last executing test programs: 25.615968527s ago: executing program 2 (id=3570): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x8000, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x7, 0x13, r2, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000000c0)={[0x0, 0x2, 0x2, 0x0, 0x5, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x4, 0x4], 0x4000, 0x200201}) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)}, 0x0) preadv(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) getpid() write$binfmt_elf64(0xffffffffffffffff, &(0x7f0000000300)=ANY=[@ANYBLOB="7f454c46000000000000000000000000000000000000000000000000de000000400000000000000000000000000000000000000000003800"/120], 0x78) ioctl$KVM_RUN(r2, 0xae80, 0x0) 25.390221764s ago: executing program 2 (id=3572): r0 = eventfd2(0x4000027, 0x1) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f00000003c0)={{0x1, 0x1, 0x18, r0, {0x0, 0xee00}}, './file0\x00'}) syz_io_uring_setup(0x231, &(0x7f0000000080)={0x0, 0x0, 0x10100, 0x0, 0x133, 0x0, r1}, &(0x7f0000000000), &(0x7f0000000100)) bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x8, 0x4, &(0x7f0000000080)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x5f5e0ff, 0x2c, 0xa, 0xff00}, [@call={0x55}, @exit, @map_fd, @jmp]}, &(0x7f0000000140)='GPL\x00', 0x2, 0xffa0, &(0x7f0000000180)=""/149, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x8, 0x0, 0x1e, 0x10, 0x0, 0x1e, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x2d) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.io_service_time_recursive\x00', 0x275a, 0x0) ioctl$FS_IOC_SETFSLABEL(r2, 0x41009432, &(0x7f0000000140)="9f76b8c3b8c3a182e88a13f0c8c61a6607d51e92cf8b7e23f846301c5d12155b427743912e48b32daa1b4bf631a1d8dbbf847f33f535e7ed3339901f8e1c140fcd1375e5abc7a4fa089b9c45a236bd11e4549609c3049491e7d155499e1db2a1181c2b4821b3cfc4cd24bb565eab46b87de4899d2178dc4018ae890689739cffa8fd80a508ceef19e08a3e09ba26ae99f43b64641e663059a9a3f7d4fbc448b5a5daaea8f92d72fc1f835327b8074e13d3643ba3e8af58542f7bf12bb93f2720f53f38899b4db1e06a4a306e55a74da9514c2de6b0875392f3e6f2cd52b4c5780c1c65c91d7722c75e8aeab0221d16b2c61ec096e55dd9315fd7ab0a13298b40") r3 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$IP_VS_SO_SET_ADD(r3, 0x0, 0x482, &(0x7f0000000140)={0x6, @loopback, 0x0, 0x0, 'none\x00', 0x3e}, 0x2c) 13.533087445s ago: executing program 3 (id=3611): r0 = syz_usb_connect(0x7, 0x36, &(0x7f0000000040)=ANY=[@ANYRESDEC], &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x0, 0x0}]}) r1 = socket$rds(0x15, 0x5, 0x0) bind$rds(r1, &(0x7f0000000040)={0x2, 0x0, @local}, 0x10) sendmsg$rds(r1, &(0x7f0000000600)={&(0x7f0000000000)={0x2, 0x0, @dev}, 0x10, 0x0, 0x0, &(0x7f0000000780)=[@zcopy_cookie={0x18}, @zcopy_cookie={0x18}], 0x30}, 0x0) syz_usb_disconnect(r0) syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000300)=ANY=[], 0x0) 12.731350991s ago: executing program 4 (id=3613): r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) close(0x3) syz_usb_connect$uac1(0x0, 0xa4, &(0x7f00000002c0)=ANY=[@ANYBLOB="2a01000020000040b708000000000000030109029200030172e5000904000000010100000a24010000000201020c0d2405000005000000000000000c240000e9fffff5ffffffff09", @ANYRES8=r0, @ANYBLOB="05"], 0x0) 12.457858836s ago: executing program 1 (id=3614): r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) close(0x3) syz_usb_connect$uac1(0x0, 0xa4, &(0x7f00000002c0)=ANY=[@ANYBLOB="2a01000020000040b708000000000000030109029200030172e5000904000000010100000a24010000000201020c0d2405000005000000000000000c240000e9fffff5ffffffff092403f3ff00", @ANYRES8=r0, @ANYBLOB="05"], 0x0) 11.112638778s ago: executing program 0 (id=3617): r0 = socket(0x10, 0x80003, 0x0) write(r0, &(0x7f0000000000)="240000001a005f0214f9f407000904000a000000fe0000000000000008000f00", 0x20) recvmsg$unix(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000008c0)=[{&(0x7f00000035c0)=""/4098, 0x1002}, {&(0x7f0000002300)=""/107, 0x6b}, {&(0x7f00000005c0)=""/153, 0x99}, {&(0x7f0000002440)=""/4096, 0x1000}, {&(0x7f0000000380)=""/113, 0x71}, {&(0x7f00000007c0)=""/222, 0xde}], 0x6}, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000080)={'sit0\x00'}) 11.04641791s ago: executing program 4 (id=3618): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000140)={'macvtap0\x00', &(0x7f0000000200)=@ethtool_gstrings={0x1d}}) 10.996404522s ago: executing program 1 (id=3619): socket$inet6_tcp(0xa, 0x1, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_TSS_ADDR(r1, 0xae47, 0x0) 10.872364804s ago: executing program 4 (id=3620): r0 = syz_open_dev$vbi(&(0x7f0000001ec0), 0x0, 0x2) ioctl$VIDIOC_ENUMAUDIO(r0, 0xc0345641, &(0x7f0000003b00)={0x3, "0dfcdfa5d83afc1b0431e10a3fa5dc0c2f5f0684c1d35897235ae7da70710708"}) r1 = socket(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000001c0)={'wlan0\x00', 0x0}) syz_emit_ethernet(0x15e, &(0x7f00000003c0)=ANY=[@ANYBLOB="e33110495bfdaaaaaaaaaa0086dd60cb653e01283afffe800000000000000000000000000000ff020000000000000000000000000001890090780000000020010000000000000000000000000000fc01000000000000000000000000000004209595f429ae08a565c9a41d416c70a44d2e6f790a3872d50bb178882b22ebd70a5af175f5ee04aab21301b94d966c72c15a143c69205625466855101cf44d89d9f6ee47d77c0d4e53e34b67c542fc6f6f6c60139c43b78286f5bb8f4f11d164af24e2633a45bf4ed944b0ef6a7b7167f73cf54e78686ac09402659c29eb0ce380654c1bb0f61d255b1556b7a311096b7aab867396997ffab76abca01185b08d1e29ee14d8fe61245487104b1c5205c6adc794ba413b92d2d208b86f40983c4819c33b59c1abe2a4b08a661fcb54e0855d6bb5dd267878ff59bcfc6079e7a5e0135118be22dc6c97e730f7053d6ec34ca11b5c7c3830af6b26868600f042ff"], 0x0) r3 = openat$thread_pidfd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) fchdir(r3) r4 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) mount_setattr(r4, &(0x7f0000000040)='.\x00', 0x1000, &(0x7f0000000080)={0xb, 0x0, 0x20000, {r4}}, 0x20) openat$cgroup_ro(r4, &(0x7f00000000c0)='devices.list\x00', 0x275a, 0x2) set_mempolicy(0x2, &(0x7f0000000080)=0xee02, 0xa) shmget$private(0x0, 0x4000, 0x800, &(0x7f0000a02000/0x4000)=nil) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0x3, &(0x7f0000001fd8)=ANY=[@ANYBLOB="85d8d7d0e7090000d5000000000000009500000000000000"], &(0x7f0000000000)='GPL\x00', 0x8, 0x74, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000001140)={&(0x7f00000006c0)=@newlink={0x4c, 0x10, 0x503, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x115}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @gretap={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_TTL={0x5, 0x8, 0xe}]}}}, @IFLA_LINK={0x8, 0x5, r2}, @IFLA_CARRIER_CHANGES={0x8, 0x23, 0x3}]}, 0x4c}}, 0x0) 10.763325054s ago: executing program 4 (id=3621): ioctl$USBDEVFS_CONTROL(0xffffffffffffffff, 0xc0105500, 0x0) (async, rerun: 64) r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0xd9, 0x72, 0xa4, 0x40, 0x20b7, 0x1540, 0xb75a, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xff}}]}}]}}, 0x0) (rerun: 64) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) (async, rerun: 32) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) (async, rerun: 32) syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000480)={0x44, &(0x7f0000000200)=ANY=[@ANYBLOB="1a010300000000f8"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r1 = syz_usb_connect(0x3, 0x24, &(0x7f00000006c0)=ANY=[@ANYBLOB="3f61f6cc68bf68924d09754f673390267199d91500d726da94cc9317f89d8b4bf2a8ef5eb43a0965dd78c0b68e8d59be647c0d78774da682dea63db5606ea4709391ce60a945d4affe9c2c04465edd5909c60257769869094ed6f456aee3d1b3cb0d01000100b10ae124718de706e439a32931c7ddf67c1f6f68b1ced6ca8087665f705be468a922c19e01be4fcb5d1cb490d8023835ec2ab2c97ab69da754f007da2fdb110fe2733a21d55e6b2f4e4fb744e4239c9074a9816d2532b660209643f1174289b84fe4bb97bf3673a58b6d607f47a71dc1b9a505b8c00513451a160000000000c5ec988648862b62ffdfdf30a2240ef64c205b167d0c2f6843415a496407fa68ed66c00021cfcbd5c7987bbd60cc07ee83e9fd63860948cbb19249c3aa36b4c509", @ANYRES16=r0, @ANYBLOB="7bf1e3de348e144d449ccd5c429598a523c6570ce08dc3e9578baa7cab55c6b5409bb04d6ebae19c51782d391e8811118f94ccc1648c309e72e22b081f8410a6bbc1d8068797cd18594d9377a6e3c8e7631cdcca9f352493cfe2c1503488ad03607b01557c6838a03b0c7ca361d2e09f80ca43b0ca64c891ff5ab93d08b52f2c7a4effba2f6c124187903e7ba28002d6687d68befee4d61e274c75752cfa6de5f650f746b0dbd20b7d24e5323a0052d53c2c430134ff4856664ee8a774c623e6eaf7a152a79a73734cf81fe0d475ab"], 0x0) syz_usb_control_io(r1, 0x0, &(0x7f0000000f80)={0x84, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000e00)={0x40, 0x13, 0x6, @remote}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r1, 0x0, &(0x7f0000001740)={0x84, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000001600)={0x40, 0x19, 0x2, "b3f0"}, 0x0, 0x0, 0x0, 0x0}) (async) syz_usb_control_io$cdc_ecm(r1, &(0x7f00000004c0)={0x14, &(0x7f0000000880)=ANY=[], 0x0}, &(0x7f0000000680)={0x1c, &(0x7f0000000500)={0x0, 0x0, 0x1, "f5"}, 0x0, 0x0}) 10.693099778s ago: executing program 1 (id=3622): r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = dup(r0) write$UHID_INPUT(r1, 0x0, 0x0) 10.517638392s ago: executing program 1 (id=3623): sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=@ipv4_newaddr={0x30, 0x14, 0x509, 0x0, 0x0, {}, [@IFA_TARGET_NETNSID={0x8}, @IFA_LOCAL={0x8, 0x2, @multicast2}, @IFA_BROADCAST={0x8, 0x4, @local}]}, 0x30}}, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'batadv_slave_1\x00'}) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = dup(r1) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, 0x0}], 0xffff, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0xd000}) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x0) 10.401788632s ago: executing program 3 (id=3624): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000300)={0x20, r1, 0x21, 0x0, 0x0, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_TX_RATES={0x4, 0x10d}]}, 0x20}}, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="54000000020601080000000000000000000000000d00030065746a916a5ac43db0d0884f1159f300003b26a18d575c0a993ff091000005000100000000000500010007000000050004000000000009000000000c00078008000a40890000000000"], 0x54}}, 0x0) mq_open(&(0x7f0000000040)='!selinuxsel\xad\"\x0e\xabx\xb8\xc9\xa8x\x00', 0x6e93ebbbcc0884f2, 0x0, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x0) read$FUSE(r3, &(0x7f0000002a40)={0x2020}, 0x2020) ioctl$IOMMU_HWPT_GET_DIRTY_BITMAP(r3, 0x3b8c, &(0x7f0000000080)={0x30, 0x0, 0x1, 0x0, 0x8e, 0x0, 0x5, &(0x7f0000000000)=""/58}) 10.150963155s ago: executing program 3 (id=3625): r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, 0x0) timer_settime(0x0, 0x0, &(0x7f00000002c0)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r1 = userfaultfd(0x80001) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x279}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000140)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1}) r2 = userfaultfd(0x80001) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000940)) ioctl$UFFDIO_REGISTER(r2, 0xc020aa04, &(0x7f0000000100)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x0, 0x2}) 10.092899413s ago: executing program 0 (id=3626): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x8000, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x7, 0x13, r2, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000000c0)={[0x0, 0x2, 0x2, 0x0, 0x5, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x4, 0x4], 0x4000, 0x200201}) write$binfmt_elf64(0xffffffffffffffff, &(0x7f0000000300)=ANY=[@ANYBLOB="7f454c46000000000000000000000000000000000000000000000000de000000400000000000000000000000000000000000000000003800"/120], 0x78) ioctl$KVM_RUN(r2, 0xae80, 0x0) 9.927497422s ago: executing program 3 (id=3627): r0 = syz_open_dev$sg(&(0x7f0000001940), 0x0, 0x0) r1 = socket(0x40000000015, 0x5, 0x0) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @loopback}, 0x10) r2 = syz_io_uring_setup(0x27f3, &(0x7f0000000340)={0x0, 0x0, 0x10100}, &(0x7f0000000140), &(0x7f00000000c0)=0x0) syz_io_uring_setup(0x1868, &(0x7f00000003c0), &(0x7f0000000040)=0x0, &(0x7f0000000180)) syz_io_uring_submit(r4, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0xfffffffffffffe54}) io_uring_enter(r2, 0x184c, 0x0, 0x0, 0x0, 0x0) bind$inet(r1, &(0x7f0000000340)={0x2, 0x0, @loopback}, 0x10) recvmmsg(r1, &(0x7f00000033c0)=[{{0x0, 0x0, 0x0}}], 0x1f8, 0x0, 0x0) r5 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) close(r5) r6 = syz_open_dev$dri(&(0x7f0000000000), 0x1ff, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r6, 0xc04064a0, &(0x7f0000000200)={0x0, &(0x7f0000000100)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_SETCRTC(r5, 0xc06864a2, &(0x7f0000000740)={0x0, 0x0, r7, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "65366a50432b7ee2c7feddd91df868e7cfc6fa7272f3bf0a71b5d0c19323a260"}}) r8 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r8, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r8, 0xc04064a0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000440)=[0x0], 0x0, 0x0, 0x0, 0x1}) syz_usb_connect(0x2, 0x34, &(0x7f0000000000)=ANY=[@ANYBLOB="12fd00009bbd8b08e88430ffd1a601020301090222000100000000090100000029fddd00090500000000000000070594ef6333ef"], 0x0) ioctl$DRM_IOCTL_MODE_GETCONNECTOR(r8, 0xc05064a7, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000340)=[0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f00000007c0), 0x0, 0x5, 0x0, 0x0, r9}) sendmsg$NFT_BATCH(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[], 0x28}}, 0x0) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r10 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r10, 0x11b, 0x4, &(0x7f0000000100)={&(0x7f0000000000)=""/235, 0x204000, 0x800, 0x200}, 0x20) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0) r11 = userfaultfd(0x80001) ioctl$UFFDIO_API(r11, 0xc018aa3f, &(0x7f00000005c0)={0xaa, 0x5c9}) ioctl$UFFDIO_REGISTER(r11, 0xc020aa00, &(0x7f0000000280)={{&(0x7f0000010000/0x1000)=nil, 0x1000}, 0x6}) ioctl$BLKTRACESTART(r0, 0x2275, 0x1000000000000) 9.573503754s ago: executing program 0 (id=3628): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a010300000000000000000100fffd0900010073797a300000000040000000030a01020000000000000000010000000900030073797a3200000000140004800800024032658aeb08000140000000010900010073797a300000000044000000060a010400000000000001040100000008000b40000000000900010073797a30000000001c000480180001800d00010073796e70726f7879000000000400028014000000110001"], 0xcc}}, 0x0) write(r0, &(0x7f0000000100)="691613164a8748b93f164984426f57fd0f348be6e4d4215e0dbea6b35b47e385204bf7d2d22b4c09ba5de42f11342f0bd6801ea0508544ba4751b7c059d405d7ea57778810d7c3b62479626a0f6363d8a38583368fca2fe051354e8cc275bc5a26b5cde0c3f08eeb4cca0f2a949aa6985b68d20df67f0ade2a0bbdc39f8404275055751145cac6a2c2133e75ec29e536a7a9c0596d11067ad574778384", 0x9d) r1 = syz_open_procfs$pagemap(0x0, &(0x7f0000001e80)) ioctl$PAGEMAP_SCAN(r1, 0xc0606610, &(0x7f0000001f40)={0x60, 0x0, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffe000/0x2000)=nil, 0x0, &(0x7f0000001ec0)=[{}], 0x1, 0x0, 0x0, 0x0, 0x40}) syz_emit_ethernet(0x3a, &(0x7f00000002c0)=ANY=[@ANYBLOB="01002c000000000006907857e916813aa80c5e57d19f6dd311391f1df2f41ea63c538c2d55408f841b9e06cc9c92480c1626150fec1579e3a41800000000000c0000000000000000f99f43697602f9e624f2c85b755182278411e7704aae02fef83365d8e8fea94e583d6c695036bf71b6215555da790ee78e96a50d1bfa4e2fcce13374545f941599e5b5c813034b120cb937fc2a71e5f3bb2a8e7909450207afec401ffe9ec4787d603be74df15c9f", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="60c2000190780000020405a0"], 0x0) r2 = socket$vsock_stream(0x28, 0x1, 0x0) setsockopt$sock_int(r2, 0x1, 0x3c, &(0x7f0000000000)=0x1, 0x4) r3 = landlock_create_ruleset(&(0x7f0000000000)={0x1, 0x2}, 0x10, 0x0) landlock_restrict_self(r3, 0x0) 9.444236249s ago: executing program 2 (id=3574): openat$audio(0xffffffffffffff9c, &(0x7f0000000180), 0x109842, 0x0) socket$inet_smc(0x2b, 0x1, 0x0) socket$netlink(0x10, 0x3, 0x0) syz_open_dev$video(0x0, 0x101, 0x800) syz_io_uring_setup(0x6609, &(0x7f0000000780)={0x0, 0x0, 0x10100}, 0x0, 0x0) socket$alg(0x26, 0x5, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000240)=ANY=[@ANYRES32, @ANYRES32, @ANYRES64=r0, @ANYRESHEX=r0], 0x20) 9.441875738s ago: executing program 1 (id=3629): syz_usb_connect(0x5, 0x36, &(0x7f00000002c0)=ANY=[@ANYBLOB="12011001984fec20720c1400b4270102030109022400019405d0050904df0102436935e539b6270f2380765ad1cf7f090502100002050980090504100800c2060f"], 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000001000000850000000e000000850000002a00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.io_wait_time_recursive\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000000), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f00005d4000/0x18000)=nil, &(0x7f0000000140)=[@text16={0x10, &(0x7f0000000040)="0f01c40fc7ba57000fc79fbc153ea0fe900f350f22a2baf80c66b89c10a18d66efbafc0ced0f323e660fd530f30f1efb", 0x30}], 0x1, 0x0, 0x0, 0x0) preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x1, 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000380)=[@text64={0x40, 0x0}], 0x1, 0x64, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) 9.384022383s ago: executing program 0 (id=3630): r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$ifreq_SIOCGIFINDEX_wireguard(r0, 0x8933, &(0x7f00000000c0)={'wg2\x00'}) setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x2, &(0x7f0000000440)=0x7f, 0x4) getsockopt$IPT_SO_GET_ENTRIES(r0, 0x0, 0x41, &(0x7f0000000340)={'security\x00', 0xbb, "a258ebdd2017a63caadeaf61a0f606e1858356fa8b635401f37a5dbd288dd0e4cf226bd6158e807e266e65db0aa746ab03cf149ae1ef59435c299f8f069abfc600579c8df88d1a5f841746eb9bbc9a59f8db0b4204d0ea193d3f62ae0b1fe6e5bcfe917fcf889883cdbd3322527fea4d71e1b6b0de693f533b9c4c4a36ad85b810cad0e9244bb42472b1ed7e51f722cdf1feda762aad879fe4d5190c3266cbf49056637a6995b1b00a5e9dfdd395d4a9e402081ffe558b46097580"}, &(0x7f0000002180)=0xdf) r1 = dup(r0) setsockopt$inet_tcp_TLS_TX(0xffffffffffffffff, 0x6, 0x1, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e21, @local}, 0x10) ioctl$FIONCLEX(0xffffffffffffffff, 0x5450) openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = syz_open_procfs(0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) preadv(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x3, &(0x7f0000000740)=0xfff, 0x4) ioctl$BTRFS_IOC_GET_SUPPORTED_FEATURES(0xffffffffffffffff, 0x80489439, 0x0) ioctl$BTRFS_IOC_SET_FEATURES(0xffffffffffffffff, 0x40309439, 0x0) r4 = openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) ioctl$BTRFS_IOC_SUBVOL_CREATE(r4, 0x5000940e, &(0x7f0000003400)={{r2}, "107bd670ff5da187b47e0c5c8d75c20e87e588105f30f3db84b06d7ef8d335a7e32c6c5b1650e0042fed5bcc38600a21b25d09b007372187cd461cb50eaf1e4c6a42cb0f2da45ff6b15bcad7f42d18b9e45bb9a717b96f14765f0ed184c87b7485e05987a9e6c88029429a37b5d64900e3d153142e55c07046f75d0bf1eb4b5437f16a4a3b09daa3910dd25767a3c4cd58957a01116a81df5a0f391d4b357493378f1009baed7f036d3a1217e70148de1f39def114f9fb3e8d23f2b8370f556e726b8d580a60650a86f4c6a6c6e18848398064565d166cd5096b728c63a72a8162c324e8135a306c411fea89813a8af85eb8ad8f9e4a57eccbf50c045c5874dffcadf3477f553af03a0fca38d7471d255f76575caf6889965609865e9617271f3ca94f056587111df80b45583772bbe8c62096fc7aec973b8b8a04412d87181b3e5a14ff721f7903561464b0da69f2cddf7134f7a08425b1906bfba95af39245e43b06e20487d4ba80c07d76fc83775e4559ee106bd25a798529e6c65c3dd0087ee847bf13790ac13585398061d968a746605ad430d4e99c0a8c1b69ba0f60181a0da52701fc9cb966a53d5a3b628cea79dd073067e3a584b79aa88c3f1848bc101e7da240706d0386f15a2ac60d592955a6d9c363a3e8976c3d23cc6eaebc6ff4c1e4662cc6ab342a4de9d9afd8fe8693a2675dbe9835ca9989ff4a98a21b82fd29daeb5062757375cd5ad8c375b2056b7595fa7565a4965b2b6765a96e228f7b7979dda5e7820c3f1f37bcc81172370081ebbdc4f9457e685e994e16348ac474a93ef909d459c4fa99e293f5d44a815a1275a8ca1a3bd5d1c2dcb632c2cc0249b6e23355420cd9309cc7891f1d01192b6c4c6612f863596bee3f7649312a5b8ab2b505604cd68a67e0f61e26675f826588984ef73401d708523a482f7f26d3ea126f88798fcb9af7d4631097d3c84473d3b4bce0711112197476c122b6d612cbd365b1172f63cfc752d25e6288192b8d6332abf801e0b3fbe4fc4c161161911ac0f115cd3d467aa43e958b70327b14046ec3f5d0aea60543646b340f246b3516a4ac224a3e9ca305aba0e64be1803bbbdc1aeee54ba00397688592e818e32471f9cda05bda702b8b21d22e4732b75b0fdfcfd6f411bc8c78b1ac9a64f392d4fb246afe18f565869e53e81b88a02ce97d2138dc4461c025b9079d3feb6ab4462f4d5af4fd050b75e49cfab3fd4fe82c79a013919cded863e2b6fb5ea1463c3ec37a72b2ed23155b65b14676e90419f07c21ae2ff1f88762156c2124a63e829ddd7a870b6d703757eb6c0215b2214d05441f0a0f0c9e415b05f37ebe032918ac8079b5b944b52c91d397eb73459a141c6bbae4d08471a9e8f9ad182f9b33919713d422452502c3153835645e257eb9a8f2759421eab6da5107bfa84f9ad14b9622aa96c4f26d680cab81bea7979b0ee4131ed51305efc3533eae37e0fe939d915a387e5b5e524f27f4f2924ca0424239cb4abc31434371dc68aeee40dc03a1ab1cf446fc9c9f45e7da628a5b7262792677628128974dbfff109d9d81bda4222a12580d883eb9d436f214df61b49e701fbcc447cf5aa29c66a14c01a4221fdf63a5f27eb8791feb18821973c36f137e3dc0ae3736ab33a27ebafeff5caa73c98e9aba1bb7044bbd82fcf70017f8f1c0dcb052225126a9460919c82234d77e2496bc27535f52197772f8cd7c9edb04434319cce0c7b1a70f987f120d34a46ff59fce21bf441d5bfb11c9efcc3f96fab5f620ab221a7a26dacc67737d94de4c52a4bb61fd0eb1b551d2266bcf3f236215be69d6677735038081812243e15d6daddab878d0ec4269bf8aa6100c9a6917bf2bf48ce4775d3f054a0bf13ea95e02d45df9bc608a6f8abe161bfd395e735817a61adfe917aa42a5894b46969a7fdd9890ca2385cb6734f1c5aab183e9623ee0de062d46f2d4dfbd6b9e78a7c87a98c3e1188a64a3aacacd2788737a48d6d97bef4375c872c935ac63c92eb3d8b602e879622aad4f2c11b940d1a31988fdd75c46b0d2965f19c57077899a36ec81ad37ef2a0a472057311e2aa5147b2084c0ab9e36cfb9ef3d2a7c5929f32b1ee4184206be8b7fcdebc7037449c589f639be6071c17d51b13da5bd107deb14727e18989371a7b7908bb17dc6386a8830b62b5197c3c5710aacf21157c5a529d2693c0e96381f90ac2c629553186c95887b728a19949c49545dec51b837be3fa7cdfaafd20017d2097a21543e806f4f642817abc6d28ede4a4149dbc5d5c34dd32fbfee3a51b0a4dc85124f510b09ed2e358ec2abae9f368abb2a882f73e291827d00cf3a178589a5442406b15d31c5470abcd18e2cd5bba8e71ca736d577b4564c788597e38a7165120f1d86c65489263a30285fdce452459dec10c9de6f24d62c20026f9fbd5bd519edfc628b69fbeb8af1ccf3b372daa2c2f398c077a7b89e4063245090b487320f2943fe729cb79b31635502b5f6c22a018e45be724922336a024cfa2bdc3556fcfa27ba087d020d633ef548e593f9dd39d1bb978e5b9e60afdac20ebe1625c32323640a24424304d7ad7f286318e741543cfa146626a13af87012593b54e166af59fd1ba804fdd6a283f1d07e23314c2f54edbcb1fe032eb07abc6627cf9c8fff931c0130a5037135457d5810b927d9e00593d0734eea4a9be3687a247e8c79f37bb52e3f7f7dfb9a3c2bc3c6fbfce6e5496f11a39cda234ade19cb4b8c602b32a532c2340fd528ae641fa076cda21ca8b79968cd5cee0904d3c1f38261b0ba798eb1bb7b625887140cff089de6af30b4d6599adb333175844ed3e47e1815846d901a2133f2f08f78bb5268c659275168bb8d0c2c26746e9d19dcb72c6345ee3cbacf17618bd1200bc749fccdc23b4e1b6c71b1543f6a84ba9b2e1f532db3500f58fc61ac0a7b22205a79f8dd780663ee9f7d8efd5061281c19b43eb3e2e6d30958b043daef1cdaf859e1d3d68c051e0b6d697b06bc767bee3a16627735b3bcfead1b2526392eb95902117f2c98d9488211eae2a659786dad44dcb677a065543c7558ac3d08d766bd26fdfd176dd2e9664533edec7f274bf54a0e2bda990477073a87ef81f200023bf5a5eb5929d6a1750d6a088681e205e79d9e70501aa9272ef709a572ba8b2498c77f6f93b9ec6be402bd259d0ce4d587e346168e268bf354bb88b7cca07a3b3156dcffba39c0fca014c6f098e8483c08fd5336f338bf396185425361b64daf9fc678b89c7fa9e3da4c84ad868662fd410d36e8ba2997543c17cffd1a4f2bf476868fe2922dd07644a818740965a8bb8645ab09ad65aa168c319def2ab5ec928b721b6a34750de7614f16228cfd2387dd45540daf0ce30119332772f809cadabae483fcf67013ed8eb945a980c599dd941b10d096515cfc6ce71b0f25ea5e4f1b2d6c3fce5fe2ba90368abed2de42d0d6cf7f3851f8d381436360dcf1ea55c9cee71a8c4e0ce534cbf4f638ed8521b07df75cccbbf6b8d634910f9bad8af3184b65f5ae2a78f4892dc2c87cf35d0527080142a3ee1f33e0e69a30fda41b087f12b3a60d118b0c713dc3cc2b53a7c3c41a4b21288c1a65f2a1d2d7faff6d11f7a0279dca03965467f1fbee0fb04fc0528360bafb1a4c3923718c08ff0fdf0e760a4016d4ce69594c2b95b2aa304cc5af43496b0dfaa7b13d075ec94c66f9f42177d9ae7163d4b712d1193dca169f248aab672948ce7a6449a2306678ae5d1d2e4e264221cfeb5afe6d8ae47bb1628d8476e804d62aaac123458a1bf1b3fce8ba370d14ee489db44a9ce975195f86127a68cf6b2022b532ec12417964adefb93b29b8a256c55717dfeeadde679868664404e54a92c202c9e3e2e61a1d721b3f7ab28f778865953e3be81f73b6f526f8a05d271b6d4f8fcd31ff856f0685cbc3c24d05fe5910c10999251a871d7ccc66feca20df81a6160214abc5b24e1e53a9ffbabf367b5163bcda000cdb5e7ce273f8953e98eee5acbd835ffaa060c93b74581902d04db406b71e252fb1a60cf4b4965a5156a4fa5a5cad07b34d7f4bab88f6051f492647bba35252cd4f6135af36fc1eca0fa1aa220d1898146c9e81644ec3502420c5c7775d3f9627ddedff115b5e3c850ffc4a673f97163d88ffcadc57030b05ca9604fa2005cb5eff24575cb86effe217c253f3b3417b39d99fcf4b189dec843a9f952f9d933b28640662d07796817dc55262a8583012161fd7706243212887e24002d6ef579d27909be20bf8d396c35f0ddac292ab22032e99a0537513cdca67eacc32495e67894442e5c89b9a91cc3e5051e4424cfc86f67807d19535e5e5ad2e8e8c4bce08a1fe9fd33f0427f6168cf2720a39f16c0fa789e86ffabf5e8aedc267d936ea46277693becf627d595ba5be6de8e69eb8552c56c11474c649015e682f06cb9a70d4dea0260f70a2422748d640acad45252ac84ecf46a7d724bc941237ff8aff1386231cee41b6d2230b203a11019bcfcc9e27edcc0d87669f5259dd65a3b36b2cc9e8b84b908c9a4d7612c53db637276495aa651e4b7d2f47ad547b960b05855ab904f03ff3d5c40516cc081afa793fc4a2a113647fffc5bdc39f953dbda7c6bbf791d13afde7b9092c5e0ceac3f935e2b9194497cac530e1abb1a8ab8f0c2e94971d8d1fb2cddee338ea8aa0fe1e5c9fe1eef2319e03c452332304a768c431f9dbed8fe16e159a1a2f777031576f2db523bf70bb12bab7b66d9ff287b1452210e0c59dafe11058e77af73d52340a3570b52dfc5e8291af8358b5b67f76810cb84072a92227123ee72983057f321b775f2322fdf4d00e2a6278a39939fd86ae5100884531433f3c16bcab79bff583e9f9b3e7ed58639ad0d4f458d540c91fc1fe7e4433e180a3e2b7f6f65438c251ba1e79483364d38692ba979d5980e1088af5b3f6df1455489cfa574ffe9da4239d99c75885548eb626e925dc948077391066a28fa024c0de3b4bccbfe9fc7d54be0343f65cae9201f2bed4c362070bc9c593e1de70a14f39c513f96d049b5ed187686d37ecd93850ba631dd880ba3d925a8403e750c2a8358441188585ad0099d64719b35df2248f3e21fd6f7a4621ae0d5545bea17bb4e6507a157b7ab4195c68253e7965f025f4dd224e64c36f9c9372beb4f713c4fa1c227cc1a9079bc2c37e93afb97a7ab85df82495581191cb0024195dc2f53cf8f70440ef6b15a473eef2bdf98971b42c029dc6037f1253f6e0c9107047a5bdbae0f42b7ab2c5bd2768d8172bd406485647ede3165f265a045cc18efd1a6f42d476c8ba026dde062e272db4bd02c526bb2c6d598f6a86fe28a33723bde446c70b60da31095fee951c4605af8d8f5baeab267e8da5aa258dafe88188ecfc41ec3a2d4f69d19901183f332d5a3e46fcbc1f7e81736774040fa0e42b416c5d76e0affd55d03026f27a337c56fc26164cd0c26ef248e0adc34254c654cdd9eaee5bd9dd986b80095a3d405691c76f89556c41e5c7fc2bbd2609c048f0ff43cc9818be03d7160cd905c18ef83353ada629b1c8be6f569fc550705ff4bc59803e9ae8905377289b05896801f8b547d8cd7e07f6afad72dfe1f2c6ea95fed283963952c484e917be40d1475e2b507f3e6da6284e6a634de131323c3e3421188ad4f72e5b942f17661bde58767bbbe4b1fa0e3f51ffd8415d9ca7db8ddc792e3c02330965f743290409297c81119deb0bab3caa62db34ce8adea0b7b5dd4583f4c171"}) setsockopt$inet_tcp_int(r1, 0x6, 0x24, &(0x7f00000021c0)=0x1, 0x4) bind$inet6(r3, &(0x7f00000002c0)={0xa, 0x4e23, 0x1f, @remote, 0x7c1c461b}, 0x1c) getsockopt$sock_int(0xffffffffffffffff, 0x1, 0x27, &(0x7f0000000000), &(0x7f0000000100)=0x4) getsockopt$sock_int(0xffffffffffffffff, 0x1, 0x2a, &(0x7f0000000300), &(0x7f0000000dc0)=0x4) connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x7, &(0x7f0000000200), 0x4) sendto$inet(r0, &(0x7f0000000e40)="fbbf0b5044e308cb7bd572aa2b42e9678bcf30eff9f3aed14dc94a114bd2b45956aebe2b108a87e865501a5f9e0383611afdd3f8bac3d5cfd7772a3ab48d0ba4b600731e357e38716c449fae7c28548a4f2105f44b8fd9b33041270ae01f1a405e3f650fc3b0926d481c364fca00000000000000006d3a3ede9fc738b8d86209c060161d5ddb5fcf3d09001117cdb9d055aa2d89fe3458720724853a876448d4a1fe9ef0569ad98a05ab5df763923b4e2c576e00000000000000000000000000000000002090666159e3075f7244cf4ec3d7814c0c934f44e200219e6dd7bc23397d5f2f2c76a5baddd0fdcc340362691ef226f7a0ac51b74b6be5ed6737948514cd466943d08eeb3895b80499da2b209da4f3ec5e3744ce3e863b0e04d0ec2f39edf50b6e08c4b47e445c5b9791310a346472723c100bf77a310b0ced8004b5ac6d48c40439f512e8ef34a53d65f55563f68136a577736ca5f6f66e01ef4ec23ec8db34f6de50713adaa3f70189958263fddc1314f8a28ccdef6e1390c5fbaeadc3035d019f0dc75de307de6c0d010000000000000027083d1d5b4b013c503b863b560688d94de886b6dc73d5da2dfeff4bed1a49a975a6c8dbb480e4415ddca5657a5a8e3b111015499e952bb5e8d8f60de3d688df7802c6e8b27b31fac4e199038b79a3999920e634a5af162a9581a18acbc842daae234acacf9cb43ab332a37bbc926c39897395c974fda31536be523bf4260300730ae6136fecae5f0fa6ab2df8d98128b24589e3bbe5230e07dc5e0d65cc397e3f8204d48e59e8e294a6d7008ba8fba28cd5009fe1a7c569ce740078bf1c7389a6ba0f89257f0eac417aac0d2d89b05ee5dafa2f1d936c87264d077b2c0d5abdbc64ce943f895dd4c2e9dd7393543d89b00dc6b3a25045d4ec932366c67dfad087fa8dc104644828440bdf67dd97ebccb3bdfd749301490e074560a6fa10d9c52fb6ac5cc524eca8476e425e388609abfee333eb1caccd732ad461f379b7252bf63cadad13dc487ba70f1cda6122fedc1ea82fadc597d3a7a3b0c3a3757213e0f82a3e8707c83d95bda372880df29f6d3a122080dd2e15713c7d9ef5b6e11ea8fd2895518dee2cf4cfca78487ad87925f8753a4afba82c74d196dc5a86683f765c758100fbabdaca1066829ed8d611c7b33b1e6f37fbc6f6a63da2d3877a66f429a935ff2c456ca8e06cb88dbc495abb94c728b6746c6f0f1752bca5d3122d0b21ef4185f2179437ef01ceca4c7df533c1a4", 0x388, 0xc000, 0x0, 0x0) recvmsg(r0, &(0x7f00000033c0)={&(0x7f0000000100)=@ethernet={0x0, @dev}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000780)=""/164, 0xa4}], 0x1, 0x0, 0x47}, 0x20) 9.242555891s ago: executing program 2 (id=3631): socket$inet6_tcp(0xa, 0x1, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) ioctl$KVM_SET_TSS_ADDR(0xffffffffffffffff, 0xae47, 0x0) 9.064473003s ago: executing program 2 (id=3632): sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=@ipv4_newaddr={0x30, 0x14, 0x509, 0x0, 0x0, {}, [@IFA_TARGET_NETNSID={0x8}, @IFA_LOCAL={0x8, 0x2, @multicast2}, @IFA_ADDRESS={0x8, 0x1, @loopback}]}, 0x30}}, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'batadv_slave_1\x00'}) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = dup(r1) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, 0x0}], 0xffff, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0xd000}) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x0) 8.696046093s ago: executing program 4 (id=3633): sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=@ipv4_newaddr={0x30, 0x14, 0x509, 0x0, 0x0, {}, [@IFA_TARGET_NETNSID={0x8}, @IFA_LOCAL={0x8, 0x2, @multicast2}, @IFA_BROADCAST={0x8, 0x4, @local}]}, 0x30}}, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'batadv_slave_1\x00'}) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = dup(r1) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, 0x0}], 0xffff, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0xd000}) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x0) 8.395013317s ago: executing program 0 (id=3634): r0 = socket$nl_route(0x10, 0x3, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) syz_genetlink_get_family_id$batadv(0x0, 0xffffffffffffffff) r2 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000080), 0x40002, 0x0) ioctl$VHOST_SET_LOG_FD(r1, 0x4004af07, &(0x7f00000001c0)=r1) write$sequencer(r2, &(0x7f0000000140)=[@l={0x92, 0x7, 0xe0, 0x1f, 0x7, 0x80, 0x800}, @l={0x92, 0x0, 0xd0, 0xe, 0x4, 0x81, 0x7}, @e={0xff, 0xa, 0xf, 0x81, @SEQ_CONTROLLER=0xfe, 0x8, 0x8, 0xc0}], 0x18) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000000018105e04da0700000000000109022400010000000009040000090300000009210000000122220009058103"], 0x0) syz_usb_control_io$hid(r4, 0x0, 0x0) syz_usb_control_io$hid(r4, &(0x7f0000000000)={0x24, 0x0, 0x0, &(0x7f0000000100)={0x0, 0x22, 0x20, {[@global=@item_012={0x2, 0x1, 0x9, "2313"}, @global=@item_012={0x2, 0x1, 0x0, "5fbf"}, @main=@item_4={0x3, 0x0, 0x0, "e7e03604"}, @local=@item_012={0x2, 0x2, 0x2, "90a0"}, @local=@item_4={0x3, 0x2, 0x8, "5bfd02dd"}, @main=@item_4={0x3, 0x0, 0xb, "813e2503"}, @main=@item_012={0x2, 0x0, 0xb, "31a3"}, @local=@item_4={0x3, 0x2, 0x0, "5d8c3dda"}]}}, 0x0}, 0x0) setsockopt$sock_int(r0, 0x1, 0x6, &(0x7f00000000c0)=0x72, 0x4) r5 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0) dup(r5) r6 = syz_io_uring_setup(0x3aec, &(0x7f0000000240)={0x0, 0x0, 0x4, 0x0, 0x20}, &(0x7f0000000000)=0x0, &(0x7f0000000580)=0x0) syz_io_uring_submit(r7, r8, &(0x7f00000009c0)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0xffffff86}) io_uring_enter(r6, 0x7a98, 0x0, 0x0, 0x0, 0x0) sendmsg$nl_generic(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[@ANYBLOB="341000003b0007010000000000000000017c0000040000001400018008001600000000000600060088480000080002"], 0x1034}}, 0x0) sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x60004}, 0x4000090) r9 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r9, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[@ANYBLOB="341000003b0007010000000000000000047c00000400000014000180080016000000000006000600800a0000080002"], 0x1034}}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) syz_open_dev$vbi(&(0x7f0000000040), 0x0, 0x2) r10 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0x6, 0x4, 0x40, 0x5, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000007c0), &(0x7f0000000380), 0xfff, r10, 0x0, 0xa0028000}, 0x38) 5.03555252s ago: executing program 2 (id=3635): r0 = socket(0x10, 0x80003, 0x0) write(r0, &(0x7f0000000000)="240000001a005f0214f9f407000904000a000000fe0000000000000008000f00", 0x20) recvmsg$unix(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000008c0)=[{&(0x7f00000035c0)=""/4098, 0x1002}, {&(0x7f0000002300)=""/107, 0x6b}, {&(0x7f00000005c0)=""/153, 0x99}, {&(0x7f0000002440)=""/4096, 0x1000}, {&(0x7f0000000380)=""/113, 0x71}, {&(0x7f00000007c0)=""/222, 0xde}], 0x6}, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000080)={'sit0\x00'}) 4.38095586s ago: executing program 3 (id=3636): r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, 0x0) timer_settime(0x0, 0x0, &(0x7f00000002c0)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r1 = userfaultfd(0x80001) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x279}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000140)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1}) r2 = userfaultfd(0x80001) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000940)) ioctl$UFFDIO_REGISTER(r2, 0xc020aa04, &(0x7f0000000100)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x0, 0x2}) 4.112146477s ago: executing program 4 (id=3637): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)={0x34, r3, 0x201, 0x0, 0x0, {{}, {@val={0x8, 0x3, r1}, @void}}, [@chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}, @NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x13}], @NL80211_ATTR_DURATION={0x8, 0x57, 0x80}]}, 0x34}}, 0x0) r4 = syz_open_dev$loop(&(0x7f0000000000), 0x4e, 0xa00) r5 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) ioctl$int_in(r5, 0x40000000af01, 0x0) r6 = socket$packet(0x11, 0x3, 0x300) ioctl$VHOST_SET_MEM_TABLE(r5, 0x4008af03, &(0x7f0000000240)) ioctl$VHOST_SET_VRING_ADDR(r5, 0x4028af11, &(0x7f0000000380)={0x1, 0x0, 0x0, &(0x7f0000000700)=""/4088, &(0x7f0000000280)=""/252}) r7 = dup(r6) ioctl$VHOST_NET_SET_BACKEND(r5, 0x4008af30, &(0x7f0000000000)={0x1, r7}) r8 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r8, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r8, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0x0, @local}]}, &(0x7f0000000240)=0x10) getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(r8, 0x84, 0x76, &(0x7f0000000100)={r9, 0x0, 0x10, 0x80000000}, &(0x7f0000000080)=0x18) ioctl$LOOP_CHANGE_FD(r4, 0x4c06, r7) syz_usb_connect(0x0, 0x24, &(0x7f0000004200)=ANY=[@ANYBLOB="12010000e2793f10d10501200002000000010902120001000000000904"], 0x0) ioctl$sock_TIOCOUTQ(r6, 0x5411, &(0x7f0000000040)) 2.18663769s ago: executing program 0 (id=3638): r0 = socket$nl_route(0x10, 0x3, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) syz_genetlink_get_family_id$batadv(0x0, 0xffffffffffffffff) r2 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000080), 0x40002, 0x0) ioctl$VHOST_SET_LOG_FD(r1, 0x4004af07, &(0x7f00000001c0)=r1) write$sequencer(r2, &(0x7f0000000140)=[@l={0x92, 0x7, 0xe0, 0x1f, 0x7, 0x80, 0x800}, @l={0x92, 0x0, 0xd0, 0xe, 0x4, 0x81, 0x7}, @e={0xff, 0xa, 0xf, 0x81, @SEQ_CONTROLLER=0xfe, 0x8, 0x8, 0xc0}], 0x18) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000000018105e04da0700000000000109022400010000000009040000090300000009210000000122220009058103"], 0x0) syz_usb_control_io$hid(r4, 0x0, 0x0) syz_usb_control_io$hid(r4, &(0x7f0000000000)={0x24, 0x0, 0x0, &(0x7f0000000100)={0x0, 0x22, 0x20, {[@global=@item_012={0x2, 0x1, 0x9, "2313"}, @global=@item_012={0x2, 0x1, 0x0, "5fbf"}, @main=@item_4={0x3, 0x0, 0x0, "e7e03604"}, @local=@item_012={0x2, 0x2, 0x2, "90a0"}, @local=@item_4={0x3, 0x2, 0x8, "5bfd02dd"}, @main=@item_4={0x3, 0x0, 0xb, "813e2503"}, @main=@item_012={0x2, 0x0, 0xb, "31a3"}, @local=@item_4={0x3, 0x2, 0x0, "5d8c3dda"}]}}, 0x0}, 0x0) setsockopt$sock_int(r0, 0x1, 0x6, &(0x7f00000000c0)=0x72, 0x4) r5 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0) dup(r5) r6 = syz_io_uring_setup(0x3aec, &(0x7f0000000240)={0x0, 0x0, 0x4, 0x0, 0x20}, &(0x7f0000000000)=0x0, &(0x7f0000000580)=0x0) syz_io_uring_submit(r7, r8, &(0x7f00000009c0)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0xffffff86}) io_uring_enter(r6, 0x7a98, 0x0, 0x0, 0x0, 0x0) sendmsg$nl_generic(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[@ANYBLOB="341000003b0007010000000000000000017c0000040000001400018008001600000000000600060088480000080002"], 0x1034}}, 0x0) sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x60004}, 0x4000090) r9 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r9, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[@ANYBLOB="341000003b0007010000000000000000047c00000400000014000180080016000000000006000600800a0000080002"], 0x1034}}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) syz_open_dev$vbi(&(0x7f0000000040), 0x0, 0x2) r10 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0x6, 0x4, 0x40, 0x5, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000007c0), &(0x7f0000000380), 0xfff, r10, 0x0, 0xa0028000}, 0x38) 2.060896396s ago: executing program 3 (id=3639): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) shmget(0x3, 0x1000, 0x0, &(0x7f0000ffc000/0x1000)=nil) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) mlock2(&(0x7f0000006000/0x3000)=nil, 0x3000, 0x0) r1 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000100), 0x0) preadv(r1, &(0x7f0000000340)=[{&(0x7f0000000080)=""/82, 0x52}], 0x1, 0x0, 0x0) close(r1) connect$qrtr(0xffffffffffffffff, &(0x7f0000000040)={0x2a, 0xffffffff, 0xfffffffe}, 0xc) write(0xffffffffffffffff, 0x0, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x40b80, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x3}) remap_file_pages(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x4, 0x0, 0x2000) socket$nl_netfilter(0x10, 0x3, 0xc) r2 = open(&(0x7f0000000280)='.\x00', 0x0, 0x7) symlinkat(&(0x7f0000000040)='./file0/file0\x00', r2, &(0x7f00000000c0)='./file0\x00') r3 = syz_open_dev$tty20(0xc, 0x4, 0x0) write(r3, &(0x7f0000000d00)="5476313aea75886961eca2a92808848c852343028c6a6ca70481d191fa9a8b934cfb06b680b1dc7cf78f9353688d5aef2693e2808d12a6dccfedf03a07407650281e57828caa6e9eb646e2db5db9c9685193721dd046c283bccaed46762aa347c5bbb6fe1aad6c6668963f5819a8e57e655fb4f3a58c5177d8efb527ec7584f6cdbebb81868c3e7abf7efa82132825d53ea84468d12d4d5bced3e9931526895baaec6f288523b3d5419a0c4c994d5f4a366df807b94798b1a1253f8199c36ba7403e762a743732f55ca036602c6002d87f92e451eef748177bbc17867516f6f2f8385ded4f8b04aabf635668598971ac34fe62faaf84d83228608a6192e7c5ad958c18e30022c8250432df1c15ea5bdeb5", 0x111) unshare(0x2c060000) unshare(0x24020400) 0s ago: executing program 1 (id=3640): r0 = socket$pppl2tp(0x18, 0x1, 0x1) ioctl$SIOCSIFMTU(r0, 0x8922, &(0x7f00000008c0)={'team0\x00', 0xff}) r1 = syz_usb_connect(0x0, 0x24, &(0x7f0000000600)=ANY=[@ANYBLOB="12010000a3b370086d04ae08581101020301090212000d000000000904"], 0x0) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(0xffffffffffffffff, 0xc00c642d, &(0x7f0000000200)={0x0, 0x0, 0xffffffffffffffff}) ioctl$DRM_IOCTL_MODE_GETCONNECTOR(0xffffffffffffffff, 0xc05064a7, &(0x7f0000000380)={&(0x7f0000000240)=[0x0], &(0x7f0000000280)=[{}], &(0x7f0000000300)=[0x0, 0x0], &(0x7f0000000340)=[0x0], 0x1, 0x2, 0x1}) ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, &(0x7f0000000500)={&(0x7f0000000400)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000440)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000480)=[0x0], &(0x7f00000004c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x7, 0xa, 0x1, 0x8}) ioctl$DRM_IOCTL_MODE_SETPROPERTY(r2, 0xc01064ab, &(0x7f0000000540)={0x9, r3, r4}) syz_usb_control_io$cdc_ncm(r1, 0x0, 0x0) mremap(&(0x7f0000002000/0x1000)=nil, 0x1000, 0x2000, 0x3, &(0x7f0000ffb000/0x2000)=nil) r5 = syz_open_dev$evdev(&(0x7f0000000000), 0x8000000000000001, 0x4000) write$evdev(r5, &(0x7f0000000040)=[{{0x77359400}, 0x1, 0x0, 0x80000001}, {{0x77359400}, 0x0, 0x1, 0xfffffffc}, {{}, 0x4, 0x8, 0x4}, {{0x77359400}, 0x1f, 0x7, 0x1ff}, {{}, 0x0, 0x4, 0xffffffff}], 0x78) move_pages(0x0, 0x1efe, &(0x7f0000000080), 0x0, &(0x7f0000000040), 0x0) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000080005000000000000000000010000000900010073797a30000000002c000000030a01020000000000000000010000000900010073797a30000000000900030073797a320000000048000000060a010400000000000000000100000008000b40fffffffe18000480140001800b0001007470726f78790000040002800900010073797a30000000000509074013000000140000001100010000000000000000000000000ae1fe22f45f80af2502f0dd48dc1378d436ad2e9b9d1002ed96c313b2bd1767"], 0xbc}}, 0x0) syz_usb_control_io(r1, 0x0, 0x0) syz_usb_control_io$hid(r1, 0x0, 0x0) syz_usb_disconnect(r1) kernel console output (not intermixed with test programs): e0: port 1(bridge_slave_0) entered forwarding state [ 1019.851989][ T1171] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 1019.882539][ T1171] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 1019.883463][ T2513] bridge0: port 2(bridge_slave_1) entered blocking state [ 1019.895234][ T1171] usb 3-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 1019.900993][ T2513] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1019.926869][ T1171] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1019.946474][ T1171] usb 3-1: config 0 descriptor?? [ 1019.952551][T21196] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 1019.964199][ T1171] hub 3-1:0.0: USB hub found [ 1020.169619][ T1171] hub 3-1:0.0: 2 ports detected [ 1020.217184][ T5237] Bluetooth: hci0: command 0x0406 tx timeout [ 1020.272826][T20976] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1020.453331][T20976] veth0_vlan: entered promiscuous mode [ 1020.537437][T20976] veth1_vlan: entered promiscuous mode [ 1020.556823][T21116] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 1020.585501][T21116] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 1020.646133][T21116] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 1020.677506][T20976] veth0_macvtap: entered promiscuous mode [ 1020.688735][T21116] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 1020.719610][T20976] veth1_macvtap: entered promiscuous mode [ 1020.774437][T20976] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1020.803289][T20976] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1020.821645][T20976] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1020.833431][T20976] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1020.855529][T20976] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1020.867772][T20976] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1020.881497][T20976] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1020.895408][T20976] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1020.920655][T20976] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1020.932638][T20976] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1020.955544][T20976] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1021.005056][T20976] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1021.041820][T20976] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1021.052591][T20976] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1021.074071][T20976] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1021.084323][T13690] usb 5-1: new high-speed USB device number 112 using dummy_hcd [ 1021.096041][T20976] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1021.111460][T20976] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1021.127458][T20976] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1021.138340][T20976] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1021.164536][T20976] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1021.176738][ T5237] Bluetooth: hci1: command 0x0406 tx timeout [ 1021.184762][T20976] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1021.238933][T20976] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1021.246218][T13690] usb 5-1: Using ep0 maxpacket: 16 [ 1021.252704][ T5237] Bluetooth: hci3: command 0x0c1a tx timeout [ 1021.259656][ T5237] Bluetooth: hci2: command 0x0c1a tx timeout [ 1021.271326][T13690] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1021.288744][T13690] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1021.298782][T13690] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 1021.313359][T13690] usb 5-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 1021.323013][T13690] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1021.336408][ T5233] Bluetooth: hci4: command 0x0c1a tx timeout [ 1021.345655][T20976] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1021.353338][T13690] usb 5-1: config 0 descriptor?? [ 1021.396721][T20976] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1021.428865][T20976] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1021.438251][T20976] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1021.915108][ T3054] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1021.958313][ T3054] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1021.974002][T21243] netlink: 4096 bytes leftover after parsing attributes in process `syz.4.3439'. [ 1021.983975][T21243] openvswitch: netlink: Missing key (keys=400040, expected=200000) [ 1021.997787][T21243] netlink: 4096 bytes leftover after parsing attributes in process `syz.4.3439'. [ 1022.008694][T21243] openvswitch: netlink: Actions may not be safe on all matching packets [ 1022.068715][ T2531] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1022.097170][ T2531] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1022.112066][ T8] hub 3-1:0.0: hub_ext_port_status failed (err = 0) [ 1022.179137][T21116] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1022.285517][T21116] 8021q: adding VLAN 0 to HW filter on device team0 [ 1022.296104][ T5233] Bluetooth: hci0: command 0x0406 tx timeout [ 1022.323497][ T9] usb 3-1: USB disconnect, device number 122 [ 1022.337649][ T35] bridge0: port 1(bridge_slave_0) entered blocking state [ 1022.344878][ T35] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1022.449289][ T3054] bridge0: port 2(bridge_slave_1) entered blocking state [ 1022.456623][ T3054] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1022.792387][T21116] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1022.982686][T21116] veth0_vlan: entered promiscuous mode [ 1023.089240][T21116] veth1_vlan: entered promiscuous mode [ 1023.223972][T21116] veth0_macvtap: entered promiscuous mode [ 1023.241103][T21116] veth1_macvtap: entered promiscuous mode [ 1023.247882][ T5233] Bluetooth: hci1: command 0x0406 tx timeout [ 1023.326594][ T5237] Bluetooth: hci3: command 0x0c1a tx timeout [ 1023.333127][ T5233] Bluetooth: hci2: command 0x0c1a tx timeout [ 1023.368625][T21116] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1023.406637][ T5233] Bluetooth: hci4: command 0x0c1a tx timeout [ 1023.429700][T21116] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1023.471093][T21116] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1023.529483][T21116] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1023.579792][T21116] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1023.666285][T21116] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1023.693291][ T51] usb 2-1: new high-speed USB device number 75 using dummy_hcd [ 1023.703995][T21116] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1023.725302][T21116] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1023.737820][T21116] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1023.749830][T21116] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1023.769950][T21116] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1023.828213][T13690] usbhid 5-1:0.0: can't add hid device: -71 [ 1023.840518][T21116] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1023.865013][T13690] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 1023.885113][T21116] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1023.894602][ T51] usb 2-1: Using ep0 maxpacket: 16 [ 1023.917196][ T51] usb 2-1: config 0 has an invalid interface number: 214 but max is 0 [ 1023.926850][T13690] usb 5-1: USB disconnect, device number 112 [ 1023.943618][ T51] usb 2-1: config 0 has no interface number 0 [ 1023.956660][T21116] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1023.972278][ T51] usb 2-1: config 0 interface 214 altsetting 0 endpoint 0x83 has invalid maxpacket 1023, setting to 64 [ 1023.984015][T21116] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1024.010966][ T51] usb 2-1: New USB device found, idVendor=0596, idProduct=0001, bcdDevice= 5.f5 [ 1024.026021][T21116] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1024.036907][ T51] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1024.051759][ T51] usb 2-1: Product: syz [ 1024.056598][T21116] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1024.066920][ T51] usb 2-1: Manufacturer: syz [ 1024.071565][ T51] usb 2-1: SerialNumber: syz [ 1024.078314][T21116] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1024.091903][ T51] usb 2-1: config 0 descriptor?? [ 1024.098152][T21116] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1024.112952][T21116] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1024.140166][T21116] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1024.152936][T21116] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1024.163938][T21116] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1024.184831][T21116] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1024.214062][T21116] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1024.240581][T21116] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1024.300794][T21116] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1024.354963][T21116] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1024.374285][T21116] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1024.393392][T21116] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1024.431803][T21296] FAULT_INJECTION: forcing a failure. [ 1024.431803][T21296] name failslab, interval 1, probability 0, space 0, times 0 [ 1024.435447][T13690] usb 5-1: new high-speed USB device number 113 using dummy_hcd [ 1024.458784][T21296] CPU: 0 UID: 0 PID: 21296 Comm: syz.2.3447 Not tainted 6.11.0-syzkaller-09959-gabf2050f51fd #0 [ 1024.469263][T21296] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 1024.479368][T21296] Call Trace: [ 1024.482853][T21296] [ 1024.485812][T21296] dump_stack_lvl+0x241/0x360 [ 1024.490548][T21296] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1024.495798][T21296] ? __pfx__printk+0x10/0x10 [ 1024.500436][T21296] ? __kmalloc_cache_noprof+0x44/0x2c0 [ 1024.505943][T21296] ? __pfx___might_resched+0x10/0x10 [ 1024.511290][T21296] should_fail_ex+0x3b0/0x4e0 [ 1024.516033][T21296] should_failslab+0xac/0x100 [ 1024.520771][T21296] ? ucma_alloc_ctx+0x4b/0x2c0 [ 1024.525570][T21296] __kmalloc_cache_noprof+0x6c/0x2c0 [ 1024.530893][T21296] ucma_alloc_ctx+0x4b/0x2c0 [ 1024.535535][T21296] ucma_create_id+0x237/0x500 [ 1024.540244][T21296] ? __might_fault+0xaa/0x120 [ 1024.544935][T21296] ? __pfx_ucma_create_id+0x10/0x10 [ 1024.550168][T21296] ? __might_fault+0xc6/0x120 [ 1024.554883][T21296] ? __pfx_ucma_create_id+0x10/0x10 [ 1024.560095][T21296] ucma_write+0x2d9/0x420 [ 1024.564433][T21296] ? end_current_label_crit_section+0x151/0x180 [ 1024.570706][T21296] ? __pfx_ucma_write+0x10/0x10 [ 1024.575591][T21296] ? bpf_lsm_file_permission+0x9/0x10 [ 1024.580985][T21296] ? security_file_permission+0x74/0x280 [ 1024.586821][T21296] ? rw_verify_area+0x1c3/0x6f0 [ 1024.591724][T21296] vfs_writev+0x5a9/0xba0 [ 1024.596106][T21296] ? __pfx_ucma_write+0x10/0x10 [ 1024.601023][T21296] ? __pfx_vfs_writev+0x10/0x10 [ 1024.605923][T21296] ? fdget_pos+0x19a/0x320 [ 1024.610413][T21296] do_writev+0x1b1/0x350 [ 1024.614718][T21296] ? __pfx_do_writev+0x10/0x10 [ 1024.619515][T21296] ? do_syscall_64+0x100/0x230 [ 1024.624340][T21296] ? do_syscall_64+0xb6/0x230 [ 1024.629071][T21296] do_syscall_64+0xf3/0x230 [ 1024.633614][T21296] ? clear_bhb_loop+0x35/0x90 [ 1024.638329][T21296] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1024.644280][T21296] RIP: 0033:0x7f3e55f7def9 [ 1024.648721][T21296] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1024.662170][T13690] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1024.668354][T21296] RSP: 002b:00007f3e56d81038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 1024.668389][T21296] RAX: ffffffffffffffda RBX: 00007f3e56135f80 RCX: 00007f3e55f7def9 [ 1024.668407][T21296] RDX: 0000000000000003 RSI: 0000000020000000 RDI: 0000000000000006 [ 1024.668423][T21296] RBP: 00007f3e56d81090 R08: 0000000000000000 R09: 0000000000000000 [ 1024.668467][T21296] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1024.668483][T21296] R13: 0000000000000000 R14: 00007f3e56135f80 R15: 00007f3e5625fa28 [ 1024.668516][T21296] [ 1024.668647][ C0] vkms_vblank_simulate: vblank timer overrun [ 1024.701176][T13690] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1024.703828][ C0] vkms_vblank_simulate: vblank timer overrun [ 1024.730409][ T51] input: syz syz as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.214/input/input83 [ 1024.790306][T13690] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1024.866257][T13690] usb 5-1: New USB device found, idVendor=258a, idProduct=0036, bcdDevice= 0.00 [ 1024.875991][T21305] netlink: 52 bytes leftover after parsing attributes in process `syz.2.3449'. [ 1024.902447][T13690] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1024.962509][T13690] usb 5-1: config 0 descriptor?? [ 1025.010259][ T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1025.026631][ T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1025.077046][ T9] usb 2-1: USB disconnect, device number 75 [ 1025.127636][ T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1025.166959][ T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1025.282296][ T29] kauditd_printk_skb: 16 callbacks suppressed [ 1025.282317][ T29] audit: type=1326 audit(1727163022.575:453): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21313 comm="syz.0.3451" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6c6b77def9 code=0x7ffc0000 [ 1025.282364][ T29] audit: type=1326 audit(1727163022.575:454): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21313 comm="syz.0.3451" exe="/root/syz-executor" sig=0 arch=c000003e syscall=233 compat=0 ip=0x7f6c6b77def9 code=0x7ffc0000 [ 1025.282406][ T29] audit: type=1326 audit(1727163022.575:455): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21313 comm="syz.0.3451" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6c6b77def9 code=0x7ffc0000 [ 1025.282446][ T29] audit: type=1326 audit(1727163022.575:456): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21313 comm="syz.0.3451" exe="/root/syz-executor" sig=0 arch=c000003e syscall=87 compat=0 ip=0x7f6c6b77def9 code=0x7ffc0000 [ 1025.282487][ T29] audit: type=1326 audit(1727163022.575:457): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21313 comm="syz.0.3451" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6c6b77def9 code=0x7ffc0000 [ 1025.283828][ T29] audit: type=1326 audit(1727163022.575:458): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21313 comm="syz.0.3451" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f6c6b77def9 code=0x7ffc0000 [ 1025.283876][ T29] audit: type=1326 audit(1727163022.575:459): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21313 comm="syz.0.3451" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6c6b77def9 code=0x7ffc0000 [ 1025.283916][ T29] audit: type=1326 audit(1727163022.575:460): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21313 comm="syz.0.3451" exe="/root/syz-executor" sig=0 arch=c000003e syscall=272 compat=0 ip=0x7f6c6b77def9 code=0x7ffc0000 [ 1025.283955][ T29] audit: type=1326 audit(1727163022.575:461): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21313 comm="syz.0.3451" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6c6b77def9 code=0x7ffc0000 [ 1025.286146][ T29] audit: type=1326 audit(1727163022.575:462): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21313 comm="syz.0.3451" exe="/root/syz-executor" sig=0 arch=c000003e syscall=2 compat=0 ip=0x7f6c6b77def9 code=0x7ffc0000 [ 1025.387749][T21319] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1025.406946][ T5233] Bluetooth: hci2: command 0x0c1a tx timeout [ 1025.418485][ T5237] Bluetooth: hci3: command 0x0c1a tx timeout [ 1025.480873][T13690] glorious 0003:258A:0036.0031: unknown main item tag 0x0 [ 1025.508944][ T5237] Bluetooth: hci4: command 0x0c1a tx timeout [ 1025.687552][T21323] netlink: 'syz.0.3452': attribute type 7 has an invalid length. [ 1025.713122][T21323] netlink: 256 bytes leftover after parsing attributes in process `syz.0.3452'. [ 1025.724428][T21291] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1025.758030][T13690] glorious 0003:258A:0036.0031: unknown main item tag 0x0 [ 1025.774323][T21291] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1025.787104][T13690] glorious 0003:258A:0036.0031: unknown main item tag 0x0 [ 1025.813037][T13690] glorious 0003:258A:0036.0031: unknown main item tag 0x0 [ 1025.835693][T13690] glorious 0003:258A:0036.0031: unknown main item tag 0x0 [ 1025.882673][T13690] glorious 0003:258A:0036.0031: unknown main item tag 0x0 [ 1025.906970][T13690] glorious 0003:258A:0036.0031: unknown main item tag 0x0 [ 1025.932716][T13690] glorious 0003:258A:0036.0031: hidraw0: USB HID v0.00 Device [Glorious Model O] on usb-dummy_hcd.4-1/input0 [ 1025.960826][T13690] usb 5-1: USB disconnect, device number 113 [ 1026.106084][ T5305] usb 2-1: new high-speed USB device number 76 using dummy_hcd [ 1026.259149][ T5305] usb 2-1: Using ep0 maxpacket: 32 [ 1026.284320][ T5305] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1026.316614][ T5305] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1026.336599][ T5305] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xAD, changing to 0x8D [ 1026.367071][ T5305] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1026.383513][ T5305] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 5 [ 1026.402678][ T5305] usb 2-1: New USB device found, idVendor=1b96, idProduct=000a, bcdDevice= 0.00 [ 1026.439952][ T5305] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1026.463685][ T5305] usb 2-1: config 0 descriptor?? [ 1026.786106][ T51] usb 4-1: new high-speed USB device number 49 using dummy_hcd [ 1026.870789][T21362] fuse: Unknown parameter 'group_00000000000000000000' [ 1026.895552][ T5305] ntrig 0003:1B96:000A.0032: unknown main item tag 0x0 [ 1026.919533][ T5305] ntrig 0003:1B96:000A.0032: unknown main item tag 0x0 [ 1026.936830][ T51] usb 4-1: Using ep0 maxpacket: 16 [ 1026.951987][ T5305] ntrig 0003:1B96:000A.0032: unknown main item tag 0x0 [ 1026.970040][ T51] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1026.986604][ T5305] ntrig 0003:1B96:000A.0032: unknown main item tag 0x0 [ 1027.004599][ T5305] ntrig 0003:1B96:000A.0032: unknown main item tag 0x0 [ 1027.021656][ T51] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1027.051150][ T5305] ntrig 0003:1B96:000A.0032: hidraw0: USB HID v0.00 Device [HID 1b96:000a] on usb-dummy_hcd.1-1/input0 [ 1027.066554][ T51] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 1027.122884][ T51] usb 4-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 1027.146142][ T51] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1027.234209][ T51] usb 4-1: config 0 descriptor?? [ 1027.259307][T21356] syz.2.3457 (21356): drop_caches: 2 [ 1027.443255][T21368] bridge0: port 3(dummy0) entered blocking state [ 1027.493359][T21368] bridge0: port 3(dummy0) entered disabled state [ 1027.503062][T21368] dummy0: entered allmulticast mode [ 1027.514515][T21368] dummy0: entered promiscuous mode [ 1027.523305][T21368] bridge0: port 3(dummy0) entered blocking state [ 1027.529818][T21368] bridge0: port 3(dummy0) entered forwarding state [ 1027.869991][T21381] FAULT_INJECTION: forcing a failure. [ 1027.869991][T21381] name failslab, interval 1, probability 0, space 0, times 0 [ 1027.883789][T21381] CPU: 1 UID: 0 PID: 21381 Comm: syz.2.3460 Not tainted 6.11.0-syzkaller-09959-gabf2050f51fd #0 [ 1027.894260][T21381] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 1027.904356][T21381] Call Trace: [ 1027.907655][T21381] [ 1027.910691][T21381] dump_stack_lvl+0x241/0x360 [ 1027.915570][T21381] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1027.920813][T21381] ? __pfx__printk+0x10/0x10 [ 1027.925421][T21381] ? __kmalloc_noprof+0xb0/0x400 [ 1027.930374][T21381] ? __pfx___might_resched+0x10/0x10 [ 1027.935679][T21381] should_fail_ex+0x3b0/0x4e0 [ 1027.940371][T21381] ? genl_family_rcv_msg_attrs_parse+0xa3/0x290 [ 1027.946628][T21381] should_failslab+0xac/0x100 [ 1027.951338][T21381] ? genl_family_rcv_msg_attrs_parse+0xa3/0x290 [ 1027.957590][T21381] __kmalloc_noprof+0xd8/0x400 [ 1027.962387][T21381] ? apparmor_capable+0x13b/0x1b0 [ 1027.967440][T21381] genl_family_rcv_msg_attrs_parse+0xa3/0x290 [ 1027.973549][T21381] genl_rcv_msg+0x802/0xec0 [ 1027.978095][T21381] ? mark_lock+0x9a/0x360 [ 1027.982449][T21381] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1027.987510][T21381] ? __pfx_lock_acquire+0x10/0x10 [ 1027.992555][T21381] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 1027.997939][T21381] ? __pfx_nl80211_new_station+0x10/0x10 [ 1028.003593][T21381] ? __pfx_nl80211_post_doit+0x10/0x10 [ 1028.009079][T21381] ? __pfx___might_resched+0x10/0x10 [ 1028.014392][T21381] netlink_rcv_skb+0x1e3/0x430 [ 1028.019216][T21381] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1028.024259][T21381] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1028.029571][T21381] ? __netlink_deliver_tap+0x77e/0x7c0 [ 1028.035058][T21381] genl_rcv+0x28/0x40 [ 1028.039057][T21381] netlink_unicast+0x7f6/0x990 [ 1028.043858][T21381] ? __pfx_netlink_unicast+0x10/0x10 [ 1028.049159][T21381] ? __virt_addr_valid+0x183/0x530 [ 1028.054281][T21381] ? __check_object_size+0x48e/0x900 [ 1028.059584][T21381] netlink_sendmsg+0x8e4/0xcb0 [ 1028.064374][T21381] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1028.069677][T21381] ? aa_sock_msg_perm+0x91/0x160 [ 1028.074633][T21381] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1028.079937][T21381] __sock_sendmsg+0x221/0x270 [ 1028.084634][T21381] ____sys_sendmsg+0x52a/0x7e0 [ 1028.089424][T21381] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1028.094732][T21381] __sys_sendmsg+0x292/0x380 [ 1028.099335][T21381] ? __pfx___sys_sendmsg+0x10/0x10 [ 1028.104555][T21381] ? __pfx_vfs_write+0x10/0x10 [ 1028.109445][T21381] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 1028.115799][T21381] ? do_syscall_64+0x100/0x230 [ 1028.120587][T21381] ? do_syscall_64+0xb6/0x230 [ 1028.125283][T21381] do_syscall_64+0xf3/0x230 [ 1028.129808][T21381] ? clear_bhb_loop+0x35/0x90 [ 1028.134504][T21381] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1028.140429][T21381] RIP: 0033:0x7f3e55f7def9 [ 1028.144856][T21381] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1028.164821][T21381] RSP: 002b:00007f3e56d81038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1028.173257][T21381] RAX: ffffffffffffffda RBX: 00007f3e56135f80 RCX: 00007f3e55f7def9 [ 1028.181251][T21381] RDX: 0000000000000000 RSI: 0000000020001080 RDI: 0000000000000003 [ 1028.189233][T21381] RBP: 00007f3e56d81090 R08: 0000000000000000 R09: 0000000000000000 [ 1028.197217][T21381] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1028.205196][T21381] R13: 0000000000000000 R14: 00007f3e56135f80 R15: 00007f3e5625fa28 [ 1028.213193][T21381] [ 1028.247068][T21343] netlink: 4096 bytes leftover after parsing attributes in process `syz.3.3455'. [ 1028.269040][T21343] openvswitch: netlink: Missing key (keys=400040, expected=200000) [ 1028.299198][T21343] netlink: 4096 bytes leftover after parsing attributes in process `syz.3.3455'. [ 1028.320775][T21343] openvswitch: netlink: Actions may not be safe on all matching packets [ 1028.915711][ T5305] usb 2-1: USB disconnect, device number 76 [ 1029.050780][T13690] usb 3-1: new high-speed USB device number 123 using dummy_hcd [ 1029.236989][T13690] usb 3-1: Using ep0 maxpacket: 8 [ 1029.267438][T13690] usb 3-1: config 168 descriptor has 1 excess byte, ignoring [ 1029.299905][T13690] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 1029.349230][T13690] usb 3-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 1029.435505][T13690] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 1029.456158][ T5305] usb 2-1: new high-speed USB device number 77 using dummy_hcd [ 1029.477336][T13690] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 1029.504826][T13690] usb 3-1: config 168 descriptor has 1 excess byte, ignoring [ 1029.588634][T13690] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 1029.615146][T13690] usb 3-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 1029.644285][T13690] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 1029.689990][ T5305] usb 2-1: Using ep0 maxpacket: 8 [ 1029.697181][T13690] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 1029.708747][ T5305] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 1029.740367][ T5305] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 1029.755102][ T51] usbhid 4-1:0.0: can't add hid device: -71 [ 1029.767851][T13690] usb 3-1: config 168 descriptor has 1 excess byte, ignoring [ 1029.778184][ T51] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 1029.799557][ T5305] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 1029.819242][T13690] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 1029.847907][ T51] usb 4-1: USB disconnect, device number 49 [ 1029.864248][ T5305] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1029.891310][T13690] usb 3-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 1029.908512][ T5305] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 1029.921169][T13690] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 1029.944495][ T5305] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1029.960285][T13690] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 1030.020221][T13690] usb 3-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 1030.055618][T13690] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1030.084746][T13690] usb 3-1: Product: syz [ 1030.094777][T13690] usb 3-1: Manufacturer: syz [ 1030.105012][T13690] usb 3-1: SerialNumber: syz [ 1030.177408][T21409] raw_sendmsg: syz.3.3470 forgot to set AF_INET. Fix it! [ 1030.196169][ T9] usb 5-1: new high-speed USB device number 114 using dummy_hcd [ 1030.216247][ T5305] usb 2-1: GET_CAPABILITIES returned 0 [ 1030.239364][ T5305] usbtmc 2-1:16.0: can't read capabilities [ 1030.351203][T13690] adutux 3-1:168.0: ADU100 now attached to /dev/usb/adutux1 [ 1030.376080][ T9] usb 5-1: Using ep0 maxpacket: 16 [ 1030.396016][ T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1030.435059][T13690] usb 3-1: USB disconnect, device number 123 [ 1030.479905][ T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1030.506471][ C1] usbtmc 2-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 1030.555410][ T9] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 1030.600330][T21416] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3471'. [ 1030.661589][ T9] usb 5-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 1030.731566][ T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1030.765651][ T9] usb 5-1: config 0 descriptor?? [ 1031.495284][T21408] netlink: 4096 bytes leftover after parsing attributes in process `syz.4.3469'. [ 1031.509580][T21408] openvswitch: netlink: Missing key (keys=400040, expected=200000) [ 1031.543441][T21408] netlink: 4096 bytes leftover after parsing attributes in process `syz.4.3469'. [ 1031.553124][T21408] openvswitch: netlink: Actions may not be safe on all matching packets [ 1031.758965][T21433] syz.3.3476 (21433): drop_caches: 2 [ 1031.776689][T21429] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1031.783716][T21429] team0: Device bond0 failed to register rx_handler [ 1031.966076][ T5299] usb 1-1: new high-speed USB device number 116 using dummy_hcd [ 1032.106479][ T5299] usb 1-1: device descriptor read/64, error -71 [ 1032.124343][ T8] usb 2-1: USB disconnect, device number 77 [ 1032.466176][ T5299] usb 1-1: new high-speed USB device number 117 using dummy_hcd [ 1032.586068][T13690] usb 3-1: new high-speed USB device number 124 using dummy_hcd [ 1032.600601][ T5299] usb 1-1: device descriptor read/64, error -71 [ 1032.717025][ T5299] usb usb1-port1: attempt power cycle [ 1032.756142][T13690] usb 3-1: Using ep0 maxpacket: 16 [ 1032.775353][T13690] usb 3-1: config 0 has an invalid interface number: 214 but max is 0 [ 1032.796579][ T9] usbhid 5-1:0.0: can't add hid device: -71 [ 1032.796590][ T51] usb 2-1: new high-speed USB device number 78 using dummy_hcd [ 1032.798786][T13690] usb 3-1: config 0 has no interface number 0 [ 1032.807365][ T9] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 1032.812551][T13690] usb 3-1: config 0 interface 214 altsetting 0 endpoint 0x83 has invalid maxpacket 1023, setting to 64 [ 1032.845523][T13690] usb 3-1: New USB device found, idVendor=0596, idProduct=0001, bcdDevice= 5.f5 [ 1032.865263][ T9] usb 5-1: USB disconnect, device number 114 [ 1032.872090][T13690] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1032.880783][T13690] usb 3-1: Product: syz [ 1032.885175][T13690] usb 3-1: Manufacturer: syz [ 1032.891077][T13690] usb 3-1: SerialNumber: syz [ 1032.898458][T13690] usb 3-1: config 0 descriptor?? [ 1032.946152][ T51] usb 2-1: Using ep0 maxpacket: 16 [ 1032.955383][ T51] usb 2-1: config 0 has an invalid interface number: 214 but max is 0 [ 1032.964716][ T51] usb 2-1: config 0 has no interface number 0 [ 1032.971601][ T51] usb 2-1: config 0 interface 214 altsetting 0 endpoint 0x83 has invalid maxpacket 1023, setting to 64 [ 1032.993508][ T51] usb 2-1: New USB device found, idVendor=0596, idProduct=0001, bcdDevice= 5.f5 [ 1033.014551][ T51] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1033.024923][ T51] usb 2-1: Product: syz [ 1033.029897][ T51] usb 2-1: Manufacturer: syz [ 1033.035219][ T51] usb 2-1: SerialNumber: syz [ 1033.057444][ T51] usb 2-1: config 0 descriptor?? [ 1033.066184][ T5299] usb 1-1: new high-speed USB device number 118 using dummy_hcd [ 1033.102021][ T5299] usb 1-1: device descriptor read/8, error -71 [ 1033.305986][ T9] usb 5-1: new high-speed USB device number 115 using dummy_hcd [ 1033.346782][ T5299] usb 1-1: new high-speed USB device number 119 using dummy_hcd [ 1033.387997][ T5299] usb 1-1: device descriptor read/8, error -71 [ 1033.456177][ T9] usb 5-1: Using ep0 maxpacket: 8 [ 1033.475715][ T9] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 1033.489441][ T9] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 1033.500219][ T5299] usb usb1-port1: unable to enumerate USB device [ 1033.508568][ T9] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 1033.524987][T13690] input: syz syz as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.214/input/input84 [ 1033.542718][ T9] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1033.598281][ T9] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 1033.616687][ T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1033.701780][ T51] input: syz syz as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.214/input/input85 [ 1033.734840][ T5299] usb 3-1: USB disconnect, device number 124 [ 1033.853593][ T9] usb 5-1: GET_CAPABILITIES returned 0 [ 1033.873296][ T9] usbtmc 5-1:16.0: can't read capabilities [ 1033.933678][ T51] usb 2-1: USB disconnect, device number 78 [ 1034.061636][ C1] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 1034.946816][ T2564] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1034.978605][T13690] usb 1-1: new high-speed USB device number 120 using dummy_hcd [ 1035.123900][ T2564] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1035.145362][T13690] usb 1-1: Using ep0 maxpacket: 8 [ 1035.153939][T13690] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1035.188845][T13690] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBE, changing to 0x8E [ 1035.212335][T21469] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 1035.212738][T13690] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8E has an invalid bInterval 0, changing to 7 [ 1035.270548][T13690] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0 [ 1035.305271][T13690] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 1035.353891][T13690] usb 1-1: New USB device found, idVendor=10c5, idProduct=819a, bcdDevice=e4.46 [ 1035.363637][T13690] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=35 [ 1035.365864][ T2564] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1035.387012][T13690] usb 1-1: Product: syz [ 1035.391254][T13690] usb 1-1: Manufacturer: syz [ 1035.409932][T13690] usb 1-1: SerialNumber: syz [ 1035.427148][T15594] usb 3-1: new high-speed USB device number 125 using dummy_hcd [ 1035.428700][T13690] usb 1-1: config 0 descriptor?? [ 1035.522037][ T2564] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1035.586845][T15594] usb 3-1: Using ep0 maxpacket: 32 [ 1035.593948][T15594] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 1035.617327][T15594] usb 3-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=a6.13 [ 1035.636902][T15594] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1035.661840][T15594] usb 3-1: Product: syz [ 1035.672669][T15594] usb 3-1: Manufacturer: syz [ 1035.703986][T15594] usb 3-1: SerialNumber: syz [ 1035.707049][T13690] radio-si470x 1-1:0.0: DeviceID=0x0000 ChipID=0x0000 [ 1035.726976][ T5233] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 1035.733604][T15594] usb 3-1: config 0 descriptor?? [ 1035.743891][ T5233] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 1035.752454][T15594] pvrusb2: Hardware description: Terratec Grabster AV400 [ 1035.761798][T13690] radio-si470x 1-1:0.0: This driver is known to work with firmware version 12, but the device has firmware version 0. [ 1035.779983][ T5233] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 1035.796350][ T5233] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 1035.804633][ T5233] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 1035.808437][T15594] pvrusb2: ********** [ 1035.818784][ T5233] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 1035.859744][T15594] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental. [ 1035.901834][T13690] radio-si470x 1-1:0.0: software version 0, hardware version 0 [ 1035.903996][T15594] pvrusb2: Important functionality might not be entirely working. [ 1035.915422][T13690] radio-si470x 1-1:0.0: This driver is known to work with hardware version 1, but the device has hardware version 0. [ 1035.946247][T13690] radio-si470x 1-1:0.0: If you have some trouble using this driver, please report to V4L ML at linux-media@vger.kernel.org [ 1035.963215][T21468] binder: 21466:21468 ioctl 400c620e 20000240 returned -22 [ 1035.983877][T15594] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver. [ 1036.036421][ T2564] bridge_slave_1: left allmulticast mode [ 1036.042153][ T2564] bridge_slave_1: left promiscuous mode [ 1036.048628][T15594] pvrusb2: ********** [ 1036.054430][ T2037] pvrusb2: Invalid write control endpoint [ 1036.069430][ T2564] bridge0: port 2(bridge_slave_1) entered disabled state [ 1036.072308][T15594] usb 5-1: USB disconnect, device number 115 [ 1036.110594][T13690] radio-si470x 1-1:0.0: submitting int urb failed (-90) [ 1036.126816][ T2564] bridge_slave_0: left allmulticast mode [ 1036.136006][ T2564] bridge_slave_0: left promiscuous mode [ 1036.141953][ T2564] bridge0: port 1(bridge_slave_0) entered disabled state [ 1036.224980][ T2037] pvrusb2: Invalid write control endpoint [ 1036.247521][ T2037] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work. [ 1036.264526][T21469] AppArmor: change_hat: Invalid input, NULL hat and NULL magic [ 1036.275369][ T8] usb 3-1: USB disconnect, device number 125 [ 1036.307211][ T2037] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device. [ 1036.339089][ T2037] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups. [ 1036.375113][ T2037] pvrusb2: Device being rendered inoperable [ 1036.387345][ T2037] cx25840 1-0044: Unable to detect h/w, assuming cx23887 [ 1036.398443][ T2037] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_b) [ 1036.423599][ T2037] pvrusb2: Attached sub-driver cx25840 [ 1036.429472][ T2037] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 1036.440154][ T2037] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 1036.490146][ T29] kauditd_printk_skb: 24 callbacks suppressed [ 1036.490167][ T29] audit: type=1326 audit(1727163033.785:487): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21478 comm="syz.1.3494" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f467837def9 code=0x7ffc0000 [ 1036.533051][ T29] audit: type=1326 audit(1727163033.785:488): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21478 comm="syz.1.3494" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f467837def9 code=0x7ffc0000 [ 1036.570496][ T29] audit: type=1326 audit(1727163033.815:489): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21478 comm="syz.1.3494" exe="/root/syz-executor" sig=0 arch=c000003e syscall=233 compat=0 ip=0x7f467837def9 code=0x7ffc0000 [ 1036.603705][ T29] audit: type=1326 audit(1727163033.815:490): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21478 comm="syz.1.3494" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f467837def9 code=0x7ffc0000 [ 1036.647500][ T29] audit: type=1326 audit(1727163033.815:491): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21478 comm="syz.1.3494" exe="/root/syz-executor" sig=0 arch=c000003e syscall=87 compat=0 ip=0x7f467837def9 code=0x7ffc0000 [ 1036.680309][ T29] audit: type=1326 audit(1727163033.815:492): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21478 comm="syz.1.3494" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f467837def9 code=0x7ffc0000 [ 1036.709091][ T29] audit: type=1326 audit(1727163033.815:493): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21478 comm="syz.1.3494" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f467837def9 code=0x7ffc0000 [ 1036.732846][ T29] audit: type=1326 audit(1727163033.815:494): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21478 comm="syz.1.3494" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f467837def9 code=0x7ffc0000 [ 1036.758026][ T29] audit: type=1326 audit(1727163033.815:495): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21478 comm="syz.1.3494" exe="/root/syz-executor" sig=0 arch=c000003e syscall=272 compat=0 ip=0x7f467837def9 code=0x7ffc0000 [ 1036.781109][ T29] audit: type=1326 audit(1727163033.815:496): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21478 comm="syz.1.3494" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f467837def9 code=0x7ffc0000 [ 1036.947193][T13690] radio-si470x 1-1:0.0: si470x_get_report: usb_control_msg returned -32 [ 1036.963665][T13690] radio-si470x 1-1:0.0: probe with driver radio-si470x failed with error -22 [ 1037.171173][ T2564] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1037.186251][ T8] usb 3-1: new high-speed USB device number 126 using dummy_hcd [ 1037.204325][ T2564] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1037.209253][ T5305] usb 1-1: USB disconnect, device number 120 [ 1037.234267][ T2564] bond0 (unregistering): Released all slaves [ 1037.350820][ T8] usb 3-1: device descriptor read/64, error -71 [ 1037.606099][ T8] usb 3-1: new high-speed USB device number 127 using dummy_hcd [ 1037.783782][T21473] chnl_net:caif_netlink_parms(): no params data found [ 1037.796103][ T8] usb 3-1: device descriptor read/64, error -71 [ 1037.887360][ T5233] Bluetooth: hci4: command tx timeout [ 1037.916853][ T8] usb usb3-port1: attempt power cycle [ 1037.954718][ T2564] hsr_slave_0: left promiscuous mode [ 1037.961904][ T2564] hsr_slave_1: left promiscuous mode [ 1037.975160][ T2564] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1037.996264][ T9] usb 5-1: new high-speed USB device number 116 using dummy_hcd [ 1037.999693][ T2564] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1038.015309][ T2564] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1038.024411][ T2564] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1038.060792][ T2564] veth1_macvtap: left promiscuous mode [ 1038.066657][ T2564] veth0_macvtap: left promiscuous mode [ 1038.075220][ T2564] veth1_vlan: left promiscuous mode [ 1038.092475][ T2564] veth0_vlan: left promiscuous mode [ 1038.176072][ T9] usb 5-1: device descriptor read/64, error -71 [ 1038.287123][ T8] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 1038.327146][ T8] usb 3-1: device descriptor read/8, error -71 [ 1038.451009][ T9] usb 5-1: new high-speed USB device number 117 using dummy_hcd [ 1038.606924][ T8] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 1038.614732][ T9] usb 5-1: device descriptor read/64, error -71 [ 1038.627449][ T8] usb 3-1: device descriptor read/8, error -71 [ 1038.726552][ T9] usb usb5-port1: attempt power cycle [ 1038.756297][ T8] usb usb3-port1: unable to enumerate USB device [ 1038.836056][ T1171] usb 2-1: new high-speed USB device number 79 using dummy_hcd [ 1038.983955][ T2564] team0 (unregistering): Port device team_slave_1 removed [ 1038.996230][ T1171] usb 2-1: Using ep0 maxpacket: 16 [ 1039.016172][ T1171] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1039.032534][ T1171] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1039.048069][ T1171] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 1039.063396][ T1171] usb 2-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice= 0.00 [ 1039.072977][ T1171] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1039.092475][ T1171] usb 2-1: config 0 descriptor?? [ 1039.097723][ T9] usb 5-1: new high-speed USB device number 118 using dummy_hcd [ 1039.118941][ T2564] team0 (unregistering): Port device team_slave_0 removed [ 1039.136769][ T9] usb 5-1: device descriptor read/8, error -71 [ 1039.379655][ T9] usb 5-1: new high-speed USB device number 119 using dummy_hcd [ 1039.407089][ T9] usb 5-1: device descriptor read/8, error -71 [ 1039.537529][ T9] usb usb5-port1: unable to enumerate USB device [ 1039.587276][ T1171] input: HID 0955:7214 Haptics as /devices/virtual/input/input86 [ 1039.652889][ T1171] shield 0003:0955:7214.0033: Registered Thunderstrike controller [ 1039.684123][ T1171] shield 0003:0955:7214.0033: : USB HID v0.00 Device [HID 0955:7214] on usb-dummy_hcd.1-1/input0 [ 1039.744542][T21518] random: crng reseeded on system resumption [ 1039.966275][ T5233] Bluetooth: hci4: command tx timeout [ 1040.168918][ T1171] shield 0003:0955:7214.0033: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO [ 1040.169379][ T5299] usb 2-1: USB disconnect, device number 79 [ 1040.201837][ T1171] shield 0003:0955:7214.0033: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV [ 1040.227550][ T1171] shield 0003:0955:7214.0033: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV [ 1040.246190][ T1171] shield 0003:0955:7214.0033: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV [ 1040.286810][T21510] netlink: 60 bytes leftover after parsing attributes in process `syz.0.3500'. [ 1040.429627][T21524] netlink: 'syz.2.3504': attribute type 12 has an invalid length. [ 1040.452171][T21473] bridge0: port 1(bridge_slave_0) entered blocking state [ 1040.461026][T21473] bridge0: port 1(bridge_slave_0) entered disabled state [ 1040.468961][T21473] bridge_slave_0: entered allmulticast mode [ 1040.482933][T21473] bridge_slave_0: entered promiscuous mode [ 1040.534083][T21473] bridge0: port 2(bridge_slave_1) entered blocking state [ 1040.589119][T21473] bridge0: port 2(bridge_slave_1) entered disabled state [ 1040.605788][T21473] bridge_slave_1: entered allmulticast mode [ 1040.647556][T21473] bridge_slave_1: entered promiscuous mode [ 1040.801674][T21473] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1040.836459][T21473] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1041.001020][T21473] team0: Port device team_slave_0 added [ 1041.047532][T21473] team0: Port device team_slave_1 added [ 1041.191000][T21473] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1041.198380][T21473] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1041.224926][T21473] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1041.247478][T21473] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1041.256135][T21473] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1041.282322][T21473] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1041.301568][T21557] pim6reg: entered allmulticast mode [ 1041.358245][T21560] pim6reg: left allmulticast mode [ 1041.436140][ T5299] usb 2-1: new high-speed USB device number 80 using dummy_hcd [ 1041.461293][T21473] hsr_slave_0: entered promiscuous mode [ 1041.491727][T21473] hsr_slave_1: entered promiscuous mode [ 1041.509649][T21473] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1041.531321][T21473] Cannot create hsr debugfs directory [ 1041.586238][ T5299] usb 2-1: Using ep0 maxpacket: 8 [ 1041.600738][ T5299] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1041.611805][ T5299] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBE, changing to 0x8E [ 1041.644534][ T5299] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8E has an invalid bInterval 0, changing to 7 [ 1041.692888][ T5299] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0 [ 1041.736527][ T5299] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 1041.771620][ T5299] usb 2-1: New USB device found, idVendor=10c5, idProduct=819a, bcdDevice=e4.46 [ 1041.786063][ T5299] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=35 [ 1041.819785][ T5299] usb 2-1: Product: syz [ 1041.828590][ T5299] usb 2-1: Manufacturer: syz [ 1041.839229][ T5299] usb 2-1: SerialNumber: syz [ 1041.853110][ T5299] usb 2-1: config 0 descriptor?? [ 1042.046196][ T5233] Bluetooth: hci4: command tx timeout [ 1042.086145][T15594] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 1042.099496][ T5299] radio-si470x 2-1:0.0: DeviceID=0x0000 ChipID=0x0000 [ 1042.115982][ T5299] radio-si470x 2-1:0.0: This driver is known to work with firmware version 12, but the device has firmware version 0. [ 1042.246309][T15594] usb 3-1: Using ep0 maxpacket: 8 [ 1042.263683][T15594] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1042.289853][ T5299] radio-si470x 2-1:0.0: software version 0, hardware version 0 [ 1042.292986][T15594] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBE, changing to 0x8E [ 1042.312019][ T5299] radio-si470x 2-1:0.0: This driver is known to work with hardware version 1, but the device has hardware version 0. [ 1042.318443][T15594] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8E has an invalid bInterval 0, changing to 7 [ 1042.329706][ T5299] radio-si470x 2-1:0.0: If you have some trouble using this driver, please report to V4L ML at linux-media@vger.kernel.org [ 1042.344999][T15594] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0 [ 1042.375085][T15594] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 1042.442066][T15594] usb 3-1: New USB device found, idVendor=10c5, idProduct=819a, bcdDevice=e4.46 [ 1042.455724][T15594] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=35 [ 1042.463975][T15594] usb 3-1: Product: syz [ 1042.468344][T15594] usb 3-1: Manufacturer: syz [ 1042.473000][T15594] usb 3-1: SerialNumber: syz [ 1042.484714][T15594] usb 3-1: config 0 descriptor?? [ 1042.489984][ T5299] radio-si470x 2-1:0.0: submitting int urb failed (-90) [ 1042.596125][T13690] usb 5-1: new high-speed USB device number 120 using dummy_hcd [ 1042.723864][T15594] radio-si470x 3-1:0.0: DeviceID=0x0000 ChipID=0x0000 [ 1042.738174][T13690] usb 5-1: device descriptor read/64, error -71 [ 1042.739844][T15594] radio-si470x 3-1:0.0: This driver is known to work with firmware version 12, but the device has firmware version 0. [ 1042.864867][T21473] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 1042.891497][T21473] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 1042.915181][T21473] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 1042.938113][T15594] radio-si470x 3-1:0.0: software version 0, hardware version 0 [ 1042.942564][T21473] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 1042.961816][T15594] radio-si470x 3-1:0.0: This driver is known to work with hardware version 1, but the device has hardware version 0. [ 1042.989900][T13690] usb 5-1: new high-speed USB device number 121 using dummy_hcd [ 1042.994992][T15594] radio-si470x 3-1:0.0: If you have some trouble using this driver, please report to V4L ML at linux-media@vger.kernel.org [ 1043.138357][T15594] radio-si470x 3-1:0.0: submitting int urb failed (-90) [ 1043.149442][T13690] usb 5-1: device descriptor read/64, error -71 [ 1043.205653][T21473] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1043.254462][T21473] 8021q: adding VLAN 0 to HW filter on device team0 [ 1043.262387][T13690] usb usb5-port1: attempt power cycle [ 1043.298433][ T2513] bridge0: port 1(bridge_slave_0) entered blocking state [ 1043.305761][ T2513] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1043.314517][ T5299] radio-si470x 2-1:0.0: si470x_get_report: usb_control_msg returned -32 [ 1043.333732][ T5299] radio-si470x 2-1:0.0: probe with driver radio-si470x failed with error -22 [ 1043.344363][ T2513] bridge0: port 2(bridge_slave_1) entered blocking state [ 1043.344472][ T2513] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1043.468189][ T9] usb 1-1: new high-speed USB device number 121 using dummy_hcd [ 1043.488187][T21473] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1043.543043][T21473] veth0_vlan: entered promiscuous mode [ 1043.556895][T21473] veth1_vlan: entered promiscuous mode [ 1043.588191][ T5299] usb 2-1: USB disconnect, device number 80 [ 1043.636515][T13690] usb 5-1: new high-speed USB device number 122 using dummy_hcd [ 1043.649340][T21473] veth0_macvtap: entered promiscuous mode [ 1043.661975][T21473] veth1_macvtap: entered promiscuous mode [ 1043.668878][T13690] usb 5-1: device descriptor read/8, error -71 [ 1043.692122][T21473] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1043.698276][ T9] usb 1-1: config 0 has an invalid interface number: 21 but max is 0 [ 1043.703140][T21473] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1043.722142][ T9] usb 1-1: config 0 has no interface number 0 [ 1043.731987][T21473] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1043.738493][ T9] usb 1-1: New USB device found, idVendor=0451, idProduct=8140, bcdDevice=70.51 [ 1043.752457][T21473] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1043.762722][ T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1043.773796][T21473] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1043.775947][ T9] usb 1-1: Product: syz [ 1043.786787][T21473] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1043.800477][T21473] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1043.813001][T21473] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1043.822004][ T9] usb 1-1: Manufacturer: syz [ 1043.823229][T21473] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1043.838256][ T9] usb 1-1: SerialNumber: syz [ 1043.853634][T21473] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1043.859609][ T9] usb 1-1: config 0 descriptor?? [ 1043.873519][ T9] hub 1-1:0.21: bad descriptor, ignoring hub [ 1043.877279][T21473] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1043.890057][ T9] hub 1-1:0.21: probe with driver hub failed with error -5 [ 1043.908275][T21473] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1043.926666][T13690] usb 5-1: new high-speed USB device number 123 using dummy_hcd [ 1043.947012][T21473] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1043.965321][T13690] usb 5-1: device descriptor read/8, error -71 [ 1043.981493][T15594] radio-si470x 3-1:0.0: si470x_get_report: usb_control_msg returned -32 [ 1043.989765][T21473] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1044.008054][T21473] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1044.015545][T15594] radio-si470x 3-1:0.0: probe with driver radio-si470x failed with error -22 [ 1044.025343][T21473] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1044.044979][T21473] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1044.055146][T21473] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1044.066719][T21473] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1044.080447][T21473] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1044.103084][T13690] usb usb5-port1: unable to enumerate USB device [ 1044.116763][T21473] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1044.127385][ T5233] Bluetooth: hci3: command 0x0c1a tx timeout [ 1044.127393][ T5237] Bluetooth: hci4: command tx timeout [ 1044.164203][T21473] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1044.196636][T21473] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1044.209553][ T5305] usb 1-1: USB disconnect, device number 121 [ 1044.246077][T21473] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1044.266064][T21473] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1044.294074][T21473] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1044.309977][T21619] FAULT_INJECTION: forcing a failure. [ 1044.309977][T21619] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1044.314156][ T9] usb 3-1: USB disconnect, device number 4 [ 1044.336907][T21473] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1044.359722][T21473] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1044.384094][T21473] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1044.402152][T21619] CPU: 1 UID: 0 PID: 21619 Comm: syz.1.3519 Not tainted 6.11.0-syzkaller-09959-gabf2050f51fd #0 [ 1044.412650][T21619] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 1044.422760][T21619] Call Trace: [ 1044.426080][T21619] [ 1044.429054][T21619] dump_stack_lvl+0x241/0x360 [ 1044.433799][T21619] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1044.439068][T21619] ? __pfx__printk+0x10/0x10 [ 1044.443896][T21619] ? __pfx_lock_release+0x10/0x10 [ 1044.448993][T21619] should_fail_ex+0x3b0/0x4e0 [ 1044.453740][T21619] _copy_from_user+0x2f/0xe0 [ 1044.458386][T21619] copy_msghdr_from_user+0xae/0x680 [ 1044.463654][T21619] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 1044.469633][T21619] __sys_sendmsg+0x22d/0x380 [ 1044.474298][T21619] ? __pfx___sys_sendmsg+0x10/0x10 [ 1044.479494][T21619] ? __pfx_vfs_write+0x10/0x10 [ 1044.484356][T21619] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 1044.490763][T21619] ? do_syscall_64+0x100/0x230 [ 1044.495602][T21619] ? do_syscall_64+0xb6/0x230 [ 1044.500360][T21619] do_syscall_64+0xf3/0x230 [ 1044.505018][T21619] ? clear_bhb_loop+0x35/0x90 [ 1044.509760][T21619] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1044.515714][T21619] RIP: 0033:0x7f467837def9 [ 1044.520172][T21619] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1044.539826][T21619] RSP: 002b:00007f4679097038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1044.548382][T21619] RAX: ffffffffffffffda RBX: 00007f4678535f80 RCX: 00007f467837def9 [ 1044.556615][T21619] RDX: 0000000000000000 RSI: 0000000020000f00 RDI: 0000000000000003 [ 1044.564650][T21619] RBP: 00007f4679097090 R08: 0000000000000000 R09: 0000000000000000 [ 1044.572755][T21619] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1044.580778][T21619] R13: 0000000000000000 R14: 00007f4678535f80 R15: 00007f467865fa28 [ 1044.589090][T21619] [ 1044.593137][T21473] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1044.705760][ T29] kauditd_printk_skb: 20 callbacks suppressed [ 1044.705781][ T29] audit: type=1326 audit(1727163041.995:517): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21628 comm="syz.1.3520" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f467837def9 code=0x7ffc0000 [ 1044.800873][ T3054] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1044.818703][ T29] audit: type=1326 audit(1727163042.035:518): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21628 comm="syz.1.3520" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f467837def9 code=0x7ffc0000 [ 1044.858956][ T3054] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1044.874501][ T29] audit: type=1326 audit(1727163042.035:519): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21628 comm="syz.1.3520" exe="/root/syz-executor" sig=0 arch=c000003e syscall=233 compat=0 ip=0x7f467837def9 code=0x7ffc0000 [ 1044.897719][ T29] audit: type=1326 audit(1727163042.035:520): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21628 comm="syz.1.3520" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f467837def9 code=0x7ffc0000 [ 1044.973280][T14242] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1044.992092][ T29] audit: type=1326 audit(1727163042.035:521): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21628 comm="syz.1.3520" exe="/root/syz-executor" sig=0 arch=c000003e syscall=87 compat=0 ip=0x7f467837def9 code=0x7ffc0000 [ 1045.011302][T14242] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1045.014372][ C0] vkms_vblank_simulate: vblank timer overrun [ 1045.015476][ T29] audit: type=1326 audit(1727163042.035:522): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21628 comm="syz.1.3520" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f467837def9 code=0x7ffc0000 [ 1045.051052][ T29] audit: type=1326 audit(1727163042.035:523): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21628 comm="syz.1.3520" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f467837def9 code=0x7ffc0000 [ 1045.073694][ T29] audit: type=1326 audit(1727163042.035:524): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21628 comm="syz.1.3520" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f467837def9 code=0x7ffc0000 [ 1045.096050][ C0] vkms_vblank_simulate: vblank timer overrun [ 1045.102750][ T29] audit: type=1326 audit(1727163042.035:525): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21628 comm="syz.1.3520" exe="/root/syz-executor" sig=0 arch=c000003e syscall=272 compat=0 ip=0x7f467837def9 code=0x7ffc0000 [ 1045.125775][ T29] audit: type=1326 audit(1727163042.035:526): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21628 comm="syz.1.3520" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f467837def9 code=0x7ffc0000 [ 1045.148123][ C0] vkms_vblank_simulate: vblank timer overrun [ 1045.744760][T21658] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 1046.026410][T13690] usb 4-1: new full-speed USB device number 50 using dummy_hcd [ 1046.170983][T21675] syz.1.3528 (21675): drop_caches: 2 [ 1046.226376][T13690] usb 4-1: config 0 has an invalid interface number: 82 but max is 0 [ 1046.235269][T13690] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1046.276894][T13690] usb 4-1: config 0 has no interface number 0 [ 1046.283062][T13690] usb 4-1: config 0 interface 82 altsetting 0 has an endpoint descriptor with address 0x68, changing to 0x8 [ 1046.351142][T13690] usb 4-1: config 0 interface 82 altsetting 0 endpoint 0x8 has invalid wMaxPacketSize 0 [ 1046.363962][T21690] fuse: Bad value for 'user_id' [ 1046.376947][T21690] fuse: Bad value for 'user_id' [ 1046.399339][T13690] usb 4-1: config 0 interface 82 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1046.442461][T21694] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3535'. [ 1046.468120][T13690] usb 4-1: New USB device found, idVendor=0506, idProduct=11f8, bcdDevice=b6.28 [ 1046.496348][T13690] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1046.525108][T13690] usb 4-1: Product: syz [ 1046.545513][T13690] usb 4-1: Manufacturer: syz [ 1046.562601][T13690] usb 4-1: SerialNumber: syz [ 1046.584305][T13690] usb 4-1: config 0 descriptor?? [ 1046.691923][T21706] FAULT_INJECTION: forcing a failure. [ 1046.691923][T21706] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1046.712408][T21706] CPU: 0 UID: 0 PID: 21706 Comm: syz.1.3536 Not tainted 6.11.0-syzkaller-09959-gabf2050f51fd #0 [ 1046.722898][T21706] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 1046.733096][T21706] Call Trace: [ 1046.736500][T21706] [ 1046.739470][T21706] dump_stack_lvl+0x241/0x360 [ 1046.744210][T21706] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1046.749516][T21706] ? __pfx__printk+0x10/0x10 [ 1046.754171][T21706] ? snprintf+0xda/0x120 [ 1046.758462][T21706] should_fail_ex+0x3b0/0x4e0 [ 1046.763195][T21706] _copy_to_user+0x2f/0xb0 [ 1046.767657][T21706] simple_read_from_buffer+0xca/0x150 [ 1046.773098][T21706] proc_fail_nth_read+0x1e9/0x250 [ 1046.778177][T21706] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1046.783766][T21706] ? rw_verify_area+0x55e/0x6f0 [ 1046.788719][T21706] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1046.794312][T21706] vfs_read+0x201/0xbc0 [ 1046.798510][T21706] ? __pfx_lock_release+0x10/0x10 [ 1046.803574][T21706] ? __pfx_vfs_read+0x10/0x10 [ 1046.808299][T21706] ? __fget_files+0x3f3/0x470 [ 1046.813040][T21706] ? fdget_pos+0x24e/0x320 [ 1046.817537][T21706] ksys_read+0x183/0x2b0 [ 1046.821832][T21706] ? __pfx_ksys_read+0x10/0x10 [ 1046.826647][T21706] ? do_syscall_64+0x100/0x230 [ 1046.831461][T21706] ? do_syscall_64+0xb6/0x230 [ 1046.836198][T21706] do_syscall_64+0xf3/0x230 [ 1046.840749][T21706] ? clear_bhb_loop+0x35/0x90 [ 1046.845465][T21706] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1046.851404][T21706] RIP: 0033:0x7f467837c93c [ 1046.855843][T21706] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 8e 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf 8e 02 00 48 [ 1046.875492][T21706] RSP: 002b:00007f4677dff030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1046.883955][T21706] RAX: ffffffffffffffda RBX: 00007f4678536058 RCX: 00007f467837c93c [ 1046.891962][T21706] RDX: 000000000000000f RSI: 00007f4677dff0a0 RDI: 0000000000000005 [ 1046.899965][T21706] RBP: 00007f4677dff090 R08: 0000000000000000 R09: 0000000000000000 [ 1046.908478][T21706] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1046.916496][T21706] R13: 0000000000000000 R14: 00007f4678536058 R15: 00007f467865fa28 [ 1046.924508][T21706] [ 1046.927639][ C0] vkms_vblank_simulate: vblank timer overrun [ 1047.039230][T13690] kaweth 4-1:0.82: Firmware present in device. [ 1047.174932][T21695] syz.2.3534 (21695): drop_caches: 2 [ 1047.222905][T13690] kaweth 4-1:0.82: Error reading configuration (-71), no net device created [ 1047.269129][T13690] kaweth 4-1:0.82: probe with driver kaweth failed with error -5 [ 1047.298339][T13690] usb 4-1: USB disconnect, device number 50 [ 1047.631296][T21727] tipc: Enabling of bearer rejected, failed to enable media [ 1048.139852][T21754] netlink: 176 bytes leftover after parsing attributes in process `syz.0.3548'. [ 1048.216362][T21757] netlink: 104 bytes leftover after parsing attributes in process `syz.1.3550'. [ 1048.347643][T21755] syz.3.3547 (21755): drop_caches: 2 [ 1048.536115][ T1171] usb 5-1: new high-speed USB device number 124 using dummy_hcd [ 1048.733142][ T1171] usb 5-1: Using ep0 maxpacket: 32 [ 1048.798812][ T1171] usb 5-1: New USB device found, idVendor=0b89, idProduct=0007, bcdDevice=ef.64 [ 1048.841771][ T1171] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1048.899968][ T1171] usb 5-1: config 0 descriptor?? [ 1048.948305][ T1171] as10x_usb: device has been detected [ 1048.965195][ T1171] dvbdev: DVB: registering new adapter (nBox DVB-T Dongle) [ 1049.040753][ T1171] usb 5-1: DVB: registering adapter 1 frontend 0 (nBox DVB-T Dongle)... [ 1049.057961][T21782] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(10) [ 1049.064640][T21782] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 1049.098909][T21782] vhci_hcd vhci_hcd.0: Device attached [ 1049.183945][ T1171] as10x_usb: error during firmware upload part1 [ 1049.251842][ T1171] Registered device nBox DVB-T Dongle [ 1049.256906][ T1171] usb 5-1: USB disconnect, device number 124 [ 1049.356083][ T8] usb 15-1: new high-speed USB device number 2 using vhci_hcd [ 1049.365248][ T1171] Unregistered device nBox DVB-T Dongle [ 1049.375736][ T1171] as10x_usb: device has been disconnected [ 1049.560114][T21785] vhci_hcd: connection reset by peer [ 1049.592486][ T3054] vhci_hcd: stop threads [ 1049.605224][ T3054] vhci_hcd: release socket [ 1049.630330][ T3054] vhci_hcd: disconnect device [ 1049.746085][ T1171] usb 5-1: new high-speed USB device number 125 using dummy_hcd [ 1049.883313][ T1845] IPVS: starting estimator thread 0... [ 1049.916028][ T1171] usb 5-1: Using ep0 maxpacket: 32 [ 1049.928161][ T1171] usb 5-1: New USB device found, idVendor=0b89, idProduct=0007, bcdDevice=ef.64 [ 1049.960976][ T1171] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1049.986199][T21809] IPVS: using max 18 ests per chain, 43200 per kthread [ 1050.000088][ T1171] usb 5-1: config 0 descriptor?? [ 1050.041017][ T1171] as10x_usb: device has been detected [ 1050.066365][ T1171] dvbdev: DVB: registering new adapter (nBox DVB-T Dongle) [ 1050.104380][ T1171] usb 5-1: DVB: registering adapter 1 frontend 0 (nBox DVB-T Dongle)... [ 1050.143411][ T1171] as10x_usb: error during firmware upload part1 [ 1050.150811][ T1171] Registered device nBox DVB-T Dongle [ 1050.736531][T15594] usb 2-1: new full-speed USB device number 81 using dummy_hcd [ 1050.856268][ T1845] usb 4-1: new high-speed USB device number 51 using dummy_hcd [ 1050.910027][T15594] usb 2-1: unable to get BOS descriptor or descriptor too short [ 1050.932334][T15594] usb 2-1: not running at top speed; connect to a high speed hub [ 1050.948211][T15594] usb 2-1: config 1 has an invalid interface number: 226 but max is 0 [ 1050.962487][T15594] usb 2-1: config 1 has no interface number 0 [ 1050.970885][T15594] usb 2-1: config 1 interface 226 has no altsetting 0 [ 1050.981111][T15594] usb 2-1: New USB device found, idVendor=05ac, idProduct=0245, bcdDevice=8e.3d [ 1051.002668][T15594] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1051.022257][T15594] usb 2-1: Product: syz [ 1051.029456][T15594] usb 2-1: Manufacturer: syz [ 1051.030620][ T1845] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1051.034287][T15594] usb 2-1: SerialNumber: syz [ 1051.082843][ T1845] usb 4-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 1051.102641][ T1845] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1051.122305][ T1845] usb 4-1: config 0 descriptor?? [ 1051.139396][ T1845] pwc: Askey VC010 type 2 USB webcam detected. [ 1051.336344][T21836] netlink: 'syz.2.3568': attribute type 4 has an invalid length. [ 1051.349837][ T1845] pwc: send_video_command error -71 [ 1051.390486][ T1845] pwc: Failed to set video mode CIF@30 fps; return code = -71 [ 1051.412012][ T1845] Philips webcam 4-1:0.0: probe with driver Philips webcam failed with error -71 [ 1051.444958][ T1845] usb 4-1: USB disconnect, device number 51 [ 1051.636079][ T51] usb 1-1: new high-speed USB device number 122 using dummy_hcd [ 1051.745060][ T1845] usb 4-1: new high-speed USB device number 52 using dummy_hcd [ 1051.787549][ T51] usb 1-1: Using ep0 maxpacket: 32 [ 1051.820306][ T1171] usb 5-1: USB disconnect, device number 125 [ 1051.827707][ T51] usb 1-1: config 0 has an invalid interface number: 37 but max is 1 [ 1051.835843][ T51] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1051.863843][ T51] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 1051.880593][ T51] usb 1-1: config 0 has no interface number 0 [ 1051.891222][ T51] usb 1-1: New USB device found, idVendor=03f0, idProduct=581d, bcdDevice=20.a3 [ 1051.903681][ T51] usb 1-1: New USB device strings: Mfr=1, Product=34, SerialNumber=3 [ 1051.912413][ T1845] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1051.937447][ T1171] Unregistered device nBox DVB-T Dongle [ 1051.941321][ T51] usb 1-1: Product: syz [ 1051.942853][ T1171] as10x_usb: device has been disconnected [ 1051.947525][ T1845] usb 4-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 1051.982410][ T51] usb 1-1: Manufacturer: syz [ 1051.996187][ T51] usb 1-1: SerialNumber: syz [ 1052.016535][ T51] usb 1-1: config 0 descriptor?? [ 1052.028124][ T1845] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1052.065051][T15594] input: bcm5974 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.226/input/input88 [ 1052.097341][ T1845] usb 4-1: config 0 descriptor?? [ 1052.117908][ T1845] pwc: Askey VC010 type 2 USB webcam detected. [ 1052.120004][ T4667] bcm5974 2-1:1.226: could not read from device [ 1052.183381][T15594] usb 2-1: USB disconnect, device number 81 [ 1052.193619][ T4667] bcm5974 2-1:1.226: could not read from device [ 1052.232700][T21838] netlink: 72 bytes leftover after parsing attributes in process `syz.0.3569'. [ 1052.259768][T21838] netlink: 72 bytes leftover after parsing attributes in process `syz.0.3569'. [ 1052.294806][ T5304] udevd[5304]: Error opening device "/dev/input/event4": No such file or directory [ 1052.321123][ T1845] pwc: recv_control_msg error -32 req 02 val 2b00 [ 1052.324417][ T12] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1052.341139][ T51] usb 1-1: USB disconnect, device number 122 [ 1052.346085][ T5304] udevd[5304]: Unable to EVIOCGABS device "/dev/input/event4" [ 1052.365817][ T5304] udevd[5304]: Unable to EVIOCGABS device "/dev/input/event4" [ 1052.400789][ T5304] udevd[5304]: Unable to EVIOCGABS device "/dev/input/event4" [ 1052.412683][ T5304] udevd[5304]: Unable to EVIOCGABS device "/dev/input/event4" [ 1052.577723][ T12] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1052.597275][ T1845] pwc: recv_control_msg error -71 req 02 val 2700 [ 1052.617904][T15594] usb 2-1: new high-speed USB device number 82 using dummy_hcd [ 1052.619472][ T1845] pwc: recv_control_msg error -71 req 02 val 2c00 [ 1052.637007][ T1845] pwc: recv_control_msg error -71 req 04 val 1000 [ 1052.637389][ T1845] pwc: recv_control_msg error -71 req 04 val 1300 [ 1052.678105][ T1845] pwc: recv_control_msg error -71 req 04 val 1400 [ 1052.691138][ T1845] pwc: recv_control_msg error -71 req 02 val 2000 [ 1052.698480][ T1845] pwc: recv_control_msg error -71 req 02 val 2100 [ 1052.705400][ T1845] pwc: recv_control_msg error -71 req 04 val 1500 [ 1052.728399][T13690] usb 5-1: new high-speed USB device number 126 using dummy_hcd [ 1052.748322][ T1845] pwc: recv_control_msg error -71 req 02 val 2500 [ 1052.767788][ T1845] pwc: recv_control_msg error -71 req 02 val 2400 [ 1052.775427][ T1845] pwc: recv_control_msg error -71 req 02 val 2600 [ 1052.782743][ T1845] pwc: recv_control_msg error -71 req 02 val 2900 [ 1052.791249][ T1845] pwc: recv_control_msg error -71 req 02 val 2800 [ 1052.801119][ T12] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1052.819503][ T5233] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 1052.831465][ T5233] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 1052.840842][ T5233] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 1052.850779][ T5233] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 1052.861511][ T5233] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 1052.869057][ T5233] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 1052.869452][ T1845] pwc: recv_control_msg error -71 req 04 val 1100 [ 1052.878149][T15594] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 1052.887807][ T1845] pwc: recv_control_msg error -71 req 04 val 1200 [ 1052.903563][T15594] usb 2-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 1052.916085][T13690] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 1052.918285][T15594] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 1052.939682][T13690] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 1052.949473][T15594] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1052.960184][ T1845] pwc: Registered as video71. [ 1052.996105][T21845] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 1053.012691][ T1845] input: PWC snapshot button as /devices/platform/dummy_hcd.3/usb4/4-1/input/input89 [ 1053.026139][T13690] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 1053.036873][T13690] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1053.049192][ T1845] usb 4-1: USB disconnect, device number 52 [ 1053.068685][T21848] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22 [ 1053.117107][T13690] usb 5-1: Quirk or no altset; falling back to MIDI 1.0 [ 1053.180102][ T12] team0: Port device netdevsim0 removed [ 1053.213218][ T12] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1053.217636][T15594] usb 2-1: Quirk or no altset; falling back to MIDI 1.0 [ 1053.337455][T15594] usb 5-1: USB disconnect, device number 126 [ 1053.430528][ T9] usb 2-1: USB disconnect, device number 82 [ 1053.505168][T21862] syzkaller0: entered promiscuous mode [ 1053.513955][T21862] syzkaller0: entered allmulticast mode [ 1054.241919][T21876] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(3) [ 1054.248572][T21876] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 1054.258761][ T9] usb 5-1: new high-speed USB device number 127 using dummy_hcd [ 1054.279197][T21876] vhci_hcd vhci_hcd.0: Device attached [ 1054.300965][T21879] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(5) [ 1054.307547][T21879] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 1054.316201][T21879] vhci_hcd vhci_hcd.0: Device attached [ 1054.363954][T21880] vhci_hcd: connection closed [ 1054.364299][ T3054] vhci_hcd: stop threads [ 1054.374233][T21877] vhci_hcd: connection closed [ 1054.385443][ T3054] vhci_hcd: release socket [ 1054.407363][ T3054] vhci_hcd: disconnect device [ 1054.425995][ T9] usb 5-1: Using ep0 maxpacket: 32 [ 1054.431429][ T3054] vhci_hcd: stop threads [ 1054.437720][ T3054] vhci_hcd: release socket [ 1054.443863][ T3054] vhci_hcd: disconnect device [ 1054.458774][ T9] usb 5-1: config 0 has no interfaces? [ 1054.466740][T15594] vhci_hcd: vhci_device speed not set [ 1054.486537][ T9] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 1054.495941][ T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1054.504472][ T9] usb 5-1: Product: syz [ 1054.517131][ T9] usb 5-1: Manufacturer: syz [ 1054.521973][ T9] usb 5-1: SerialNumber: syz [ 1054.536435][ T8] vhci_hcd: vhci_device speed not set [ 1054.547535][ T9] usb 5-1: config 0 descriptor?? [ 1054.612301][ T1266] ieee802154 phy0 wpan0: encryption failed: -22 [ 1054.618917][ T1266] ieee802154 phy1 wpan1: encryption failed: -22 [ 1055.007563][ T5233] Bluetooth: hci0: command tx timeout [ 1055.126138][ T1171] usb 2-1: new high-speed USB device number 83 using dummy_hcd [ 1055.309337][ T1171] usb 2-1: Using ep0 maxpacket: 32 [ 1055.321536][ T1171] usb 2-1: config 0 has an invalid interface number: 37 but max is 1 [ 1055.338410][ T1171] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1055.358181][ T1171] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 1055.375148][ T1171] usb 2-1: config 0 has no interface number 0 [ 1055.383550][ T1171] usb 2-1: New USB device found, idVendor=03f0, idProduct=581d, bcdDevice=20.a3 [ 1055.392954][ T1171] usb 2-1: New USB device strings: Mfr=1, Product=34, SerialNumber=3 [ 1055.403049][ T1171] usb 2-1: Product: syz [ 1055.413202][ T1171] usb 2-1: Manufacturer: syz [ 1055.428643][ T1171] usb 2-1: SerialNumber: syz [ 1055.437862][ T1171] usb 2-1: config 0 descriptor?? [ 1055.659396][T21893] netlink: 72 bytes leftover after parsing attributes in process `syz.1.3587'. [ 1055.668891][T21893] netlink: 72 bytes leftover after parsing attributes in process `syz.1.3587'. [ 1056.848441][T13690] usb 2-1: USB disconnect, device number 83 [ 1056.981776][ T8] usb 5-1: USB disconnect, device number 127 [ 1057.086465][ T5233] Bluetooth: hci0: command tx timeout [ 1057.181035][ T12] bridge_slave_1: left allmulticast mode [ 1057.203456][ T12] bridge_slave_1: left promiscuous mode [ 1057.216191][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 1057.279058][T21902] syz.0.3589 (21902): drop_caches: 2 [ 1057.306448][ T12] bridge_slave_0: left allmulticast mode [ 1057.321558][ T12] bridge_slave_0: left promiscuous mode [ 1057.333069][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 1057.707762][ T1845] usb 2-1: new high-speed USB device number 84 using dummy_hcd [ 1057.875439][ T1845] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1057.904517][ T1845] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1057.951404][ T1845] usb 2-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 1057.978768][ T1845] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1058.002545][ T1845] usb 2-1: config 0 descriptor?? [ 1058.135464][T21924] syz.0.3597 (21924): drop_caches: 2 [ 1058.326290][T15594] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 1058.427644][ T12] bond0 (unregistering): left promiscuous mode [ 1058.433867][ T12] bond_slave_0: left promiscuous mode [ 1058.441591][T21910] input: syz1 as /devices/virtual/input/input90 [ 1058.474200][ T12] bond_slave_1: left promiscuous mode [ 1058.516298][T15594] usb 5-1: Using ep0 maxpacket: 16 [ 1058.542370][T15594] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1058.569408][T15594] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1058.591277][T15594] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 1058.613597][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1058.633868][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1058.654336][ T12] bond0 (unregistering): Released all slaves [ 1058.657084][T15594] usb 5-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 1058.670510][T15594] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1058.741820][T15594] usb 5-1: config 0 descriptor?? [ 1059.068297][ T12] batman_adv: batadv0: Removing interface: wlan1 [ 1059.109574][ T1845] uclogic 0003:256C:006D.0034: failed retrieving string descriptor #200: -71 [ 1059.126471][ T1845] uclogic 0003:256C:006D.0034: failed retrieving pen parameters: -71 [ 1059.148809][ T1845] uclogic 0003:256C:006D.0034: failed probing pen v2 parameters: -71 [ 1059.166387][ T5233] Bluetooth: hci0: command tx timeout [ 1059.177578][T21858] chnl_net:caif_netlink_parms(): no params data found [ 1059.194996][ T1845] uclogic 0003:256C:006D.0034: failed probing parameters: -71 [ 1059.207392][ T1845] uclogic 0003:256C:006D.0034: probe with driver uclogic failed with error -71 [ 1059.223423][ T1845] usb 2-1: USB disconnect, device number 84 [ 1059.346557][ T1171] usb 4-1: new high-speed USB device number 53 using dummy_hcd [ 1059.396228][T13690] usb 1-1: new high-speed USB device number 123 using dummy_hcd [ 1059.462999][ T12] hsr_slave_0: left promiscuous mode [ 1059.478330][T21927] netlink: 4096 bytes leftover after parsing attributes in process `syz.4.3598'. [ 1059.495516][T21927] openvswitch: netlink: Missing key (keys=400040, expected=200000) [ 1059.507597][T21927] netlink: 4096 bytes leftover after parsing attributes in process `syz.4.3598'. [ 1059.517109][T21927] openvswitch: netlink: Actions may not be safe on all matching packets [ 1059.527156][ T1171] usb 4-1: Using ep0 maxpacket: 32 [ 1059.532959][ T12] hsr_slave_1: left promiscuous mode [ 1059.535814][ T1171] usb 4-1: New USB device found, idVendor=041e, idProduct=400b, bcdDevice=3e.e7 [ 1059.549015][ T1171] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1059.562256][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1059.565430][ T1171] usb 4-1: config 0 descriptor?? [ 1059.580418][ T1171] gspca_main: sunplus-2.14.0 probing 041e:400b [ 1059.596179][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1059.626455][T13690] usb 1-1: Using ep0 maxpacket: 8 [ 1059.643815][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1059.663526][T13690] usb 1-1: config 179 has an invalid interface number: 65 but max is 0 [ 1059.685712][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1059.693235][T13690] usb 1-1: config 179 has no interface number 0 [ 1059.722503][T13690] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 1059.823930][T13690] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 1059.860743][ T12] veth1_macvtap: left promiscuous mode [ 1059.880178][ T12] veth0_macvtap: left promiscuous mode [ 1059.892492][T13690] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 1059.903965][ T12] veth1_vlan: left promiscuous mode [ 1059.920430][ T12] veth0_vlan: left promiscuous mode [ 1059.926060][T13690] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024 [ 1059.945762][T13690] usb 1-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 1059.994252][T13690] usb 1-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 1060.041993][T13690] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1060.098629][ T1171] gspca_sunplus: reg_w_riv err -110 [ 1060.106610][T21935] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 1060.139695][ T1171] sunplus 4-1:0.0: probe with driver sunplus failed with error -110 [ 1060.412829][T13690] input: Generic X-Box pad as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:179.65/input/input91 [ 1060.610828][T13690] usb 1-1: USB disconnect, device number 123 [ 1060.617064][ C1] xpad 1-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 1060.617109][ C1] xpad 1-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 1060.718651][T13690] xpad 1-1:179.65: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -19 [ 1061.100925][T15594] usbhid 5-1:0.0: can't add hid device: -71 [ 1061.144770][T15594] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 1061.176382][ T1171] usb 2-1: new high-speed USB device number 85 using dummy_hcd [ 1061.208417][T15594] usb 5-1: USB disconnect, device number 2 [ 1061.252092][ T5233] Bluetooth: hci0: command tx timeout [ 1061.362618][T21962] FAULT_INJECTION: forcing a failure. [ 1061.362618][T21962] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1061.396390][ T1171] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 1061.413624][T21962] CPU: 1 UID: 0 PID: 21962 Comm: syz.4.3602 Not tainted 6.11.0-syzkaller-09959-gabf2050f51fd #0 [ 1061.424110][T21962] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 1061.434276][T21962] Call Trace: [ 1061.437567][T21962] [ 1061.440500][T21962] dump_stack_lvl+0x241/0x360 [ 1061.445200][T21962] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1061.450439][T21962] ? __pfx__printk+0x10/0x10 [ 1061.455130][T21962] ? snprintf+0xda/0x120 [ 1061.457263][ T1171] usb 2-1: New USB device found, idVendor=0499, idProduct=1058, bcdDevice=31.95 [ 1061.459400][T21962] should_fail_ex+0x3b0/0x4e0 [ 1061.459443][T21962] _copy_to_user+0x2f/0xb0 [ 1061.470075][ T1171] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1061.473221][T21962] simple_read_from_buffer+0xca/0x150 [ 1061.473270][T21962] proc_fail_nth_read+0x1e9/0x250 [ 1061.487294][ T1171] usb 2-1: config 0 descriptor?? [ 1061.491041][T21962] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1061.491090][T21962] ? rw_verify_area+0x55e/0x6f0 [ 1061.491123][T21962] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1061.491164][T21962] vfs_read+0x201/0xbc0 [ 1061.491195][T21962] ? __pfx_lock_release+0x10/0x10 [ 1061.491236][T21962] ? __pfx_vfs_read+0x10/0x10 [ 1061.491275][T21962] ? __fget_files+0x3f3/0x470 [ 1061.491308][T21962] ? fdget_pos+0x24e/0x320 [ 1061.491336][T21962] ksys_read+0x183/0x2b0 [ 1061.491372][T21962] ? __pfx_ksys_read+0x10/0x10 [ 1061.491407][T21962] ? do_syscall_64+0x100/0x230 [ 1061.491445][T21962] ? do_syscall_64+0xb6/0x230 [ 1061.491482][T21962] do_syscall_64+0xf3/0x230 [ 1061.491525][T21962] ? clear_bhb_loop+0x35/0x90 [ 1061.502020][ T1171] usb 2-1: Quirk or no altset; falling back to MIDI 1.0 [ 1061.507543][T21962] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1061.507585][T21962] RIP: 0033:0x7fb45197c93c [ 1061.507608][T21962] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 8e 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf 8e 02 00 48 [ 1061.507628][T21962] RSP: 002b:00007fb45274e030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1061.507655][T21962] RAX: ffffffffffffffda RBX: 00007fb451b36058 RCX: 00007fb45197c93c [ 1061.507673][T21962] RDX: 000000000000000f RSI: 00007fb45274e0a0 RDI: 0000000000000004 [ 1061.507696][T21962] RBP: 00007fb45274e090 R08: 0000000000000000 R09: 0000000000000000 [ 1061.507712][T21962] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1061.507727][T21962] R13: 0000000000000001 R14: 00007fb451b36058 R15: 00007fb451c5fa28 [ 1061.507759][T21962] [ 1061.746249][ T8] usb 1-1: new high-speed USB device number 124 using dummy_hcd [ 1061.866878][ T1171] snd-usb-audio 2-1:0.0: probe with driver snd-usb-audio failed with error -2 [ 1061.879527][ T1171] usb 2-1: USB disconnect, device number 85 [ 1061.936034][ T8] usb 1-1: Using ep0 maxpacket: 16 [ 1062.013264][ T8] usb 1-1: config 0 has an invalid interface number: 107 but max is 0 [ 1062.021660][ T8] usb 1-1: config 0 has no interface number 0 [ 1062.062262][ T8] usb 1-1: config 0 interface 107 altsetting 0 endpoint 0x88 has an invalid bInterval 0, changing to 7 [ 1062.078885][ T8] usb 1-1: config 0 interface 107 altsetting 0 endpoint 0x88 has invalid wMaxPacketSize 0 [ 1062.092797][ T8] usb 1-1: New USB device found, idVendor=06cd, idProduct=0131, bcdDevice=16.60 [ 1062.103013][ T8] usb 1-1: New USB device strings: Mfr=175, Product=2, SerialNumber=3 [ 1062.111745][ T8] usb 1-1: Product: syz [ 1062.117109][ T8] usb 1-1: Manufacturer: syz [ 1062.121867][ T8] usb 1-1: SerialNumber: syz [ 1062.129466][ T8] usb 1-1: config 0 descriptor?? [ 1062.149476][ T8] keyspan 1-1:0.107: Keyspan 4 port adapter converter detected [ 1062.157525][ T8] keyspan 1-1:0.107: found no endpoint descriptor for endpoint 81 [ 1062.167334][ T8] keyspan 1-1:0.107: found no endpoint descriptor for endpoint 1 [ 1062.177306][ T8] usb 1-1: Keyspan 4 port adapter converter now attached to ttyUSB0 [ 1062.190560][ T8] keyspan 1-1:0.107: found no endpoint descriptor for endpoint 2 [ 1062.200137][ T8] usb 1-1: Keyspan 4 port adapter converter now attached to ttyUSB1 [ 1062.211837][ T8] keyspan 1-1:0.107: found no endpoint descriptor for endpoint 4 [ 1062.221761][ T8] usb 1-1: Keyspan 4 port adapter converter now attached to ttyUSB2 [ 1062.232812][ T8] keyspan 1-1:0.107: found no endpoint descriptor for endpoint 6 [ 1062.242696][ T8] usb 1-1: Keyspan 4 port adapter converter now attached to ttyUSB3 [ 1062.342230][T21961] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1062.363517][T21961] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1062.388279][ T12] team0 (unregistering): Port device team_slave_1 removed [ 1062.392475][T13690] usb 1-1: USB disconnect, device number 124 [ 1062.420666][T13690] keyspan_4 ttyUSB0: Keyspan 4 port adapter converter now disconnected from ttyUSB0 [ 1062.452585][T13690] keyspan_4 ttyUSB1: Keyspan 4 port adapter converter now disconnected from ttyUSB1 [ 1062.473967][T13690] keyspan_4 ttyUSB2: Keyspan 4 port adapter converter now disconnected from ttyUSB2 [ 1062.495251][T13690] keyspan_4 ttyUSB3: Keyspan 4 port adapter converter now disconnected from ttyUSB3 [ 1062.509785][T13690] keyspan 1-1:0.107: device disconnected [ 1062.550233][ T12] team0 (unregistering): Port device team_slave_0 removed [ 1063.313736][T21945] netlink: 108 bytes leftover after parsing attributes in process `syz.3.3599'. [ 1063.401840][T21858] bridge0: port 1(bridge_slave_0) entered blocking state [ 1063.424382][T21858] bridge0: port 1(bridge_slave_0) entered disabled state [ 1063.434791][T21858] bridge_slave_0: entered allmulticast mode [ 1063.456411][T13690] usb 1-1: new high-speed USB device number 125 using dummy_hcd [ 1063.484421][T21858] bridge_slave_0: entered promiscuous mode [ 1063.498024][T21858] bridge0: port 2(bridge_slave_1) entered blocking state [ 1063.505343][T21858] bridge0: port 2(bridge_slave_1) entered disabled state [ 1063.531241][T21858] bridge_slave_1: entered allmulticast mode [ 1063.548849][T21858] bridge_slave_1: entered promiscuous mode [ 1063.589266][ T1845] usb 4-1: USB disconnect, device number 53 [ 1063.660429][T13690] usb 1-1: Using ep0 maxpacket: 16 [ 1063.679536][T21858] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1063.689396][T13690] usb 1-1: config 0 has an invalid interface number: 214 but max is 0 [ 1063.698125][T13690] usb 1-1: config 0 has no interface number 0 [ 1063.704411][T13690] usb 1-1: config 0 interface 214 altsetting 0 endpoint 0x83 has invalid maxpacket 1023, setting to 64 [ 1063.720364][T21858] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1063.751456][T13690] usb 1-1: New USB device found, idVendor=0596, idProduct=0001, bcdDevice= 5.f5 [ 1063.773327][T13690] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1063.798400][T13690] usb 1-1: Product: syz [ 1063.809922][T13690] usb 1-1: Manufacturer: syz [ 1063.832417][T13690] usb 1-1: SerialNumber: syz [ 1063.862020][T21858] team0: Port device team_slave_0 added [ 1063.869352][T13690] usb 1-1: config 0 descriptor?? [ 1063.883052][T21858] team0: Port device team_slave_1 added [ 1063.973447][T21858] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1064.013884][T21858] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1064.052209][T21858] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1064.114908][T21858] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1064.159758][T21858] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1064.215659][T21858] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1064.341243][T21858] hsr_slave_0: entered promiscuous mode [ 1064.359770][T21858] hsr_slave_1: entered promiscuous mode [ 1064.374861][T21858] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1064.382798][T21858] Cannot create hsr debugfs directory [ 1064.426437][ T1845] usb 4-1: new high-speed USB device number 54 using dummy_hcd [ 1064.496221][T13690] input: syz syz as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.214/input/input92 [ 1064.566014][ T1845] usb 4-1: device descriptor read/64, error -71 [ 1064.716470][T13690] usb 1-1: USB disconnect, device number 125 [ 1064.826290][ T1845] usb 4-1: new high-speed USB device number 55 using dummy_hcd [ 1064.976061][ T1845] usb 4-1: device descriptor read/64, error -71 [ 1065.066132][T20943] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 1065.117201][ T1845] usb usb4-port1: attempt power cycle [ 1065.246324][T13690] usb 2-1: new high-speed USB device number 86 using dummy_hcd [ 1065.291085][T20943] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1065.316979][T20943] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1065.343501][T20943] usb 5-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 1065.376002][T20943] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 1065.384567][T20943] usb 5-1: SerialNumber: syz [ 1065.426830][T13690] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1065.452585][T13690] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1065.461987][ T1845] usb 4-1: new high-speed USB device number 56 using dummy_hcd [ 1065.482544][T13690] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 1065.504732][ T1845] usb 4-1: device descriptor read/8, error -71 [ 1065.516496][T13690] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 1065.524762][T13690] usb 2-1: SerialNumber: syz [ 1065.651029][T20943] usb 5-1: 0:2 : does not exist [ 1065.700154][T20943] usb 5-1: USB disconnect, device number 3 [ 1065.747337][ T1845] usb 4-1: new high-speed USB device number 57 using dummy_hcd [ 1065.760106][T13690] usb 2-1: 0:2 : does not exist [ 1065.765082][T13690] usb 2-1: unit 5 not found! [ 1065.789258][ T5229] udevd[5229]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1065.827275][ T1845] usb 4-1: device descriptor read/8, error -71 [ 1065.836697][T13690] usb 2-1: USB disconnect, device number 86 [ 1065.914856][ T5304] udevd[5304]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1065.936466][ T1845] usb usb4-port1: unable to enumerate USB device [ 1066.082465][T21858] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 1066.103700][T21858] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 1066.121910][T21858] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 1066.140428][T21858] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 1066.402002][T21858] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1066.459714][T21858] 8021q: adding VLAN 0 to HW filter on device team0 [ 1066.492306][T14242] bridge0: port 1(bridge_slave_0) entered blocking state [ 1066.499628][T14242] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1066.564412][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 1066.571730][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1066.745723][T21858] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1066.837375][T21858] veth0_vlan: entered promiscuous mode [ 1066.870444][T21858] veth1_vlan: entered promiscuous mode [ 1066.946704][T13690] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 1066.947517][T21858] veth0_macvtap: entered promiscuous mode [ 1066.994296][T21858] veth1_macvtap: entered promiscuous mode [ 1067.010892][T21858] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1067.021935][T21858] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1067.032169][T21858] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1067.042810][T21858] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1067.052793][T21858] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1067.063456][T21858] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1067.073452][T21858] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1067.084210][T21858] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1067.094654][T21858] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1067.105293][T21858] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1067.115228][T21858] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1067.126226][T21858] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1067.137983][T21858] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1067.148252][T21858] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1067.158237][T13690] usb 5-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a [ 1067.159120][T21858] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1067.178494][T21858] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1067.186682][T13690] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1067.189286][T21858] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1067.207738][T21858] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1067.218528][T21858] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1067.229692][T21858] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1067.240837][T21858] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1067.251512][T21858] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1067.256036][T13690] usb 5-1: Product: syz [ 1067.262136][T21858] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1067.276171][T21858] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1067.286125][T13690] usb 5-1: Manufacturer: syz [ 1067.287120][T21858] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1067.291291][T13690] usb 5-1: SerialNumber: syz [ 1067.307386][T21858] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1067.318615][T13690] usb 5-1: config 0 descriptor?? [ 1067.478573][T21858] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1067.488196][T21858] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1067.497088][T21858] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1067.505840][T21858] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1067.532263][T22043] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1067.586570][T22043] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1067.603271][T22043] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1067.620655][T22043] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1067.693668][ T2564] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1067.702559][ T2564] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1067.778109][T22043] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1067.797984][ T2531] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1067.807680][ T2531] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1067.876479][ T5305] usb 4-1: new full-speed USB device number 58 using dummy_hcd [ 1067.907313][T22043] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1067.951247][T22043] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1068.016151][T22043] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1068.026167][ T5305] usb 4-1: device descriptor read/64, error -71 [ 1068.043372][T22043] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1068.146221][T22043] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1068.298670][T13690] usb 5-1: Firmware: major: 0, minor: 248, hardware type: ATUSB (0) [ 1068.340651][ T1171] usb 2-1: new high-speed USB device number 87 using dummy_hcd [ 1068.536293][ T1171] usb 2-1: Using ep0 maxpacket: 32 [ 1068.545654][ T1171] usb 2-1: config 148 has an invalid interface number: 223 but max is 0 [ 1068.595244][ T1171] usb 2-1: config 148 has an invalid descriptor of length 57, skipping remainder of the config [ 1068.665692][ T1171] usb 2-1: config 148 has no interface number 0 [ 1068.705172][ T1171] usb 2-1: config 148 interface 223 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 1068.765764][ T1171] usb 2-1: config 148 interface 223 has no altsetting 0 [ 1068.803951][ T1171] usb 2-1: New USB device found, idVendor=0c72, idProduct=0014, bcdDevice=27.b4 [ 1068.834078][ T1171] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1068.883130][ T1171] usb 2-1: Product: syz [ 1068.908122][ T1171] usb 2-1: Manufacturer: syz [ 1068.936929][ T1171] usb 2-1: SerialNumber: syz [ 1073.209609][T20943] usb 1-1: new high-speed USB device number 126 using dummy_hcd [ 1075.076131][ T1171] peak_usb 2-1:148.223 can0: unable to request usb[type=0 value=1] err=-32 [ 1075.084982][ T1171] peak_usb 2-1:148.223: unable to read PCAN-USB X6 firmware info (err -32) [ 1077.426263][T13690] usb 5-1: failed to fetch extended address, random address set [ 1082.715176][ T0] sched: DL replenish lagged too much [ 1096.470687][ T1171] peak_usb 2-1:148.223: probe with driver peak_usb failed with error -32 [ 1096.631639][ T1171] usb 2-1: USB disconnect, device number 87 [ 1096.956117][ T1171] usb 2-1: new high-speed USB device number 88 using dummy_hcd [ 1102.266073][ T1171] usb 2-1: device descriptor read/64, error -110 [ 1102.566285][ T1171] usb 2-1: new high-speed USB device number 89 using dummy_hcd [ 1102.726146][ T1171] usb 2-1: device descriptor read/64, error -32 [ 1102.839972][ T1171] usb usb2-port1: attempt power cycle [ 1103.216172][ T1171] usb 2-1: new high-speed USB device number 90 using dummy_hcd [ 1103.249078][ T1171] usb 2-1: device descriptor read/8, error -32 [ 1103.382117][ T1171] raw-gadget.0 gadget.1: failed to queue suspend event [ 1103.401090][ T1171] raw-gadget.0 gadget.1: failed to queue reset event [ 1103.478253][ T1171] raw-gadget.0 gadget.1: failed to queue resume event [ 1103.554181][ T1171] usb 2-1: new high-speed USB device number 91 using dummy_hcd [ 1103.596218][ C0] raw-gadget.0 gadget.1: ignoring, device is not running [ 1103.603428][ T1171] usb 2-1: device descriptor read/8, error -32 [ 1103.725241][ T1171] raw-gadget.0 gadget.1: failed to queue suspend event [ 1103.743376][ T1171] usb usb2-port1: unable to enumerate USB device [ 1116.048693][ T1266] ieee802154 phy0 wpan0: encryption failed: -22 [ 1116.055068][ T1266] ieee802154 phy1 wpan1: encryption failed: -22 [ 1127.739768][ T4682] udevd[4682]: worker [5229] /devices/platform/dummy_hcd.4/usb5/5-1 is taking a long time [ 1130.771021][T22166] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 1130.785325][T22166] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 1130.799698][T22166] Bluetooth: hci8: unexpected cc 0x0c03 length: 249 > 1 [ 1130.809497][T22166] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 1130.820594][T22168] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 1130.830056][T22166] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 1130.842906][T22168] Bluetooth: hci8: unexpected cc 0x1003 length: 249 > 9 [ 1130.851037][T22166] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 1130.862333][T22168] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 1130.870502][T22166] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 1130.880744][T22168] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 1130.888776][T22166] Bluetooth: hci9: unexpected cc 0x0c03 length: 249 > 1 [ 1130.903966][T22168] Bluetooth: hci8: unexpected cc 0x1001 length: 249 > 9 [ 1130.913335][T22169] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 1130.925552][T22168] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 1130.933505][T22169] Bluetooth: hci9: unexpected cc 0x1003 length: 249 > 9 [ 1130.944525][T22168] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 1130.955480][T22169] Bluetooth: hci9: unexpected cc 0x1001 length: 249 > 9 [ 1130.965402][T22168] Bluetooth: hci8: unexpected cc 0x0c23 length: 249 > 4 [ 1130.972930][T22169] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 1130.985459][T22168] Bluetooth: hci9: unexpected cc 0x0c23 length: 249 > 4 [ 1130.992895][T22168] Bluetooth: hci8: unexpected cc 0x0c25 length: 249 > 3 [ 1131.000350][T22169] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 1131.010319][T22169] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 1131.019633][T22168] Bluetooth: hci8: unexpected cc 0x0c38 length: 249 > 2 [ 1131.029369][T22169] Bluetooth: hci9: unexpected cc 0x0c25 length: 249 > 3 [ 1131.045285][T22169] Bluetooth: hci9: unexpected cc 0x0c38 length: 249 > 2 [ 1131.123408][T20766] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 1131.133555][T22168] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 1131.141433][T22168] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 1133.086231][T22165] Bluetooth: hci8: command tx timeout [ 1133.166230][T22165] Bluetooth: hci5: command tx timeout [ 1133.254449][T20766] Bluetooth: hci9: command tx timeout [ 1133.260845][T22168] Bluetooth: hci7: command tx timeout [ 1133.275691][T22165] Bluetooth: hci6: command tx timeout [ 1135.170696][T22165] Bluetooth: hci8: command tx timeout [ 1135.247611][T22165] Bluetooth: hci5: command tx timeout [ 1135.334409][T22165] Bluetooth: hci6: command tx timeout [ 1135.345951][T20766] Bluetooth: hci9: command tx timeout [ 1135.351416][T20766] Bluetooth: hci7: command tx timeout [ 1137.252261][T20766] Bluetooth: hci8: command tx timeout [ 1137.326856][T20766] Bluetooth: hci5: command tx timeout [ 1137.406343][T22165] Bluetooth: hci6: command tx timeout [ 1137.411834][T22165] Bluetooth: hci9: command tx timeout [ 1137.419000][T20766] Bluetooth: hci7: command tx timeout [ 1139.326167][T20766] Bluetooth: hci8: command tx timeout [ 1139.406212][T20766] Bluetooth: hci5: command tx timeout [ 1139.487726][T22168] Bluetooth: hci6: command tx timeout [ 1139.493341][T22165] Bluetooth: hci9: command tx timeout [ 1139.503954][T20766] Bluetooth: hci7: command tx timeout [ 1152.817515][T22165] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 1152.833960][T22165] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 1152.854158][T22165] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 1152.870804][T22165] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 1152.878743][T22165] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 1152.886919][T22165] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 1153.075937][T20766] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 1153.111833][T20766] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 1153.121450][T20766] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 1153.131170][T20766] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 1153.140208][T20766] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 1153.149015][T20766] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 1153.248886][T22165] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 1153.261192][T22165] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 1153.271366][T22165] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 1153.281099][T22165] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 1153.290871][T22165] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 1153.302002][T22165] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 1153.338241][T20766] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 1153.358784][T20766] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 1153.370351][T20766] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 1153.380485][T20766] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 1153.392659][T20766] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 1153.400960][T20766] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 1153.644467][T22165] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 1153.661790][T22168] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 1153.670370][T22168] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 1153.680987][T22168] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 1153.689043][T22168] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 1153.697001][T22168] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 1154.018282][T22190] chnl_net:caif_netlink_parms(): no params data found [ 1154.224384][T22190] bridge0: port 1(bridge_slave_0) entered blocking state [ 1154.236033][T22190] bridge0: port 1(bridge_slave_0) entered disabled state [ 1154.243421][T22190] bridge_slave_0: entered allmulticast mode [ 1154.261126][T22190] bridge_slave_0: entered promiscuous mode [ 1154.284657][T22190] bridge0: port 2(bridge_slave_1) entered blocking state [ 1154.296556][T22190] bridge0: port 2(bridge_slave_1) entered disabled state [ 1154.303867][T22190] bridge_slave_1: entered allmulticast mode [ 1154.321169][T22190] bridge_slave_1: entered promiscuous mode [ 1154.461072][T22190] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1154.490082][T22190] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1154.657143][T22190] team0: Port device team_slave_0 added [ 1154.681319][T22190] team0: Port device team_slave_1 added [ 1154.843748][T22190] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1154.861090][T22190] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1154.898454][T22190] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1154.923083][T22190] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1154.936858][T22190] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1154.975151][T22190] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1155.014664][T22168] Bluetooth: hci0: command tx timeout [ 1155.178729][T22190] hsr_slave_0: entered promiscuous mode [ 1155.197523][T22190] hsr_slave_1: entered promiscuous mode [ 1155.208786][T22190] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1155.224173][T22190] Cannot create hsr debugfs directory [ 1155.256439][T22168] Bluetooth: hci1: command tx timeout [ 1155.406307][T22168] Bluetooth: hci2: command tx timeout [ 1155.486408][T22168] Bluetooth: hci3: command tx timeout [ 1155.727082][T22168] Bluetooth: hci4: command tx timeout [ 1155.753813][T22190] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1157.096503][T20766] Bluetooth: hci0: command tx timeout [ 1157.326106][T20766] Bluetooth: hci1: command tx timeout [ 1157.486390][T20766] Bluetooth: hci2: command tx timeout [ 1157.566039][T20766] Bluetooth: hci3: command tx timeout [ 1157.806133][T20766] Bluetooth: hci4: command tx timeout [ 1159.166285][T20766] Bluetooth: hci0: command tx timeout [ 1159.406112][T20766] Bluetooth: hci1: command tx timeout [ 1159.566432][T20766] Bluetooth: hci2: command tx timeout [ 1159.646171][T22168] Bluetooth: hci3: command tx timeout [ 1159.886157][T22168] Bluetooth: hci4: command tx timeout [ 1161.246257][T22168] Bluetooth: hci0: command tx timeout [ 1161.486406][T22168] Bluetooth: hci1: command tx timeout [ 1161.646215][T22168] Bluetooth: hci2: command tx timeout [ 1161.728475][T22168] Bluetooth: hci3: command tx timeout [ 1161.966180][T22168] Bluetooth: hci4: command tx timeout [ 1176.895322][T22190] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1177.490463][ T1266] ieee802154 phy0 wpan0: encryption failed: -22 [ 1177.512170][ T1266] ieee802154 phy1 wpan1: encryption failed: -22 [ 1213.653279][T20766] Bluetooth: hci10: unexpected cc 0x0c03 length: 249 > 1 [ 1213.665351][T20766] Bluetooth: hci10: unexpected cc 0x1003 length: 249 > 9 [ 1213.674297][T20766] Bluetooth: hci10: unexpected cc 0x1001 length: 249 > 9 [ 1213.683237][T20766] Bluetooth: hci10: unexpected cc 0x0c23 length: 249 > 4 [ 1213.707015][T20766] Bluetooth: hci10: unexpected cc 0x0c25 length: 249 > 3 [ 1213.720690][T20766] Bluetooth: hci10: unexpected cc 0x0c38 length: 249 > 2 [ 1213.771558][T20766] Bluetooth: hci11: unexpected cc 0x0c03 length: 249 > 1 [ 1213.794682][T20766] Bluetooth: hci11: unexpected cc 0x1003 length: 249 > 9 [ 1213.804192][T20766] Bluetooth: hci11: unexpected cc 0x1001 length: 249 > 9 [ 1213.812879][T20766] Bluetooth: hci11: unexpected cc 0x0c23 length: 249 > 4 [ 1213.822071][T20766] Bluetooth: hci11: unexpected cc 0x0c25 length: 249 > 3 [ 1213.830514][T20766] Bluetooth: hci11: unexpected cc 0x0c38 length: 249 > 2 [ 1213.956531][T22168] Bluetooth: hci12: unexpected cc 0x0c03 length: 249 > 1 [ 1213.981388][T22168] Bluetooth: hci12: unexpected cc 0x1003 length: 249 > 9 [ 1213.991893][T22168] Bluetooth: hci12: unexpected cc 0x1001 length: 249 > 9 [ 1214.000945][T22168] Bluetooth: hci12: unexpected cc 0x0c23 length: 249 > 4 [ 1214.016443][T22168] Bluetooth: hci12: unexpected cc 0x0c25 length: 249 > 3 [ 1214.023983][T22168] Bluetooth: hci12: unexpected cc 0x0c38 length: 249 > 2 [ 1214.124767][T20766] Bluetooth: hci13: unexpected cc 0x0c03 length: 249 > 1 [ 1214.138702][T20766] Bluetooth: hci13: unexpected cc 0x1003 length: 249 > 9 [ 1214.150526][T20766] Bluetooth: hci13: unexpected cc 0x1001 length: 249 > 9 [ 1214.178347][T20766] Bluetooth: hci13: unexpected cc 0x0c23 length: 249 > 4 [ 1214.196004][T20766] Bluetooth: hci13: unexpected cc 0x0c25 length: 249 > 3 [ 1214.203551][T20766] Bluetooth: hci13: unexpected cc 0x0c38 length: 249 > 2 [ 1214.382674][T22168] Bluetooth: hci14: unexpected cc 0x0c03 length: 249 > 1 [ 1214.399248][T22168] Bluetooth: hci14: unexpected cc 0x1003 length: 249 > 9 [ 1214.409435][T22168] Bluetooth: hci14: unexpected cc 0x1001 length: 249 > 9 [ 1214.418027][T22168] Bluetooth: hci14: unexpected cc 0x0c23 length: 249 > 4 [ 1214.427253][T22168] Bluetooth: hci14: unexpected cc 0x0c25 length: 249 > 3 [ 1214.437888][T22168] Bluetooth: hci14: unexpected cc 0x0c38 length: 249 > 2 [ 1215.807339][T20766] Bluetooth: hci10: command tx timeout [ 1215.886375][T20766] Bluetooth: hci11: command tx timeout [ 1216.126284][T20766] Bluetooth: hci12: command tx timeout [ 1216.286315][T20766] Bluetooth: hci13: command tx timeout [ 1216.526149][T20766] Bluetooth: hci14: command tx timeout [ 1217.886822][T20766] Bluetooth: hci10: command tx timeout [ 1217.966194][T20766] Bluetooth: hci11: command tx timeout [ 1218.206188][T20766] Bluetooth: hci12: command tx timeout [ 1218.366276][T20766] Bluetooth: hci13: command tx timeout [ 1218.606882][T20766] Bluetooth: hci14: command tx timeout [ 1219.966152][T20766] Bluetooth: hci10: command tx timeout [ 1220.046316][T20766] Bluetooth: hci11: command tx timeout [ 1220.286308][T20766] Bluetooth: hci12: command tx timeout [ 1220.446305][T20766] Bluetooth: hci13: command tx timeout [ 1220.686015][T20766] Bluetooth: hci14: command tx timeout [ 1222.046304][T20766] Bluetooth: hci10: command tx timeout [ 1222.129492][T20766] Bluetooth: hci11: command tx timeout [ 1222.366279][T20766] Bluetooth: hci12: command tx timeout [ 1222.526289][T20766] Bluetooth: hci13: command tx timeout [ 1222.766012][T20766] Bluetooth: hci14: command tx timeout [ 1238.929347][ T1266] ieee802154 phy0 wpan0: encryption failed: -22 [ 1238.935705][ T1266] ieee802154 phy1 wpan1: encryption failed: -22 [ 1250.410355][ T4682] udevd[4682]: worker [5229] /devices/platform/dummy_hcd.4/usb5/5-1 timeout; kill it [ 1250.456722][ T4682] udevd[4682]: seq 57769 '/devices/platform/dummy_hcd.4/usb5/5-1' killed [ 1250.661940][ T4682] udevd[4682]: worker [5229] terminated by signal 9 (Killed) [ 1250.679348][ T4682] udevd[4682]: worker [5229] failed while handling '/devices/platform/dummy_hcd.4/usb5/5-1' [ 1256.382393][T20766] Bluetooth: hci7: command 0x0406 tx timeout [ 1256.398077][T22168] Bluetooth: hci6: command 0x0406 tx timeout [ 1256.404160][T22168] Bluetooth: hci8: command 0x0406 tx timeout [ 1256.414786][ T5233] Bluetooth: hci5: command 0x0406 tx timeout [ 1256.441747][T20766] Bluetooth: hci9: command 0x0406 tx timeout [ 1275.356450][T22215] Bluetooth: hci15: unexpected cc 0x0c03 length: 249 > 1 [ 1275.396012][T22215] Bluetooth: hci15: unexpected cc 0x1003 length: 249 > 9 [ 1275.411130][T22215] Bluetooth: hci15: unexpected cc 0x1001 length: 249 > 9 [ 1275.431086][T22215] Bluetooth: hci15: unexpected cc 0x0c23 length: 249 > 4 [ 1275.439818][T22215] Bluetooth: hci15: unexpected cc 0x0c25 length: 249 > 3 [ 1275.447836][T22215] Bluetooth: hci15: unexpected cc 0x0c38 length: 249 > 2 [ 1275.586525][T22166] Bluetooth: hci16: unexpected cc 0x0c03 length: 249 > 1 [ 1275.600532][T22166] Bluetooth: hci16: unexpected cc 0x1003 length: 249 > 9 [ 1275.613252][T22166] Bluetooth: hci16: unexpected cc 0x1001 length: 249 > 9 [ 1275.622463][T22166] Bluetooth: hci16: unexpected cc 0x0c23 length: 249 > 4 [ 1275.630646][T22166] Bluetooth: hci16: unexpected cc 0x0c25 length: 249 > 3 [ 1275.638416][T22166] Bluetooth: hci16: unexpected cc 0x0c38 length: 249 > 2 [ 1275.824836][T22215] Bluetooth: hci17: unexpected cc 0x0c03 length: 249 > 1 [ 1275.843551][T20766] Bluetooth: hci18: unexpected cc 0x0c03 length: 249 > 1 [ 1275.853892][T20766] Bluetooth: hci18: unexpected cc 0x1003 length: 249 > 9 [ 1275.866238][T20766] Bluetooth: hci18: unexpected cc 0x1001 length: 249 > 9 [ 1275.874428][T20766] Bluetooth: hci18: unexpected cc 0x0c23 length: 249 > 4 [ 1275.882719][T20766] Bluetooth: hci17: unexpected cc 0x1003 length: 249 > 9 [ 1275.896013][T20766] Bluetooth: hci17: unexpected cc 0x1001 length: 249 > 9 [ 1275.904175][T20766] Bluetooth: hci17: unexpected cc 0x0c23 length: 249 > 4 [ 1275.916365][T20766] Bluetooth: hci18: unexpected cc 0x0c25 length: 249 > 3 [ 1275.927128][T22168] Bluetooth: hci17: unexpected cc 0x0c25 length: 249 > 3 [ 1275.935002][T20766] Bluetooth: hci18: unexpected cc 0x0c38 length: 249 > 2 [ 1275.943880][T20766] Bluetooth: hci17: unexpected cc 0x0c38 length: 249 > 2 [ 1276.084147][T20766] Bluetooth: hci19: unexpected cc 0x0c03 length: 249 > 1 [ 1276.106124][T20766] Bluetooth: hci19: unexpected cc 0x1003 length: 249 > 9 [ 1276.115563][T20766] Bluetooth: hci19: unexpected cc 0x1001 length: 249 > 9 [ 1276.130430][T20766] Bluetooth: hci19: unexpected cc 0x0c23 length: 249 > 4 [ 1276.138888][T20766] Bluetooth: hci19: unexpected cc 0x0c25 length: 249 > 3 [ 1276.151256][T20766] Bluetooth: hci19: unexpected cc 0x0c38 length: 249 > 2 [ 1276.879977][T22215] Bluetooth: hci0: command 0x0406 tx timeout [ 1276.886170][T20766] Bluetooth: hci1: command 0x0406 tx timeout [ 1276.892230][T20766] Bluetooth: hci2: command 0x0406 tx timeout [ 1276.906035][T22166] Bluetooth: hci3: command 0x0406 tx timeout [ 1276.912116][T22166] Bluetooth: hci4: command 0x0406 tx timeout [ 1277.566147][ T5237] Bluetooth: hci15: command tx timeout [ 1277.726214][ T5237] Bluetooth: hci16: command tx timeout [ 1278.046693][ T5237] Bluetooth: hci17: command tx timeout [ 1278.126236][ T5237] Bluetooth: hci18: command tx timeout [ 1278.206069][ T5237] Bluetooth: hci19: command tx timeout [ 1279.646074][ T5237] Bluetooth: hci15: command tx timeout [ 1279.806145][ T5237] Bluetooth: hci16: command tx timeout [ 1280.134677][ T5237] Bluetooth: hci17: command tx timeout [ 1280.206306][ T5237] Bluetooth: hci18: command tx timeout [ 1280.286219][ T5237] Bluetooth: hci19: command tx timeout [ 1281.726054][ T5237] Bluetooth: hci15: command tx timeout [ 1281.886134][ T5237] Bluetooth: hci16: command tx timeout [ 1282.206340][ T5237] Bluetooth: hci17: command tx timeout [ 1282.286326][ T5237] Bluetooth: hci18: command tx timeout [ 1282.376280][ T5237] Bluetooth: hci19: command tx timeout [ 1283.808339][ T5237] Bluetooth: hci15: command tx timeout [ 1283.966107][ T5237] Bluetooth: hci16: command tx timeout [ 1284.286444][ T5237] Bluetooth: hci17: command tx timeout [ 1284.366274][ T5237] Bluetooth: hci18: command tx timeout [ 1284.446081][ T5237] Bluetooth: hci19: command tx timeout [ 1287.566503][ T30] INFO: task kworker/0:2:1171 blocked for more than 143 seconds. [ 1287.574312][ T30] Not tainted 6.11.0-syzkaller-09959-gabf2050f51fd #0 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 1287.625993][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1287.664497][ T30] task:kworker/0:2 state:D stack:13752 pid:1171 tgid:1171 ppid:2 flags:0x00004000 [ 1287.704648][ T30] Workqueue: events_power_efficient reg_check_chans_work [ 1287.785977][ T30] Call Trace: [ 1287.789336][ T30] [ 1287.860004][ T30] __schedule+0x1895/0x4b30 [ 1287.864613][ T30] ? try_to_wake_up+0x971/0x1480 [ 1287.909609][ T30] ? schedule+0x90/0x320 [ 1287.913961][ T30] ? __pfx___schedule+0x10/0x10 [ 1287.963060][ T30] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 1287.994017][ T30] ? __pfx_lock_release+0x10/0x10 [ 1288.025921][ T30] ? kick_pool+0x45c/0x620 [ 1288.046475][ T30] ? _raw_spin_unlock_irq+0x23/0x50 [ 1288.051765][ T30] ? lockdep_hardirqs_on+0x99/0x150 [ 1288.084095][ T30] ? schedule+0x90/0x320 [ 1288.105862][ T30] schedule+0x14b/0x320 [ 1288.110220][ T30] schedule_preempt_disabled+0x13/0x30 [ 1288.133749][ T30] __mutex_lock+0x6a7/0xd70 [ 1288.143667][ T30] ? __mutex_lock+0x52a/0xd70 [ 1288.155413][ T30] ? reg_check_chans_work+0x99/0xfd0 [ 1288.164668][ T30] ? __pfx___mutex_lock+0x10/0x10 [ 1288.175981][ T30] ? process_scheduled_works+0x976/0x1850 [ 1288.181876][ T30] reg_check_chans_work+0x99/0xfd0 [ 1288.197475][ T30] ? __pfx_lock_acquire+0x10/0x10 [ 1288.203832][ T30] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 1288.220282][ T30] ? __pfx_reg_check_chans_work+0x10/0x10 [ 1288.232135][ T30] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 1288.245412][ T30] ? process_scheduled_works+0x976/0x1850 [ 1288.255997][ T30] process_scheduled_works+0xa63/0x1850 [ 1288.261656][ T30] ? __pfx_process_scheduled_works+0x10/0x10 [ 1288.278308][ T30] ? assign_work+0x364/0x3d0 [ 1288.283071][ T30] worker_thread+0x870/0xd30 [ 1288.296322][ T30] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 1288.302299][ T30] ? __kthread_parkme+0x169/0x1d0 [ 1288.318881][ T30] ? __pfx_worker_thread+0x10/0x10 [ 1288.324398][ T30] kthread+0x2f0/0x390 [ 1288.336209][ T30] ? __pfx_worker_thread+0x10/0x10 [ 1288.341395][ T30] ? __pfx_kthread+0x10/0x10 [ 1288.355851][ T30] ret_from_fork+0x4b/0x80 [ 1288.360358][ T30] ? __pfx_kthread+0x10/0x10 [ 1288.364995][ T30] ret_from_fork_asm+0x1a/0x30 [ 1288.380484][ T30] [ 1288.383678][ T30] INFO: task kworker/u8:6:2513 blocked for more than 144 seconds. [ 1288.396472][ T30] Not tainted 6.11.0-syzkaller-09959-gabf2050f51fd #0 [ 1288.403812][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1288.424716][ T30] task:kworker/u8:6 state:D stack:18968 pid:2513 tgid:2513 ppid:2 flags:0x00004000 [ 1288.437000][ T30] Workqueue: events_unbound linkwatch_event [ 1288.442984][ T30] Call Trace: [ 1288.471220][ T30] [ 1288.474226][ T30] __schedule+0x1895/0x4b30 [ 1288.486912][ T30] ? __pfx___schedule+0x10/0x10 [ 1288.491846][ T30] ? __pfx_lock_release+0x10/0x10 [ 1288.506164][ T30] ? __mutex_trylock_common+0x92/0x2e0 [ 1288.512806][ T30] ? kthread_data+0x52/0xd0 [ 1288.526367][ T30] ? schedule+0x90/0x320 [ 1288.531091][ T30] ? wq_worker_sleeping+0x66/0x240 [ 1288.545851][ T30] ? schedule+0x90/0x320 [ 1288.550174][ T30] schedule+0x14b/0x320 [ 1288.554382][ T30] schedule_preempt_disabled+0x13/0x30 [ 1288.570140][ T30] __mutex_lock+0x6a7/0xd70 [ 1288.574747][ T30] ? __mutex_lock+0x52a/0xd70 [ 1288.586805][ T30] ? linkwatch_event+0xe/0x60 [ 1288.591588][ T30] ? __pfx___mutex_lock+0x10/0x10 [ 1288.606295][ T30] ? process_scheduled_works+0x976/0x1850 [ 1288.613868][ T30] linkwatch_event+0xe/0x60 [ 1288.626684][ T30] process_scheduled_works+0xa63/0x1850 [ 1288.632349][ T30] ? __pfx_process_scheduled_works+0x10/0x10 [ 1288.647654][ T30] ? assign_work+0x364/0x3d0 [ 1288.652341][ T30] worker_thread+0x870/0xd30 [ 1288.664597][ T30] ? __kthread_parkme+0x169/0x1d0 [ 1288.672988][ T30] ? __pfx_worker_thread+0x10/0x10 [ 1288.687424][ T30] kthread+0x2f0/0x390 [ 1288.691591][ T30] ? __pfx_worker_thread+0x10/0x10 [ 1288.705605][ T30] ? __pfx_kthread+0x10/0x10 [ 1288.710931][ T30] ret_from_fork+0x4b/0x80 [ 1288.717755][ T30] ? __pfx_kthread+0x10/0x10 [ 1288.722407][ T30] ret_from_fork_asm+0x1a/0x30 [ 1288.735893][ T30] [ 1288.740998][ T30] INFO: task syz-executor:21473 blocked for more than 144 seconds. [ 1288.755963][ T30] Not tainted 6.11.0-syzkaller-09959-gabf2050f51fd #0 [ 1288.763303][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1288.782132][ T30] task:syz-executor state:D stack:20992 pid:21473 tgid:21473 ppid:1 flags:0x00004006 [ 1288.796128][ T30] Call Trace: [ 1288.799465][ T30] [ 1288.802433][ T30] __schedule+0x1895/0x4b30 [ 1288.820053][ T30] ? __pfx___schedule+0x10/0x10 [ 1288.825008][ T30] ? __pfx_lock_release+0x10/0x10 [ 1288.836399][ T30] ? __mutex_trylock_common+0x92/0x2e0 [ 1288.841941][ T30] ? schedule+0x90/0x320 [ 1288.857032][ T30] schedule+0x14b/0x320 [ 1288.861360][ T30] schedule_preempt_disabled+0x13/0x30 [ 1288.875921][ T30] __mutex_lock+0x6a7/0xd70 [ 1288.880514][ T30] ? __mutex_lock+0x52a/0xd70 [ 1288.885246][ T30] ? tun_chr_close+0x3b/0x1b0 [ 1288.900230][ T30] ? __pfx___mutex_lock+0x10/0x10 [ 1288.905346][ T30] ? __pfx_call_rcu+0x10/0x10 [ 1288.916321][ T30] tun_chr_close+0x3b/0x1b0 [ 1288.922812][ T30] ? __pfx_tun_chr_close+0x10/0x10 [ 1288.940099][ T30] __fput+0x23f/0x880 [ 1288.944175][ T30] task_work_run+0x24f/0x310 [ 1288.954172][ T30] ? kasan_quarantine_put+0xdc/0x230 [ 1288.964561][ T30] ? __pfx_task_work_run+0x10/0x10 [ 1288.974856][ T30] ? do_exit+0xa2a/0x28e0 [ 1288.985175][ T30] ? kmem_cache_free+0x1a2/0x420 [ 1288.995904][ T30] ? do_exit+0xa2a/0x28e0 [ 1289.000322][ T30] do_exit+0xa2f/0x28e0 [ 1289.004530][ T30] ? __pfx_do_exit+0x10/0x10 [ 1289.019894][ T30] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 1289.033877][ T30] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 1289.052232][ T30] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 1289.062695][ T30] ? _raw_spin_lock_irq+0xdf/0x120 [ 1289.074279][ T30] do_group_exit+0x207/0x2c0 [ 1289.083601][ T30] ? _raw_spin_unlock_irq+0x23/0x50 [ 1289.095932][ T30] ? lockdep_hardirqs_on+0x99/0x150 [ 1289.101226][ T30] get_signal+0x176f/0x1810 [ 1289.115256][ T30] ? __pfx_get_signal+0x10/0x10 [ 1289.120577][ T30] ? __pfx_vfs_read+0x10/0x10 [ 1289.126898][ T30] arch_do_signal_or_restart+0x96/0x860 [ 1289.132521][ T30] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 1289.147221][ T30] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 1289.153310][ T30] ? syscall_exit_to_user_mode+0xa3/0x370 [ 1289.173354][ T30] syscall_exit_to_user_mode+0xc9/0x370 [ 1289.185911][ T30] do_syscall_64+0x100/0x230 [ 1289.190590][ T30] ? clear_bhb_loop+0x35/0x90 [ 1289.195332][ T30] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1289.212322][ T30] RIP: 0033:0x7f963117c93c [ 1289.222011][ T30] RSP: 002b:00007f963145fd90 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1289.235820][ T30] RAX: fffffffffffffe00 RBX: 0000000000000003 RCX: 00007f963117c93c [ 1289.243866][ T30] RDX: 0000000000000028 RSI: 00007f963145fe40 RDI: 00000000000000f9 [ 1289.270382][ T30] RBP: 00007f963145fdec R08: 0000000000000000 R09: 0079746972756365 [ 1289.286014][ T30] R10: 00007f96313087e0 R11: 0000000000000246 R12: 000055555ea175eb [ 1289.294066][ T30] R13: 000055555ea17590 R14: 0000000000106c4c R15: 00007f963145fe40 [ 1289.312012][ T30] [ 1289.315114][ T30] INFO: task syz.1.3640:22136 blocked for more than 145 seconds. [ 1289.327020][ T30] Not tainted 6.11.0-syzkaller-09959-gabf2050f51fd #0 [ 1289.335640][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1289.353787][ T30] task:syz.1.3640 state:D stack:22160 pid:22136 tgid:22135 ppid:20768 flags:0x00004006 [ 1289.366228][ T30] Call Trace: [ 1289.369563][ T30] [ 1289.372713][ T30] __schedule+0x1895/0x4b30 [ 1289.391974][ T30] ? __pfx___schedule+0x10/0x10 [ 1289.403433][ T30] ? __pfx_lock_release+0x10/0x10 [ 1289.411581][ T30] ? __mutex_trylock_common+0x92/0x2e0 [ 1289.426558][ T30] ? schedule+0x90/0x320 [ 1289.431742][ T30] schedule+0x14b/0x320 [ 1289.446308][ T30] schedule_preempt_disabled+0x13/0x30 [ 1289.451863][ T30] __mutex_lock+0x6a7/0xd70 [ 1289.465535][ T30] ? __mutex_lock+0x52a/0xd70 [ 1289.472462][ T30] ? tun_chr_close+0x3b/0x1b0 [ 1289.496328][ T30] ? __pfx___mutex_lock+0x10/0x10 [ 1289.501469][ T30] ? __pfx_call_rcu+0x10/0x10 [ 1289.515997][ T30] tun_chr_close+0x3b/0x1b0 [ 1289.520777][ T30] ? __pfx_tun_chr_close+0x10/0x10 [ 1289.535878][ T30] __fput+0x23f/0x880 [ 1289.539971][ T30] task_work_run+0x24f/0x310 [ 1289.544612][ T30] ? kasan_quarantine_put+0xdc/0x230 [ 1289.559240][ T30] ? __pfx_task_work_run+0x10/0x10 [ 1289.564453][ T30] ? do_exit+0xa2a/0x28e0 [ 1289.578138][ T30] ? kmem_cache_free+0x1a2/0x420 [ 1289.583268][ T30] ? do_exit+0xa2a/0x28e0 [ 1289.598585][ T30] do_exit+0xa2f/0x28e0 [ 1289.602840][ T30] ? __pfx_do_exit+0x10/0x10 [ 1289.617674][ T30] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 1289.623972][ T30] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 1289.640498][ T30] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 1289.653865][ T30] ? _raw_spin_lock_irq+0xdf/0x120 [ 1289.664074][ T30] do_group_exit+0x207/0x2c0 [ 1289.673868][ T30] ? _raw_spin_unlock_irq+0x23/0x50 [ 1289.684306][ T30] ? lockdep_hardirqs_on+0x99/0x150 [ 1289.695216][ T30] get_signal+0x176f/0x1810 [ 1289.705935][ T30] ? __pfx_get_signal+0x10/0x10 [ 1289.710883][ T30] ? do_futex+0x33b/0x560 [ 1289.715278][ T30] arch_do_signal_or_restart+0x96/0x860 [ 1289.732348][ T30] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 1289.745957][ T30] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 1289.752072][ T30] ? syscall_exit_to_user_mode+0xa3/0x370 [ 1289.767497][ T30] syscall_exit_to_user_mode+0xc9/0x370 [ 1289.773246][ T30] do_syscall_64+0x100/0x230 [ 1289.785385][ T30] ? clear_bhb_loop+0x35/0x90 [ 1289.794375][ T30] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1289.806120][ T30] RIP: 0033:0x7f467837def9 [ 1289.810629][ T30] RSP: 002b:00007f46790970e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 1289.829447][ T30] RAX: fffffffffffffe00 RBX: 00007f4678535f88 RCX: 00007f467837def9 [ 1289.846226][ T30] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f4678535f88 [ 1289.854369][ T30] RBP: 00007f4678535f80 R08: 0000000000000000 R09: 0000000000000000 [ 1289.872120][ T30] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f4678535f8c [ 1289.884173][ T30] R13: 0000000000000000 R14: 00007f467865f940 R15: 00007f467865fa28 [ 1289.895831][ T30] [ 1289.903806][ T30] INFO: task syz-executor:22172 blocked for more than 145 seconds. [ 1289.923670][ T30] Not tainted 6.11.0-syzkaller-09959-gabf2050f51fd #0 [ 1289.932729][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1289.947256][ T30] task:syz-executor state:D stack:26736 pid:22172 tgid:22172 ppid:1 flags:0x00004006 [ 1289.968489][ T30] Call Trace: [ 1289.971841][ T30] [ 1289.974808][ T30] __schedule+0x1895/0x4b30 [ 1289.986445][ T30] ? __pfx___schedule+0x10/0x10 [ 1289.991383][ T30] ? __pfx_lock_release+0x10/0x10 [ 1290.007189][ T30] ? __mutex_trylock_common+0x92/0x2e0 [ 1290.012742][ T30] ? schedule+0x90/0x320 [ 1290.025986][ T30] schedule+0x14b/0x320 [ 1290.030258][ T30] schedule_preempt_disabled+0x13/0x30 [ 1290.039501][ T30] __mutex_lock+0x6a7/0xd70 [ 1290.044111][ T30] ? __mutex_lock+0x52a/0xd70 [ 1290.059164][ T30] ? register_nexthop_notifier+0x84/0x290 [ 1290.065422][ T30] ? __pfx___mutex_lock+0x10/0x10 [ 1290.076232][ T30] ? __asan_memset+0x23/0x50 [ 1290.080915][ T30] register_nexthop_notifier+0x84/0x290 [ 1290.097837][ T30] ? __pfx_lockdep_init_map_type+0x10/0x10 [ 1290.103738][ T30] ? __pfx_debug_check_no_locks_freed+0x10/0x10 [ 1290.116355][ T30] ? __pfx_register_nexthop_notifier+0x10/0x10 [ 1290.122657][ T30] ? __asan_memset+0x23/0x50 [ 1290.141307][ T30] ops_init+0x31e/0x590 [ 1290.145565][ T30] ? lockdep_init_map_type+0xa1/0x910 [ 1290.155956][ T30] setup_net+0x287/0x9e0 [ 1290.160317][ T30] ? __pfx_down_read_killable+0x10/0x10 [ 1290.177464][ T30] ? __pfx_setup_net+0x10/0x10 [ 1290.182433][ T30] copy_net_ns+0x33f/0x570 [ 1290.195966][ T30] create_new_namespaces+0x425/0x7b0 [ 1290.201422][ T30] unshare_nsproxy_namespaces+0x124/0x180 [ 1290.216286][ T30] ksys_unshare+0x619/0xc10 [ 1290.220905][ T30] ? __pfx_ksys_unshare+0x10/0x10 [ 1290.237990][ T30] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 1290.244087][ T30] ? do_syscall_64+0x100/0x230 [ 1290.255940][ T30] __x64_sys_unshare+0x38/0x40 [ 1290.260987][ T30] do_syscall_64+0xf3/0x230 [ 1290.265580][ T30] ? clear_bhb_loop+0x35/0x90 [ 1290.285017][ T30] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1290.295835][ T30] RIP: 0033:0x7ff22817f6f7 [ 1290.300602][ T30] RSP: 002b:00007ff22845ffa8 EFLAGS: 00000206 ORIG_RAX: 0000000000000110 [ 1290.320470][ T30] RAX: ffffffffffffffda RBX: 00007ff2281f22ec RCX: 00007ff22817f6f7 [ 1290.335032][ T30] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000000 [ 1290.345826][ T30] RBP: 0000000000000000 R08: 00007ff228e67d60 R09: 0000000000000000 [ 1290.365585][ T30] R10: 0000000000000000 R11: 0000000000000206 R12: 000000000000000c [ 1290.385138][ T30] R13: 0000000000000003 R14: 0000000000000009 R15: 0000000000000000 [ 1290.395078][ T30] [ 1290.407457][ T30] INFO: task syz-executor:22173 blocked for more than 146 seconds. [ 1290.415520][ T30] Not tainted 6.11.0-syzkaller-09959-gabf2050f51fd #0 [ 1290.432504][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1290.444475][ T30] task:syz-executor state:D stack:26512 pid:22173 tgid:22173 ppid:1 flags:0x00004006 [ 1290.468836][ T30] Call Trace: [ 1290.472610][ T30] [ 1290.475633][ T30] __schedule+0x1895/0x4b30 [ 1290.486859][ T30] ? __pfx___schedule+0x10/0x10 [ 1290.491910][ T30] ? __pfx_lock_release+0x10/0x10 [ 1290.509521][ T30] ? __mutex_trylock_common+0x92/0x2e0 [ 1290.515177][ T30] ? schedule+0x90/0x320 [ 1290.534635][ T30] schedule+0x14b/0x320 [ 1290.547622][ T30] schedule_preempt_disabled+0x13/0x30 [ 1290.553182][ T30] __mutex_lock+0x6a7/0xd70 [ 1290.565933][ T30] ? __mutex_lock+0x52a/0xd70 [ 1290.570803][ T30] ? register_nexthop_notifier+0x84/0x290 [ 1290.587420][ T30] ? __pfx___mutex_lock+0x10/0x10 [ 1290.592568][ T30] ? __asan_memset+0x23/0x50 [ 1290.606275][ T30] register_nexthop_notifier+0x84/0x290 [ 1290.612023][ T30] ? __pfx_lockdep_init_map_type+0x10/0x10 [ 1290.635914][ T30] ? __pfx_debug_check_no_locks_freed+0x10/0x10 [ 1290.642373][ T30] ? __pfx_register_nexthop_notifier+0x10/0x10 [ 1290.657450][ T30] ? __asan_memset+0x23/0x50 [ 1290.664869][ T30] ops_init+0x31e/0x590 [ 1290.678163][ T30] ? lockdep_init_map_type+0xa1/0x910 [ 1290.683639][ T30] setup_net+0x287/0x9e0 [ 1290.698042][ T30] ? __pfx_down_read_killable+0x10/0x10 [ 1290.703686][ T30] ? __pfx_setup_net+0x10/0x10 [ 1290.715909][ T30] copy_net_ns+0x33f/0x570 [ 1290.720427][ T30] create_new_namespaces+0x425/0x7b0 [ 1290.737567][ T30] unshare_nsproxy_namespaces+0x124/0x180 [ 1290.743383][ T30] ksys_unshare+0x619/0xc10 [ 1290.757128][ T30] ? __pfx_ksys_unshare+0x10/0x10 [ 1290.763499][ T30] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 1290.781000][ T30] ? do_syscall_64+0x100/0x230 [ 1290.792148][ T30] __x64_sys_unshare+0x38/0x40 [ 1290.801401][ T30] do_syscall_64+0xf3/0x230 [ 1290.812227][ T30] ? clear_bhb_loop+0x35/0x90 [ 1290.822100][ T30] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1290.834291][ T30] RIP: 0033:0x7fa17df7f6f7 [ 1290.844055][ T30] RSP: 002b:00007fa17e25ffa8 EFLAGS: 00000206 ORIG_RAX: 0000000000000110 [ 1290.860288][ T30] RAX: ffffffffffffffda RBX: 00007fa17dff22ec RCX: 00007fa17df7f6f7 [ 1290.874552][ T30] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000000 [ 1290.888114][ T30] RBP: 0000000000000000 R08: 00007fa17ec67d60 R09: 0000000000000000 [ 1290.903643][ T30] R10: 0000000000000000 R11: 0000000000000206 R12: 000000000000000c [ 1290.915835][ T30] R13: 0000000000000003 R14: 0000000000000009 R15: 0000000000000000 [ 1290.923898][ T30] [ 1290.937252][ T30] INFO: task syz-executor:22174 blocked for more than 146 seconds. [ 1290.955878][ T30] Not tainted 6.11.0-syzkaller-09959-gabf2050f51fd #0 [ 1290.963225][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1290.982443][ T30] task:syz-executor state:D stack:26736 pid:22174 tgid:22174 ppid:1 flags:0x00004004 [ 1290.996958][ T30] Call Trace: [ 1291.000299][ T30] [ 1291.003269][ T30] __schedule+0x1895/0x4b30 [ 1291.018468][ T30] ? __pfx___schedule+0x10/0x10 [ 1291.023415][ T30] ? __pfx_lock_release+0x10/0x10 [ 1291.035911][ T30] ? __mutex_trylock_common+0x92/0x2e0 [ 1291.041474][ T30] ? schedule+0x90/0x320 [ 1291.057246][ T30] schedule+0x14b/0x320 [ 1291.061579][ T30] schedule_preempt_disabled+0x13/0x30 [ 1291.075850][ T30] __mutex_lock+0x6a7/0xd70 [ 1291.080457][ T30] ? __mutex_lock+0x52a/0xd70 [ 1291.096179][ T30] ? register_nexthop_notifier+0x84/0x290 [ 1291.102029][ T30] ? __pfx___mutex_lock+0x10/0x10 [ 1291.116324][ T30] ? __asan_memset+0x23/0x50 [ 1291.121009][ T30] register_nexthop_notifier+0x84/0x290 [ 1291.137520][ T30] ? __pfx_lockdep_init_map_type+0x10/0x10 [ 1291.143419][ T30] ? __pfx_debug_check_no_locks_freed+0x10/0x10 [ 1291.159533][ T30] ? __pfx_register_nexthop_notifier+0x10/0x10 [ 1291.173556][ T30] ? __asan_memset+0x23/0x50 [ 1291.184559][ T30] ops_init+0x31e/0x590 [ 1291.191991][ T30] ? lockdep_init_map_type+0xa1/0x910 [ 1291.204857][ T30] setup_net+0x287/0x9e0 [ 1291.213321][ T30] ? __pfx_down_read_killable+0x10/0x10 [ 1291.225935][ T30] ? __pfx_setup_net+0x10/0x10 [ 1291.230809][ T30] copy_net_ns+0x33f/0x570 [ 1291.235288][ T30] create_new_namespaces+0x425/0x7b0 [ 1291.250445][ T30] unshare_nsproxy_namespaces+0x124/0x180 [ 1291.267686][ T30] ksys_unshare+0x619/0xc10 [ 1291.272302][ T30] ? __pfx_ksys_unshare+0x10/0x10 [ 1291.285898][ T30] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 1291.296441][ T30] ? do_syscall_64+0x100/0x230 [ 1291.301303][ T30] __x64_sys_unshare+0x38/0x40 [ 1291.316489][ T30] do_syscall_64+0xf3/0x230 [ 1291.321115][ T30] ? clear_bhb_loop+0x35/0x90 [ 1291.335968][ T30] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1291.341972][ T30] RIP: 0033:0x7f53fef7f6f7 [ 1291.357582][ T30] RSP: 002b:00007f53ff25ffa8 EFLAGS: 00000206 ORIG_RAX: 0000000000000110 [ 1291.375148][ T30] RAX: ffffffffffffffda RBX: 00007f53feff22ec RCX: 00007f53fef7f6f7 [ 1291.385020][ T30] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000000 [ 1291.405092][ T30] RBP: 0000000000000000 R08: 00007f53ffc67d60 R09: 0000000000000000 [ 1291.425184][ T30] R10: 0000000000000000 R11: 0000000000000206 R12: 000000000000000c [ 1291.434978][ T30] R13: 0000000000000003 R14: 0000000000000009 R15: 0000000000000000 [ 1291.452903][ T30] [ 1291.456671][ T30] INFO: task syz-executor:22175 blocked for more than 147 seconds. [ 1291.464622][ T30] Not tainted 6.11.0-syzkaller-09959-gabf2050f51fd #0 [ 1291.490219][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1291.511972][ T30] task:syz-executor state:D stack:26512 pid:22175 tgid:22175 ppid:1 flags:0x00004004 [ 1291.533366][ T30] Call Trace: [ 1291.537145][ T30] [ 1291.540130][ T30] __schedule+0x1895/0x4b30 [ 1291.544710][ T30] ? __pfx___schedule+0x10/0x10 [ 1291.559757][ T30] ? __pfx_lock_release+0x10/0x10 [ 1291.564876][ T30] ? __mutex_trylock_common+0x92/0x2e0 [ 1291.585859][ T30] ? schedule+0x90/0x320 [ 1291.590190][ T30] schedule+0x14b/0x320 [ 1291.594420][ T30] schedule_preempt_disabled+0x13/0x30 [ 1291.612760][ T30] __mutex_lock+0x6a7/0xd70 [ 1291.625699][ T30] ? __mutex_lock+0x52a/0xd70 [ 1291.635479][ T30] ? register_nexthop_notifier+0x84/0x290 [ 1291.646253][ T30] ? __pfx___mutex_lock+0x10/0x10 [ 1291.651380][ T30] ? __asan_memset+0x23/0x50 [ 1291.667351][ T30] register_nexthop_notifier+0x84/0x290 [ 1291.673084][ T30] ? __pfx_lockdep_init_map_type+0x10/0x10 [ 1291.689033][ T30] ? __pfx_debug_check_no_locks_freed+0x10/0x10 [ 1291.695380][ T30] ? __pfx_register_nexthop_notifier+0x10/0x10 [ 1291.714021][ T30] ? __asan_memset+0x23/0x50 [ 1291.721529][ T30] ops_init+0x31e/0x590 [ 1291.735957][ T30] ? lockdep_init_map_type+0xa1/0x910 [ 1291.741441][ T30] setup_net+0x287/0x9e0 [ 1291.745749][ T30] ? __pfx_down_read_killable+0x10/0x10 [ 1291.761661][ T30] ? __pfx_setup_net+0x10/0x10 [ 1291.775917][ T30] copy_net_ns+0x33f/0x570 [ 1291.780435][ T30] create_new_namespaces+0x425/0x7b0 [ 1291.787758][ T30] unshare_nsproxy_namespaces+0x124/0x180 [ 1291.793603][ T30] ksys_unshare+0x619/0xc10 [ 1291.809733][ T30] ? __pfx_ksys_unshare+0x10/0x10 [ 1291.814847][ T30] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 1291.825864][ T30] ? do_syscall_64+0x100/0x230 [ 1291.830732][ T30] __x64_sys_unshare+0x38/0x40 [ 1291.835550][ T30] do_syscall_64+0xf3/0x230 [ 1291.853955][ T30] ? clear_bhb_loop+0x35/0x90 [ 1291.863879][ T30] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1291.874900][ T30] RIP: 0033:0x7fea6877f6f7 [ 1291.885702][ T30] RSP: 002b:00007fea68a5ffa8 EFLAGS: 00000206 ORIG_RAX: 0000000000000110 [ 1291.895754][ T30] RAX: ffffffffffffffda RBX: 00007fea687f22ec RCX: 00007fea6877f6f7 [ 1291.913839][ T30] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000000 [ 1291.932151][ T30] RBP: 0000000000000000 R08: 00007fea69467d60 R09: 0000000000000000 [ 1291.944133][ T30] R10: 0000000000000000 R11: 0000000000000206 R12: 000000000000000c [ 1291.957226][ T30] R13: 0000000000000003 R14: 0000000000000009 R15: 0000000000000000 [ 1291.965298][ T30] [ 1291.979673][ T30] INFO: task syz-executor:22176 blocked for more than 147 seconds. [ 1291.991621][ T30] Not tainted 6.11.0-syzkaller-09959-gabf2050f51fd #0 [ 1292.005866][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1292.014587][ T30] task:syz-executor state:D stack:26512 pid:22176 tgid:22176 ppid:1 flags:0x00004004 [ 1292.036666][ T30] Call Trace: [ 1292.040012][ T30] [ 1292.042979][ T30] __schedule+0x1895/0x4b30 [ 1292.060427][ T30] ? __pfx___schedule+0x10/0x10 [ 1292.065370][ T30] ? __pfx_lock_release+0x10/0x10 [ 1292.079551][ T30] ? __mutex_trylock_common+0x92/0x2e0 [ 1292.085098][ T30] ? schedule+0x90/0x320 [ 1292.093735][ T30] schedule+0x14b/0x320 [ 1292.106446][ T30] schedule_preempt_disabled+0x13/0x30 [ 1292.114903][ T30] __mutex_lock+0x6a7/0xd70 [ 1292.126222][ T30] ? __mutex_lock+0x52a/0xd70 [ 1292.130986][ T30] ? register_nexthop_notifier+0x84/0x290 [ 1292.153892][ T30] ? __pfx___mutex_lock+0x10/0x10 [ 1292.159478][ T30] ? __asan_memset+0x23/0x50 [ 1292.164141][ T30] register_nexthop_notifier+0x84/0x290 [ 1292.181403][ T30] ? __pfx_lockdep_init_map_type+0x10/0x10 [ 1292.194788][ T30] ? __pfx_debug_check_no_locks_freed+0x10/0x10 [ 1292.205826][ T30] ? __pfx_register_nexthop_notifier+0x10/0x10 [ 1292.213088][ T30] ? __asan_memset+0x23/0x50 [ 1292.226405][ T30] ops_init+0x31e/0x590 [ 1292.230654][ T30] ? lockdep_init_map_type+0xa1/0x910 [ 1292.246678][ T30] setup_net+0x287/0x9e0 [ 1292.250999][ T30] ? __pfx_down_read_killable+0x10/0x10 [ 1292.266230][ T30] ? __pfx_setup_net+0x10/0x10 [ 1292.271089][ T30] copy_net_ns+0x33f/0x570 [ 1292.275563][ T30] create_new_namespaces+0x425/0x7b0 [ 1292.291805][ T30] unshare_nsproxy_namespaces+0x124/0x180 [ 1292.306217][ T30] ksys_unshare+0x619/0xc10 [ 1292.310820][ T30] ? __pfx_ksys_unshare+0x10/0x10 [ 1292.324999][ T30] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 1292.333110][ T30] ? do_syscall_64+0x100/0x230 [ 1292.346105][ T30] __x64_sys_unshare+0x38/0x40 [ 1292.351037][ T30] do_syscall_64+0xf3/0x230 [ 1292.355685][ T30] ? clear_bhb_loop+0x35/0x90 [ 1292.370843][ T30] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1292.385906][ T30] RIP: 0033:0x7f083377f6f7 [ 1292.390442][ T30] RSP: 002b:00007f0833a5ffa8 EFLAGS: 00000206 ORIG_RAX: 0000000000000110 [ 1292.410438][ T30] RAX: ffffffffffffffda RBX: 00007f08337f22ec RCX: 00007f083377f6f7 [ 1292.425842][ T30] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000000 [ 1292.433882][ T30] RBP: 0000000000000000 R08: 00007f0834467d60 R09: 0000000000000000 [ 1292.451251][ T30] R10: 0000000000000000 R11: 0000000000000206 R12: 000000000000000c [ 1292.464488][ T30] R13: 0000000000000003 R14: 0000000000000009 R15: 0000000000000000 [ 1292.480082][ T30] [ 1292.483182][ T30] [ 1292.483182][ T30] Showing all locks held in the system: [ 1292.496834][ T30] 1 lock held by khungtaskd/30: [ 1292.501741][ T30] #0: ffffffff8e937ee0 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x55/0x2a0 [ 1292.523008][ T30] 7 locks held by kworker/1:1/51: [ 1292.534414][ T30] 3 locks held by kworker/u8:4/63: [ 1292.545897][ T30] #0: ffff88802df09948 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850 [ 1292.567042][ T30] #1: ffffc900015e7d00 ((work_completion)(&(&ifa->dad_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850 [ 1292.585859][ T30] #2: ffffffff8fccdc48 (rtnl_mutex){+.+.}-{3:3}, at: addrconf_dad_work+0xd0/0x16f0 [ 1292.595398][ T30] 3 locks held by kworker/0:2/1171: [ 1292.629029][ T30] #0: ffff88801ac81948 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850 [ 1292.654166][ T30] #1: ffffc900043cfd00 ((reg_check_chans).work){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850 [ 1292.666520][ T30] #2: ffffffff8fccdc48 (rtnl_mutex){+.+.}-{3:3}, at: reg_check_chans_work+0x99/0xfd0 [ 1292.686635][ T30] 3 locks held by kworker/1:2/1845: [ 1292.691986][ T30] 3 locks held by kworker/u8:6/2513: [ 1292.706466][ T30] #0: ffff88801ac89148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850 [ 1292.730585][ T30] #1: ffffc90009227d00 ((linkwatch_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850 [ 1292.748097][ T30] #2: ffffffff8fccdc48 (rtnl_mutex){+.+.}-{3:3}, at: linkwatch_event+0xe/0x60 [ 1292.771656][ T30] 4 locks held by kworker/u8:7/2531: [ 1292.783250][ T30] #0: ffff88801baed948 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850 [ 1292.799291][ T30] #1: ffffc900092e7d00 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850 [ 1292.815813][ T30] #2: ffffffff8fcc1150 (pernet_ops_rwsem){++++}-{3:3}, at: cleanup_net+0x16a/0xcc0 [ 1292.825336][ T30] #3: ffffffff8fccdc48 (rtnl_mutex){+.+.}-{3:3}, at: wg_netns_pre_exit+0x1f/0x1e0 [ 1292.844852][ T30] 2 locks held by dhcpcd/4896: [ 1292.851286][ T30] #0: ffff88802d68c6c8 (nlk_cb_mutex-ROUTE){+.+.}-{3:3}, at: __netlink_dump_start+0x119/0x790 [ 1292.871515][ T30] #1: ffffffff8fccdc48 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_dumpit+0x99/0x200 [ 1292.884682][ T30] 2 locks held by getty/4986: [ 1292.897373][ T30] #0: ffff8880322090a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 1292.917937][ T30] #1: ffffc90002f062f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x6a6/0x1e00 [ 1292.936455][ T30] 3 locks held by kworker/0:3/5281: [ 1292.941716][ T30] #0: ffff88801ac80948 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850 [ 1292.963968][ T30] #1: ffffc900041d7d00 (deferred_process_work){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850 [ 1292.976878][ T30] #2: ffffffff8fccdc48 (rtnl_mutex){+.+.}-{3:3}, at: switchdev_deferred_process_work+0xe/0x20 [ 1292.995849][ T30] 7 locks held by kworker/1:9/5305: [ 1293.001109][ T30] 5 locks held by kworker/1:3/13690: [ 1293.015711][ T30] 1 lock held by syz-executor/21473: [ 1293.023263][ T30] #0: ffffffff8fccdc48 (rtnl_mutex){+.+.}-{3:3}, at: tun_chr_close+0x3b/0x1b0 [ 1293.041490][ T30] 2 locks held by syz.4.3533/21688: [ 1293.051856][ T30] #0: ffffffff8fccdc48 (rtnl_mutex){+.+.}-{3:3}, at: tun_chr_close+0x3b/0x1b0 [ 1293.066060][ T30] #1: ffffffff8e7d1dd0 (cpu_hotplug_lock){++++}-{0:0}, at: unregister_netdevice_many_notify+0x5ea/0x1da0 [ 1293.088595][ T30] 1 lock held by syz-executor/21858: [ 1293.093940][ T30] #0: ffffffff8fccdc48 (rtnl_mutex){+.+.}-{3:3}, at: netdev_run_todo+0x7b2/0x1000 [ 1293.115832][ T30] 1 lock held by syz.1.3640/22136: [ 1293.122719][ T30] #0: ffffffff8fccdc48 (rtnl_mutex){+.+.}-{3:3}, at: tun_chr_close+0x3b/0x1b0 [ 1293.142517][ T30] 2 locks held by syz-executor/22172: [ 1293.148199][ T30] #0: ffffffff8fcc1150 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x328/0x570 [ 1293.168357][ T30] #1: ffffffff8fccdc48 (rtnl_mutex){+.+.}-{3:3}, at: register_nexthop_notifier+0x84/0x290 [ 1293.190062][ T30] 2 locks held by syz-executor/22173: [ 1293.195508][ T30] #0: ffffffff8fcc1150 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x328/0x570 [ 1293.211393][ T30] #1: ffffffff8fccdc48 (rtnl_mutex){+.+.}-{3:3}, at: register_nexthop_notifier+0x84/0x290 [ 1293.229390][ T30] 2 locks held by syz-executor/22174: [ 1293.234823][ T30] #0: ffffffff8fcc1150 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x328/0x570 [ 1293.251339][ T30] #1: ffffffff8fccdc48 (rtnl_mutex){+.+.}-{3:3}, at: register_nexthop_notifier+0x84/0x290 [ 1293.267239][ T30] 2 locks held by syz-executor/22175: [ 1293.272678][ T30] #0: ffffffff8fcc1150 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x328/0x570 [ 1293.291400][ T30] #1: ffffffff8fccdc48 (rtnl_mutex){+.+.}-{3:3}, at: register_nexthop_notifier+0x84/0x290 [ 1293.305816][ T30] 2 locks held by syz-executor/22176: [ 1293.311251][ T30] #0: ffffffff8fcc1150 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x328/0x570 [ 1293.331805][ T30] #1: ffffffff8fccdc48 (rtnl_mutex){+.+.}-{3:3}, at: register_nexthop_notifier+0x84/0x290 [ 1293.361113][ T30] 1 lock held by syz-executor/22184: [ 1293.371670][ T30] #0: ffffffff8fccdc48 (rtnl_mutex){+.+.}-{3:3}, at: __tun_chr_ioctl+0x48c/0x2400 [ 1293.387817][ T30] 2 locks held by syz-executor/22188: [ 1293.393254][ T30] #0: ffffffff8fcc1150 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x328/0x570 [ 1293.415820][ T30] #1: ffffffff8fccdc48 (rtnl_mutex){+.+.}-{3:3}, at: register_nexthop_notifier+0x84/0x290 [ 1293.435825][ T30] 2 locks held by syz-executor/22189: [ 1293.441266][ T30] #0: ffffffff8fcc1150 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x328/0x570 [ 1293.464107][ T30] #1: ffffffff8fccdc48 (rtnl_mutex){+.+.}-{3:3}, at: register_nexthop_notifier+0x84/0x290 [ 1293.478230][ T30] 7 locks held by syz-executor/22190: [ 1293.483715][ T30] #0: ffff88807402c420 (sb_writers#8){.+.+}-{0:0}, at: vfs_write+0x224/0xc90 [ 1293.501471][ T30] #1: ffff888030399c88 (&of->mutex){+.+.}-{3:3}, at: kernfs_fop_write_iter+0x1ea/0x500 [ 1293.514703][ T30] #2: ffff88802724d968 (kn->active#49){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x20e/0x500 [ 1293.535126][ T30] #3: ffffffff8f56d3e8 (nsim_bus_dev_list_lock){+.+.}-{3:3}, at: del_device_store+0xfc/0x480 [ 1293.557513][ T30] #4: ffff8880252d30e8 (&dev->mutex){....}-{3:3}, at: device_release_driver_internal+0xce/0x7c0 [ 1293.579605][ T30] #5: ffff8880252d2250 (&devlink->lock_key#70){+.+.}-{3:3}, at: nsim_drv_remove+0x50/0x160 [ 1293.595879][ T30] #6: ffffffff8fccdc48 (rtnl_mutex){+.+.}-{3:3}, at: nsim_destroy+0x71/0x5c0 [ 1293.604868][ T30] 2 locks held by syz-executor/22193: [ 1293.621289][ T30] #0: ffffffff8fcc1150 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x328/0x570 [ 1293.641873][ T30] #1: ffffffff8fccdc48 (rtnl_mutex){+.+.}-{3:3}, at: register_nexthop_notifier+0x84/0x290 [ 1293.674616][ T30] 2 locks held by syz-executor/22207: [ 1293.683030][ T30] #0: ffffffff8fcc1150 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x328/0x570 [ 1293.704044][ T30] #1: ffffffff8fccdc48 (rtnl_mutex){+.+.}-{3:3}, at: register_nexthop_notifier+0x84/0x290 [ 1293.716129][ T30] 2 locks held by syz-executor/22209: [ 1293.721557][ T30] #0: ffffffff8fcc1150 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x328/0x570 [ 1293.745967][ T30] #1: ffffffff8fccdc48 (rtnl_mutex){+.+.}-{3:3}, at: register_nexthop_notifier+0x84/0x290 [ 1293.765993][ T30] 2 locks held by syz-executor/22210: [ 1293.771438][ T30] #0: ffffffff8fcc1150 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x328/0x570 [ 1293.793873][ T30] #1: ffffffff8fccdc48 (rtnl_mutex){+.+.}-{3:3}, at: register_nexthop_notifier+0x84/0x290 [ 1293.808787][ T30] 2 locks held by syz-executor/22212: [ 1293.814220][ T30] #0: ffffffff8fcc1150 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x328/0x570 [ 1293.835663][ T30] #1: ffffffff8fccdc48 (rtnl_mutex){+.+.}-{3:3}, at: register_nexthop_notifier+0x84/0x290 [ 1293.856572][ T30] 2 locks held by syz-executor/22214: [ 1293.862127][ T30] #0: ffffffff8fcc1150 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x328/0x570 [ 1293.882879][ T30] #1: ffffffff8fccdc48 (rtnl_mutex){+.+.}-{3:3}, at: register_nexthop_notifier+0x84/0x290 [ 1293.894998][ T30] 2 locks held by syz-executor/22225: [ 1293.905811][ T30] #0: ffffffff8fcc1150 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x328/0x570 [ 1293.915414][ T30] #1: ffffffff8fccdc48 (rtnl_mutex){+.+.}-{3:3}, at: register_nexthop_notifier+0x84/0x290 [ 1293.935563][ T30] 2 locks held by syz-executor/22227: [ 1293.943856][ T30] #0: ffffffff8fcc1150 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x328/0x570 [ 1293.964060][ T30] #1: ffffffff8fccdc48 (rtnl_mutex){+.+.}-{3:3}, at: register_nexthop_notifier+0x84/0x290 [ 1293.979666][ T30] 2 locks held by syz-executor/22232: [ 1293.985188][ T30] #0: ffffffff8fcc1150 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x328/0x570 [ 1294.003822][ T30] #1: ffffffff8fccdc48 (rtnl_mutex){+.+.}-{3:3}, at: register_nexthop_notifier+0x84/0x290 [ 1294.018426][ T30] 2 locks held by syz-executor/22233: [ 1294.023853][ T30] #0: ffffffff8fcc1150 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x328/0x570 [ 1294.038926][ T30] #1: ffffffff8fccdc48 (rtnl_mutex){+.+.}-{3:3}, at: register_nexthop_notifier+0x84/0x290 [ 1294.062225][ T30] 2 locks held by syz-executor/22234: [ 1294.072741][ T30] #0: ffffffff8fcc1150 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x328/0x570 [ 1294.088476][ T30] #1: ffffffff8fccdc48 (rtnl_mutex){+.+.}-{3:3}, at: register_nexthop_notifier+0x84/0x290 [ 1294.105955][ T30] [ 1294.108350][ T30] ============================================= [ 1294.108350][ T30] [ 1294.129307][ T30] NMI backtrace for cpu 0 [ 1294.133701][ T30] CPU: 0 UID: 0 PID: 30 Comm: khungtaskd Not tainted 6.11.0-syzkaller-09959-gabf2050f51fd #0 [ 1294.144069][ T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 1294.154337][ T30] Call Trace: [ 1294.157738][ T30] [ 1294.160705][ T30] dump_stack_lvl+0x241/0x360 [ 1294.165442][ T30] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1294.170693][ T30] ? __pfx__printk+0x10/0x10 [ 1294.175344][ T30] nmi_cpu_backtrace+0x49c/0x4d0 [ 1294.180331][ T30] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 1294.185839][ T30] ? _printk+0xd5/0x120 [ 1294.190131][ T30] ? __pfx__printk+0x10/0x10 [ 1294.194775][ T30] ? __wake_up_klogd+0xcc/0x110 [ 1294.199672][ T30] ? __pfx__printk+0x10/0x10 [ 1294.204310][ T30] ? __rcu_read_unlock+0xa1/0x110 [ 1294.209382][ T30] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 1294.215409][ T30] nmi_trigger_cpumask_backtrace+0x198/0x320 [ 1294.221435][ T30] watchdog+0xff4/0x1040 [ 1294.225726][ T30] ? watchdog+0x1ea/0x1040 [ 1294.230302][ T30] ? __pfx_watchdog+0x10/0x10 [ 1294.235019][ T30] kthread+0x2f0/0x390 [ 1294.239120][ T30] ? __pfx_watchdog+0x10/0x10 [ 1294.243843][ T30] ? __pfx_kthread+0x10/0x10 [ 1294.248467][ T30] ret_from_fork+0x4b/0x80 [ 1294.252930][ T30] ? __pfx_kthread+0x10/0x10 [ 1294.257557][ T30] ret_from_fork_asm+0x1a/0x30 [ 1294.262380][ T30] [ 1294.266524][ T30] Sending NMI from CPU 0 to CPUs 1: [ 1294.271792][ C1] NMI backtrace for cpu 1 [ 1294.271807][ C1] CPU: 1 UID: 0 PID: 51 Comm: kworker/1:1 Not tainted 6.11.0-syzkaller-09959-gabf2050f51fd #0 [ 1294.271829][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 1294.271842][ C1] Workqueue: events_power_efficient neigh_periodic_work [ 1294.271870][ C1] RIP: 0010:__sanitizer_cov_trace_const_cmp4+0x2d/0x90 [ 1294.271898][ C1] Code: fa 4c 8b 04 24 65 48 8b 14 25 c0 d7 03 00 65 8b 05 60 1f 6f 7e 25 00 01 ff 00 74 10 3d 00 01 00 00 75 5b 83 ba 1c 16 00 00 00 <74> 52 8b 82 f8 15 00 00 83 f8 03 75 47 48 8b 8a 00 16 00 00 44 8b [ 1294.271914][ C1] RSP: 0018:ffffc90000a17b18 EFLAGS: 00000246 [ 1294.271930][ C1] RAX: 0000000000000100 RBX: 0000000000000001 RCX: 0000000080000101 [ 1294.271943][ C1] RDX: ffff8880206fbc00 RSI: 0000000000000001 RDI: 0000000000000000 [ 1294.271955][ C1] RBP: ffffc90000a17c90 R08: ffffffff8a3c6771 R09: 1ffffffff284bef8 [ 1294.271970][ C1] R10: dffffc0000000000 R11: fffffbfff284bef9 R12: ffff888024af7e30 [ 1294.271984][ C1] R13: ffff88814128fc20 R14: dffffc0000000000 R15: 00000000aa1414ac [ 1294.271999][ C1] FS: 0000000000000000(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000 [ 1294.272015][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1294.272028][ C1] CR2: 0000000020004000 CR3: 000000000e734000 CR4: 00000000003506f0 [ 1294.272045][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 1294.272056][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 1294.272068][ C1] Call Trace: [ 1294.272075][ C1] [ 1294.272084][ C1] ? nmi_cpu_backtrace+0x3c2/0x4d0 [ 1294.272105][ C1] ? __pfx_lock_acquire+0x10/0x10 [ 1294.272133][ C1] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 1294.272154][ C1] ? nmi_handle+0x2a/0x5a0 [ 1294.272180][ C1] ? nmi_cpu_backtrace_handler+0xc/0x20 [ 1294.272204][ C1] ? nmi_handle+0x14f/0x5a0 [ 1294.272222][ C1] ? nmi_handle+0x2a/0x5a0 [ 1294.272241][ C1] ? __sanitizer_cov_trace_const_cmp4+0x2d/0x90 [ 1294.272265][ C1] ? default_do_nmi+0x63/0x160 [ 1294.272286][ C1] ? exc_nmi+0x123/0x1f0 [ 1294.272307][ C1] ? end_repeat_nmi+0xf/0x53 [ 1294.272335][ C1] ? fib_table_lookup+0x151/0x1870 [ 1294.272356][ C1] ? __sanitizer_cov_trace_const_cmp4+0x2d/0x90 [ 1294.272380][ C1] ? __sanitizer_cov_trace_const_cmp4+0x2d/0x90 [ 1294.272411][ C1] ? __sanitizer_cov_trace_const_cmp4+0x2d/0x90 [ 1294.272434][ C1] [ 1294.272441][ C1] [ 1294.272447][ C1] fib_table_lookup+0x151/0x1870 [ 1294.272471][ C1] ? __pfx_lock_acquire+0x10/0x10 [ 1294.272501][ C1] ? __pfx_fib_table_lookup+0x10/0x10 [ 1294.272521][ C1] ? l3mdev_fib_table+0x18/0x160 [ 1294.272546][ C1] __inet_dev_addr_type+0x2d8/0x4f0 [ 1294.272568][ C1] ? __inet_dev_addr_type+0x152/0x4f0 [ 1294.272591][ C1] ? __pfx___inet_dev_addr_type+0x10/0x10 [ 1294.272612][ C1] ? NF_HOOK+0x29e/0x450 [ 1294.272632][ C1] ? __local_bh_enable_ip+0x1bb/0x200 [ 1294.272655][ C1] ? neigh_periodic_work+0xb35/0xd50 [ 1294.272687][ C1] ? process_scheduled_works+0xa63/0x1850 [ 1294.272710][ C1] ? kthread+0x2f0/0x390 [ 1294.272731][ C1] ? l3mdev_fib_table+0x14b/0x160 [ 1294.272772][ C1] ip_route_me_harder+0x3a5/0x1300 [ 1294.272800][ C1] ? __pfx_ip_route_me_harder+0x10/0x10 [ 1294.272823][ C1] ? trace_kmalloc+0x1f/0xd0 [ 1294.272846][ C1] ? __kmalloc_node_track_caller_noprof+0x242/0x440 [ 1294.272881][ C1] synproxy_send_tcp+0x356/0x6c0 [ 1294.272909][ C1] synproxy_send_client_synack+0x8b8/0xf30 [ 1294.272940][ C1] ? __pfx_synproxy_send_client_synack+0x10/0x10 [ 1294.272966][ C1] ? synproxy_pernet+0x45/0x270 [ 1294.272994][ C1] nft_synproxy_eval_v4+0x3ca/0x610 [ 1294.273022][ C1] ? __pfx_nft_synproxy_eval_v4+0x10/0x10 [ 1294.273048][ C1] ? nf_ip_checksum+0x13a/0x500 [ 1294.273077][ C1] nft_synproxy_do_eval+0x362/0xa60 [ 1294.273105][ C1] ? __pfx_nft_synproxy_do_eval+0x10/0x10 [ 1294.273129][ C1] ? ip_vs_conn_hashkey_param+0x3ad/0x6b0 [ 1294.273160][ C1] ? ip_vs_conn_out_get+0xba6/0xc00 [ 1294.273191][ C1] nft_do_chain+0x4ad/0x1da0 [ 1294.273219][ C1] ? tcp_conn_schedule+0x45e/0x880 [ 1294.273246][ C1] ? __pfx_nft_do_chain+0x10/0x10 [ 1294.273285][ C1] ? __pfx_nf_nat_inet_fn+0x10/0x10 [ 1294.273312][ C1] ? __pfx_ip_vs_in_hook+0x10/0x10 [ 1294.273332][ C1] nft_do_chain_inet+0x418/0x6b0 [ 1294.273359][ C1] ? __pfx_nft_do_chain_inet+0x10/0x10 [ 1294.273392][ C1] ? __pfx_nft_do_chain_inet+0x10/0x10 [ 1294.273421][ C1] nf_hook_slow+0xc3/0x220 [ 1294.273443][ C1] ? __pfx_ip_local_deliver_finish+0x10/0x10 [ 1294.273462][ C1] ? __pfx_ip_local_deliver_finish+0x10/0x10 [ 1294.273482][ C1] NF_HOOK+0x29e/0x450 [ 1294.273501][ C1] ? NF_HOOK+0x9a/0x450 [ 1294.273519][ C1] ? __pfx_NF_HOOK+0x10/0x10 [ 1294.273538][ C1] ? __pfx_ip_local_deliver_finish+0x10/0x10 [ 1294.273561][ C1] ? ip_rcv_finish+0x406/0x560 [ 1294.273581][ C1] ? __pfx_ip_rcv_finish+0x10/0x10 [ 1294.273599][ C1] NF_HOOK+0x3a4/0x450 [ 1294.273616][ C1] ? __lock_acquire+0x1384/0x2050 [ 1294.273643][ C1] ? NF_HOOK+0x9a/0x450 [ 1294.273661][ C1] ? __pfx_NF_HOOK+0x10/0x10 [ 1294.273678][ C1] ? ip_rcv_core+0x801/0xd10 [ 1294.273697][ C1] ? __pfx_ip_rcv_finish+0x10/0x10 [ 1294.273720][ C1] ? __pfx_ip_rcv+0x10/0x10 [ 1294.273739][ C1] __netif_receive_skb+0x2bf/0x650 [ 1294.273761][ C1] ? __pfx_lock_acquire+0x10/0x10 [ 1294.273786][ C1] ? __pfx___netif_receive_skb+0x10/0x10 [ 1294.273806][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 1294.273832][ C1] ? __pfx_lock_release+0x10/0x10 [ 1294.273858][ C1] ? _raw_spin_lock_irq+0xdf/0x120 [ 1294.273888][ C1] process_backlog+0x662/0x15b0 [ 1294.273913][ C1] ? process_backlog+0x33b/0x15b0 [ 1294.273939][ C1] ? __pfx_process_backlog+0x10/0x10 [ 1294.273961][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 1294.273988][ C1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 1294.274016][ C1] __napi_poll+0xcb/0x490 [ 1294.274038][ C1] net_rx_action+0x89b/0x1240 [ 1294.274070][ C1] ? __pfx_net_rx_action+0x10/0x10 [ 1294.274095][ C1] ? sched_clock+0x4a/0x70 [ 1294.274124][ C1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 1294.274156][ C1] handle_softirqs+0x2c5/0x980 [ 1294.274182][ C1] ? do_softirq+0x11b/0x1e0 [ 1294.274205][ C1] ? __pfx_handle_softirqs+0x10/0x10 [ 1294.274233][ C1] do_softirq+0x11b/0x1e0 [ 1294.274255][ C1] [ 1294.274261][ C1] [ 1294.274268][ C1] ? __pfx_do_softirq+0x10/0x10 [ 1294.274291][ C1] ? __pfx_lockdep_softirqs_on+0x10/0x10 [ 1294.274319][ C1] ? rcu_is_watching+0x15/0xb0 [ 1294.274339][ C1] __local_bh_enable_ip+0x1bb/0x200 [ 1294.274363][ C1] ? neigh_periodic_work+0xb35/0xd50 [ 1294.274384][ C1] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 1294.274413][ C1] ? neigh_destroy+0x423/0x580 [ 1294.274436][ C1] neigh_periodic_work+0xb35/0xd50 [ 1294.274462][ C1] ? process_scheduled_works+0x976/0x1850 [ 1294.274486][ C1] process_scheduled_works+0xa63/0x1850 [ 1294.274524][ C1] ? __pfx_process_scheduled_works+0x10/0x10 [ 1294.274553][ C1] ? assign_work+0x364/0x3d0 [ 1294.274578][ C1] worker_thread+0x870/0xd30 [ 1294.274610][ C1] ? __kthread_parkme+0x169/0x1d0 [ 1294.274637][ C1] ? __pfx_worker_thread+0x10/0x10 [ 1294.274662][ C1] kthread+0x2f0/0x390 [ 1294.274678][ C1] ? __pfx_worker_thread+0x10/0x10 [ 1294.274702][ C1] ? __pfx_kthread+0x10/0x10 [ 1294.274720][ C1] ret_from_fork+0x4b/0x80 [ 1294.274751][ C1] ? __pfx_kthread+0x10/0x10 [ 1294.274768][ C1] ret_from_fork_asm+0x1a/0x30 [ 1294.274815][ C1] [ 1295.049287][ T30] Kernel panic - not syncing: hung_task: blocked tasks [ 1295.056209][ T30] CPU: 0 UID: 0 PID: 30 Comm: khungtaskd Not tainted 6.11.0-syzkaller-09959-gabf2050f51fd #0 [ 1295.066405][ T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 1295.076496][ T30] Call Trace: [ 1295.079805][ T30] [ 1295.082852][ T30] dump_stack_lvl+0x241/0x360 [ 1295.087584][ T30] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1295.092831][ T30] ? __pfx__printk+0x10/0x10 [ 1295.097460][ T30] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 1295.103492][ T30] ? vscnprintf+0x5d/0x90 [ 1295.107861][ T30] panic+0x349/0x880 [ 1295.111799][ T30] ? nmi_trigger_cpumask_backtrace+0x244/0x320 [ 1295.118006][ T30] ? __pfx_panic+0x10/0x10 [ 1295.122483][ T30] ? tick_nohz_tick_stopped+0x82/0xb0 [ 1295.127899][ T30] ? __irq_work_queue_local+0x137/0x410 [ 1295.133580][ T30] ? preempt_schedule_thunk+0x1a/0x30 [ 1295.138987][ T30] ? nmi_trigger_cpumask_backtrace+0x244/0x320 [ 1295.145182][ T30] ? nmi_trigger_cpumask_backtrace+0x2d4/0x320 [ 1295.151382][ T30] ? nmi_trigger_cpumask_backtrace+0x2d9/0x320 [ 1295.157577][ T30] watchdog+0x1033/0x1040 [ 1295.161970][ T30] ? watchdog+0x1ea/0x1040 [ 1295.166439][ T30] ? __pfx_watchdog+0x10/0x10 [ 1295.171159][ T30] kthread+0x2f0/0x390 [ 1295.175262][ T30] ? __pfx_watchdog+0x10/0x10 [ 1295.179976][ T30] ? __pfx_kthread+0x10/0x10 [ 1295.184599][ T30] ret_from_fork+0x4b/0x80 [ 1295.189060][ T30] ? __pfx_kthread+0x10/0x10 [ 1295.193680][ T30] ret_from_fork_asm+0x1a/0x30 [ 1295.198499][ T30] [ 1295.201821][ T30] Kernel Offset: disabled [ 1295.206156][ T30] Rebooting in 86400 seconds..