 c7 c7 af e1 03 8d e8 82 16 00 00 b8 ff ff ff ff 65 0f c1 05 75 2b ff 06 83 f8 01 75 44 48 c7 04 24 00 00 00 00 9c <8f> 04 24 f7 04 24 00 02 00 00 75 4c 41 f7 c4 00 02 00 00 74 01 fb [ 800.415779][ C0] RSP: 0018:ffffc900001568a8 EFLAGS: 00000046 [ 800.415795][ C0] RAX: 0000000000000001 RBX: 0000000000000001 RCX: fe41c9a7ee653100 [ 800.415807][ C0] RDX: 0000000000000100 RSI: ffffffff8d03e1af RDI: ffffffff8b3f5460 [ 800.415821][ C0] RBP: 00000000ffffffff R08: 0000000000000000 R09: 0000000000000100 [ 800.415832][ C0] R10: ffffc90000156b20 R11: fffff5200002ad6a R12: 0000000000000246 [ 800.415849][ C0] R13: ffff88801bae5a00 R14: ffffffff8d7aa4c0 R15: 0000000000000001 [ 800.415861][ C0] FS: 0000000000000000(0000) GS:ffff888126bc6000(0000) knlGS:0000000000000000 [ 800.415876][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 800.415888][ C0] CR2: 00007f1bab8b509c CR3: 0000000059a34000 CR4: 00000000003526f0 [ 800.415905][ C0] Call Trace: [ 800.415912][ C0] [ 800.415922][ C0] fib_table_lookup+0x2d9/0x16e0 [ 800.415954][ C0] ? fib_lookup+0x76/0x440 [ 800.415986][ C0] fib_lookup+0x1c5/0x440 [ 800.416010][ C0] ? fib_lookup+0x76/0x440 [ 800.416035][ C0] ip_route_output_key_hash_rcu+0x31b/0x23e0 [ 800.416057][ C0] ? ip_route_output_key_hash+0xc1/0x280 [ 800.416073][ C0] ? ip_route_output_key_hash+0xc1/0x280 [ 800.416092][ C0] ip_route_output_key_hash+0x174/0x280 [ 800.416109][ C0] ? __lock_acquire+0xab9/0xd20 [ 800.416128][ C0] ? __pfx_ip_route_output_key_hash+0x10/0x10 [ 800.416155][ C0] ip_route_output_flow+0x2a/0x150 [ 800.416179][ C0] ? ip_route_me_harder+0x6ae/0xf10 [ 800.416201][ C0] ip_route_me_harder+0x6c4/0xf10 [ 800.416225][ C0] ? __pfx_ip_route_me_harder+0x10/0x10 [ 800.416255][ C0] ? rcu_is_watching+0x15/0xb0 [ 800.416282][ C0] synproxy_send_tcp+0x3a7/0x700 [ 800.416318][ C0] synproxy_send_client_synack+0x8bb/0xe20 [ 800.416352][ C0] ? __pfx_synproxy_send_client_synack+0x10/0x10 [ 800.416376][ C0] ? nft_jhash_init+0x358/0x660 [ 800.416392][ C0] ? synproxy_pernet+0x45/0x270 [ 800.416415][ C0] nft_synproxy_eval_v4+0x36e/0x560 [ 800.416443][ C0] ? __pfx_nft_synproxy_eval_v4+0x10/0x10 [ 800.416464][ C0] ? nf_ip_checksum+0x13c/0x510 [ 800.416485][ C0] nft_synproxy_do_eval+0x345/0x570 [ 800.416504][ C0] ? rt_spin_lock+0x1c1/0x3e0 [ 800.416527][ C0] ? __pfx_nft_synproxy_do_eval+0x10/0x10 [ 800.416547][ C0] ? rt_spin_unlock+0x150/0x200 [ 800.416575][ C0] nft_do_chain+0x40c/0x1920 [ 800.416602][ C0] ? __pfx_nft_do_chain+0x10/0x10 [ 800.416625][ C0] ? unwind_next_frame+0xa5/0x2390 [ 800.416650][ C0] ? unwind_next_frame+0x19ae/0x2390 [ 800.416675][ C0] nft_do_chain_inet+0x25d/0x340 [ 800.416695][ C0] ? __pfx_nft_do_chain_inet+0x10/0x10 [ 800.416713][ C0] ? __lock_acquire+0xab9/0xd20 [ 800.416736][ C0] ? NF_HOOK+0x9a/0x3a0 [ 800.416758][ C0] ? __pfx_nft_do_chain_inet+0x10/0x10 [ 800.416777][ C0] nf_hook_slow+0xc5/0x220 [ 800.416804][ C0] NF_HOOK+0x206/0x3a0 [ 800.416826][ C0] ? __pfx_ip_local_deliver_finish+0x10/0x10 [ 800.416849][ C0] ? NF_HOOK+0x9a/0x3a0 [ 800.416870][ C0] ? __pfx_NF_HOOK+0x10/0x10 [ 800.416889][ C0] ? ip_rcv_finish_core+0xda3/0x1c00 [ 800.416913][ C0] ? __pfx_ip_local_deliver_finish+0x10/0x10 [ 800.416937][ C0] ? skb_dst+0x4f/0xd0 [ 800.416959][ C0] ? ip_local_deliver+0x12a/0x1b0 [ 800.416982][ C0] NF_HOOK+0x30c/0x3a0 [ 800.417005][ C0] ? __pfx_ip_rcv_finish+0x10/0x10 [ 800.417026][ C0] ? NF_HOOK+0x9a/0x3a0 [ 800.417046][ C0] ? __pfx_NF_HOOK+0x10/0x10 [ 800.417067][ C0] ? __pfx_ip_rcv_finish+0x10/0x10 [ 800.417095][ C0] ? __pfx_ip_rcv+0x10/0x10 [ 800.417115][ C0] __netif_receive_skb+0x143/0x380 [ 800.417140][ C0] ? process_backlog+0x27b/0x900 [ 800.417160][ C0] process_backlog+0x31e/0x900 [ 800.417188][ C0] __napi_poll+0xb6/0x540 [ 800.417211][ C0] net_rx_action+0x5f7/0xda0 [ 800.417235][ C0] ? lockdep_hardirqs_on+0x9c/0x150 [ 800.417260][ C0] ? _raw_spin_unlock_irq+0x2e/0x50 [ 800.417291][ C0] ? __pfx_net_rx_action+0x10/0x10 [ 800.417338][ C0] handle_softirqs+0x22f/0x710 [ 800.417368][ C0] ? __pfx_handle_softirqs+0x10/0x10 [ 800.417399][ C0] run_ktimerd+0xcf/0x190 [ 800.417416][ C0] ? __pfx_run_ktimerd+0x10/0x10 [ 800.417433][ C0] ? schedule+0x91/0x360 [ 800.417460][ C0] ? smpboot_thread_fn+0x4d/0xa60 [ 800.417475][ C0] smpboot_thread_fn+0x542/0xa60 [ 800.417492][ C0] ? smpboot_thread_fn+0x4d/0xa60 [ 800.417512][ C0] kthread+0x711/0x8a0 [ 800.417533][ C0] ? __pfx_smpboot_thread_fn+0x10/0x10 [ 800.417549][ C0] ? __pfx_kthread+0x10/0x10 [ 800.417566][ C0] ? rt_spin_unlock+0x150/0x200 [ 800.417590][ C0] ? rt_spin_unlock+0x161/0x200 [ 800.417610][ C0] ? __pfx_kthread+0x10/0x10 [ 800.417630][ C0] ret_from_fork+0x4bc/0x870 [ 800.417656][ C0] ? __pfx_ret_from_fork+0x10/0x10 [ 800.417684][ C0] ? __switch_to_asm+0x39/0x70 [ 800.417705][ C0] ? __switch_to_asm+0x33/0x70 [ 800.417726][ C0] ? __pfx_kthread+0x10/0x10 [ 800.417746][ C0] ret_from_fork_asm+0x1a/0x30 [ 800.417784][ C0] [ 800.418675][ T38] Kernel panic - not syncing: hung_task: blocked tasks [ 800.418690][ T38] CPU: 1 UID: 0 PID: 38 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 800.418711][ T38] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 800.418722][ T38] Call Trace: [ 800.418730][ T38] [ 800.418738][ T38] dump_stack_lvl+0x99/0x250 [ 800.418761][ T38] ? __asan_memcpy+0x40/0x70 [ 800.418787][ T38] ? __pfx_dump_stack_lvl+0x10/0x10 [ 800.418809][ T38] ? __pfx__printk+0x10/0x10 [ 800.418845][ T38] vpanic+0x237/0x6d0 [ 800.418863][ T38] ? __pfx_vpanic+0x10/0x10 [ 800.418891][ T38] panic+0xb9/0xc0 [ 800.418909][ T38] ? __pfx_panic+0x10/0x10 [ 800.418930][ T38] ? irq_work_queue+0xc3/0x140 [ 800.418955][ T38] ? nmi_trigger_cpumask_backtrace+0x234/0x300 [ 800.418981][ T38] watchdog+0xf9f/0xfa0 [ 800.419006][ T38] ? watchdog+0x1e2/0xfa0 [ 800.419049][ T38] kthread+0x711/0x8a0 [ 800.419081][ T38] ? __pfx_watchdog+0x10/0x10 [ 800.419101][ T38] ? __pfx_kthread+0x10/0x10 [ 800.419119][ T38] ? rt_spin_unlock+0x150/0x200 [ 800.419145][ T38] ? rt_spin_unlock+0x161/0x200 [ 800.419166][ T38] ? __pfx_kthread+0x10/0x10 [ 800.419189][ T38] ret_from_fork+0x4bc/0x870 [ 800.419218][ T38] ? __pfx_ret_from_fork+0x10/0x10 [ 800.419251][ T38] ? __switch_to_asm+0x39/0x70 [ 800.419273][ T38] ? __switch_to_asm+0x33/0x70 [ 800.419293][ T38] ? __pfx_kthread+0x10/0x10 [ 800.419315][ T38] ret_from_fork_asm+0x1a/0x30 [ 800.419355][ T38] [ 800.419603][ T38] Kernel Offset: disabled