last executing test programs: 4m49.339927783s ago: executing program 2 (id=38): accept4$llc(0xffffffffffffffff, 0x0, 0x0, 0x800) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="1805000000000000000000004b64ffec8500000075000000040000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sendmsg$NFULNL_MSG_CONFIG(0xffffffffffffffff, 0x0, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) openat$comedi(0xffffffffffffff9c, 0x0, 0x2, 0x0) r4 = socket$kcm(0x29, 0x2, 0x0) write$cgroup_pressure(r4, &(0x7f0000000140)={'full'}, 0xfffffdef) sendmsg$kcm(r4, 0x0, 0x840) 4m47.123884595s ago: executing program 2 (id=41): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00'}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './cgroup\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r3, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000005c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSET={0x44, 0x9, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0xfffffffc}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x14}]}, @NFT_MSG_NEWSETELEM={0x3c, 0xc, 0xa, 0x101, 0x0, 0x0, {0xa, 0x0, 0x6}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x10, 0x3, 0x0, 0x1, [{0xc, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0x8, 0x1, 0x0, 0x1, [@NFTA_DATA_VALUE={0x4}]}]}]}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0xa8}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_MSG_GETSETELEM(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)={0x2c, 0xd, 0xa, 0x301, 0x0, 0xa6, {0xa, 0x0, 0x1}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}]}, 0x2c}, 0x1, 0x0, 0x0, 0x24000801}, 0x8000) 4m45.193846839s ago: executing program 2 (id=44): r0 = syz_usb_connect(0x2, 0x24, &(0x7f00000007c0)=ANY=[@ANYBLOB="12010000ed3ec908cd0cb300ea2d010203010902120001000000000904"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f0000000000)={0x1c, &(0x7f0000000080)=ANY=[], 0x0, 0x0}) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f00000003c0)={0x44, &(0x7f0000000040)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f00000001c0)={0x1c, &(0x7f0000000000)=ANY=[], 0x0, 0x0}) 4m39.731323257s ago: executing program 2 (id=50): r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r0) socket$alg(0x26, 0x5, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[], 0xb8}}, 0x0) r1 = syz_io_uring_setup(0x2f90, &(0x7f0000000180)={0x0, 0xc383, 0x3010, 0x2, 0x200004}, &(0x7f0000000100), &(0x7f0000000140)) r2 = epoll_create(0xaf2) prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0) sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000880}, 0x0) openat$cuse(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = syz_open_dev$sndmidi(&(0x7f0000000100), 0x2, 0x141121) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r4, 0x0, 0x0) r5 = dup(r3) write$6lowpan_enable(r5, &(0x7f0000000000)='0', 0xfffffd2c) r6 = syz_io_uring_setup(0x38fe, &(0x7f0000000300)={0x0, 0x1fffff, 0x10100, 0x80000}, &(0x7f0000000180)=0x0, &(0x7f00000001c0)=0x0) syz_io_uring_submit(r7, r8, &(0x7f0000000140)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd=r3}) sendmsg$RDMA_NLDEV_CMD_GET_CHARDEV(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000200)={0x34, 0x140f, 0x400, 0x70bd28, 0x25dfdbff, "", [@RDMA_NLDEV_ATTR_CHARDEV_TYPE={0x9, 0x45, 'umad\x00'}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x4}, @RDMA_NLDEV_ATTR_CHARDEV_TYPE={0x7, 0x45, 'sa\x00'}, @RDMA_NLDEV_ATTR_CHARDEV_TYPE={0x8, 0x45, 'mad\x00'}]}, 0x34}, 0x1, 0x0, 0x0, 0x5}, 0x4044) io_uring_enter(r6, 0x2def, 0x4000, 0x0, 0x0, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000000080)={0xe000200f}) 4m30.961648643s ago: executing program 2 (id=58): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x24, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r3}, 0x10) memfd_create(0x0, 0x0) socket(0x2, 0x80805, 0x0) timer_create(0x2, &(0x7f0000000480)={0x0, 0x39, 0x0, @thr={0x0, 0x0}}, &(0x7f00000004c0)) timer_settime(0x0, 0x0, &(0x7f0000000640)={{}, {0x0, 0x989680}}, &(0x7f00000017c0)) r4 = socket$inet_udp(0x2, 0x2, 0x0) r5 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000840)=ANY=[@ANYBLOB="fc0000001900010000000000fcdbdf25003900000000000000000000000000000000bb00000000000000000200000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000004000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000"], 0xfc}, 0x1, 0x0, 0x0, 0x20008000}, 0x0) bind$inet(r4, &(0x7f0000000100)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x17}}, 0x10) getsockopt$inet_mreqn(r4, 0x0, 0x24, &(0x7f0000000140)={@empty, @broadcast}, &(0x7f0000000180)=0xc) connect$inet(r4, &(0x7f0000000280)={0x2, 0x0, @local}, 0x10) sendmmsg$inet(r4, &(0x7f0000004d00), 0x7fffffffffffd33, 0x20000890) 4m29.045300358s ago: executing program 2 (id=62): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$I2C_SMBUS(0xffffffffffffffff, 0x720, 0x0) r2 = socket$packet(0x11, 0x3, 0x300) r3 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) ioctl$int_in(r3, 0x40000000af01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) ioctl$VHOST_SET_VRING_ADDR(r3, 0x4028af11, &(0x7f0000000140)={0x1, 0x0, 0x0, &(0x7f0000000280)=""/164, &(0x7f0000000100)=""/47, 0xf000}) ioctl$VHOST_SET_MEM_TABLE(r3, 0x4008af03, &(0x7f0000000700)) r4 = dup(r2) ioctl$VHOST_NET_SET_BACKEND(r3, 0x4008af30, &(0x7f0000000000)={0x1, r4}) 4m12.652045079s ago: executing program 32 (id=62): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$I2C_SMBUS(0xffffffffffffffff, 0x720, 0x0) r2 = socket$packet(0x11, 0x3, 0x300) r3 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) ioctl$int_in(r3, 0x40000000af01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) ioctl$VHOST_SET_VRING_ADDR(r3, 0x4028af11, &(0x7f0000000140)={0x1, 0x0, 0x0, &(0x7f0000000280)=""/164, &(0x7f0000000100)=""/47, 0xf000}) ioctl$VHOST_SET_MEM_TABLE(r3, 0x4008af03, &(0x7f0000000700)) r4 = dup(r2) ioctl$VHOST_NET_SET_BACKEND(r3, 0x4008af30, &(0x7f0000000000)={0x1, r4}) 2m56.836526407s ago: executing program 1 (id=158): openat$drirender128(0xffffffffffffff9c, &(0x7f0000000200), 0x400000, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000100)=0x7) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000280)={0x0}, 0x1, 0x0, 0x0, 0x44010}, 0x20000004) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) ioctl$MEDIA_IOC_REQUEST_ALLOC(0xffffffffffffffff, 0x80047c05, &(0x7f00000005c0)) r1 = socket(0x80000000000000a, 0x2, 0x0) setsockopt$inet6_group_source_req(r1, 0x29, 0x2d, 0x0, 0x0) r2 = socket$pppl2tp(0x18, 0x1, 0x1) r3 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r2, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r3, {0x2, 0x0, @dev}, 0x2}}, 0x2e) close(r2) openat$pidfd(0xffffffffffffff9c, &(0x7f0000000240), 0xc01, 0x0) r4 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r2, &(0x7f0000000180)=@pppol2tpv3in6={0x18, 0x1, {0x0, r3, 0x2, 0x0, 0x4, 0x1, {0xa, 0x4e21, 0x4, @empty, 0x1f}}}, 0x3a) ioctl$PPPIOCGL2TPSTATS(r4, 0x40047459, 0x0) bind$netlink(r1, &(0x7f0000000080)={0x10, 0x0, 0x25dfdbfb, 0x2}, 0xc) r5 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x2c240, 0x0) r6 = syz_open_dev$loop(&(0x7f0000000080), 0x47ffffa, 0x122c42) ioctl$LOOP_CONFIGURE(r6, 0x4c0a, &(0x7f0000000440)={r5, 0x2000, {0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x1c, "339f020bbe78b39843d601010000000000080d0ec0c1b4e9b1c4369d03741250ceaac50104000041dd17c18e8438ef2a565ef1e833236500", "a1163939c787a16c1ca43f8539f3d3289737f0374c72a964a0193b3e8772fd29f35239d200", "24431a1e77a68e174f000000000000000010e200"}}) preadv2(r5, &(0x7f0000000240), 0x0, 0x6, 0x3, 0x0) link(&(0x7f0000000000)='./file0\x00', 0x0) preadv2(r3, 0x0, 0x0, 0x4, 0x9, 0xb) connect$inet6(r3, &(0x7f00000000c0)={0xa, 0x0, 0x0, @local, 0x8000000}, 0x1c) bpf$MAP_CREATE(0x0, 0x0, 0x48) 2m52.980620702s ago: executing program 1 (id=163): r0 = socket(0x40000000015, 0x5, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@setlink={0x3b, 0x13, 0x1, 0x0, 0x80, {0x0, 0x0, 0x0, 0x0, 0x200, 0x21a2}, [@IFLA_TARGET_NETNSID={0x8, 0x2e, 0x4}, @IFLA_NET_NS_PID={0x8, 0x13, 0xffffffffffffffff}]}, 0x30}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x218, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0) r4 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/freeze_filesystems', 0x20202, 0xa4) sendfile(r4, r4, 0x0, 0x68) fsconfig$FSCONFIG_SET_STRING(r4, 0x1, &(0x7f00000001c0)='1', &(0x7f0000000200)='PCI:', 0x0) syz_usb_connect(0x0, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="120100008010bd40820514009dbb0000000109022400011b00000009040000022a3e740009058bff7f0000100109050b36"], 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000240), 0xc2882, 0x0) setsockopt$SO_RDS_TRANSPORT(r0, 0x114, 0x8, 0x0, 0x0) setsockopt$SO_RDS_MSG_RXPATH_LATENCY(0xffffffffffffffff, 0x114, 0xa, &(0x7f0000000280)={0x1, '}'}, 0x2) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f00006dbffc), 0x4) r5 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000), 0x1c0002, 0x0) write$vga_arbiter(r5, &(0x7f0000000240)=@target={'target ', {'PCI:', '0', ':', '8', ':', '1f', '.', '1'}}, 0x14) r6 = syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109022d0001100000000904000003fe03010009cd8d1f00020000000905050200de"], 0x0) syz_open_dev$char_usb(0xc, 0xb4, 0xffffffffffffffff) syz_usb_disconnect(r6) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000029c0)={0x20, 0x3e, 0x107, 0x0, 0x0, {0x4, 0x7c}, [@nested={0xc, 0x11a, 0x0, 0x1, [@nested={0x6, 0xa, 0x0, 0x1, [@generic="ef07"]}]}]}, 0x20}}, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) r7 = signalfd4(0xffffffffffffffff, &(0x7f00000000c0)={[0x1]}, 0x8, 0x0) faccessat2(r7, &(0x7f0000001400)='\x00', 0x0, 0x1100) 2m43.013202332s ago: executing program 1 (id=173): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x1, 0x0, 0x0, 0x40f00, 0x23, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)) fsopen(&(0x7f0000000100)='ecryptfs\x00', 0x0) socket$l2tp6(0xa, 0x2, 0x73) openat$comedi(0xffffffffffffff9c, &(0x7f0000000140)='/dev/comedi3\x00', 0x80, 0x0) write$P9_RVERSION(0xffffffffffffffff, 0x0, 0x15) mount$9p_fd(0x0, 0x0, 0x0, 0x0, &(0x7f0000000540)=ANY=[]) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) bpf$PROG_LOAD(0x5, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r2, &(0x7f0000000000)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="0207000902"], 0x10}}, 0x0) 2m36.415834689s ago: executing program 1 (id=177): prlimit64(0x0, 0xe, &(0x7f0000000600)={0x9, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000003900)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b07080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf5af51d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d42645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa16509945ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88c3c44b3b7486f979e8a3174b531f573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867ec92d13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d93e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a0000000000000000000000000000cf7b6c4ba9bec153d6834bfef080df374703a8ff56a63ec1fe5f2e05a79e3cace7283dd68d41e94420c325fe4dae144fde5ec25a87d625cab20753a77b323fa3783c8b675859b9012647885a242adfee2fe812ecbe5191e0a15142f7349e7627cc39d724e2e34e7a24154f26ae3125b36d0504965295d0453902ac7079b11a3a1e655e482331e3dc35b2e7e4e3ea99064fe5b9c8ae0ca3e5fd653f3286a99d81ce4eba765c38d097391ad4babac38ce5b4344e24a361cd54e5"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x2e) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r0}, 0x10) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) r4 = syz_open_dev$tty1(0xc, 0x4, 0x1) r5 = dup(r4) unshare(0x2040400) io_uring_setup(0x2e34, &(0x7f0000000240)={0x0, 0xe148, 0x0, 0x0, 0xd4}) r6 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x0) read(r6, &(0x7f0000000840)=""/40, 0x28) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x1, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="05000000050000000100000004"], 0x48) r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x1e, 0x14, &(0x7f0000000880)=ANY=[@ANYBLOB="1802000000000000000000000000000018010000786c6c2500000000070000007b1af8ff00000000bfa100000000000007010000f8ffffffb700000016000000b703000000000000850000000400000018110000419c0650824d294eacc9b1f6b69c19fd2b2f2d205134bf2c8e54632342a70ddb0afab53a5502e1867220a3f30d0b480f95bb80dabb4d012f8b47e28181d530c8ce8baa5d4b79bd1d323571c0c0d5897185c3f350efe85ca909ceb7fa54880800a932e6afe070ebda1cb8796ea29e51715449f65a3025f40d876fcf382ef83f6e408e2641", @ANYRES16=r5, @ANYRESDEC=r4], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_lookup, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000004c0)={&(0x7f0000000300)='tlb_flush\x00', r7}, 0x10) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) r8 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000003c0), 0xfef85154c7902b6e) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r8, 0x40505330, &(0x7f0000000bc0)={0x800100, 0x0, 0x0, 0x724f, 0x0, 0x55a}) pwritev2(0xffffffffffffffff, 0x0, 0x0, 0xfffffc01, 0xfffff000, 0xb) 2m32.690219143s ago: executing program 1 (id=178): openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000200), 0xffffffffffffffff) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000240), 0x2, 0x40102) fallocate(r0, 0x23, 0x1ff, 0x7f) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2f) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002040)={0x18, 0x3, 0x0, &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0xf}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg$NFNL_MSG_COMPAT_GET(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[@ANYBLOB="7c000000000b030000000000000000000300000605000100000000000800034000000001080003400000000005000100"], 0x7c}}, 0x4814) setsockopt$packet_rx_ring(0xffffffffffffffff, 0x107, 0x5, 0x0, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) mknodat$loop(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1000, 0x1) r1 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc)=0x0) open(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="18010000002304e800000000000000ea850000007b00000095"], &(0x7f0000000100)='GPL\x00', 0x6, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000140)='ext4_es_remove_extent\x00', r3, 0x0, 0x8003}, 0x18) r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/partitions\x00', 0x0, 0x0) r5 = openat$sysctl(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0) sendfile(r5, r4, &(0x7f0000002080)=0x64, 0x21c) timer_settime(r2, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) close(r0) 2m21.833579916s ago: executing program 1 (id=187): socket$inet6(0xa, 0x80000, 0x0) fanotify_init(0x200, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sched_setattr(0x0, 0x0, 0x0) syz_open_dev$ndb(0x0, 0x0, 0x115440) openat$ocfs2_control(0xffffff9c, &(0x7f0000000100), 0x8101, 0x0) r2 = socket$l2tp(0x2, 0x2, 0x73) sendto$l2tp(r2, &(0x7f0000000040)="52784a0e000071000000c83b", 0xff92, 0x0, &(0x7f0000000100)={0x2, 0x0, @local}, 0x10) setsockopt$inet_tcp_TCP_MD5SIG(0xffffffffffffffff, 0x6, 0xe, 0x0, 0x0) set_mempolicy(0x3, 0x0, 0x5) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) r3 = openat$audio1(0xffffffffffffff9c, &(0x7f0000000080), 0x129202, 0x0) ioctl$SNDCTL_DSP_SETFMT(r3, 0xc0045005, &(0x7f0000000140)=0x2000) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f0000000040)={&(0x7f0000000000)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x7, 0x80000, 0x0, 0xffffffffffffffff}) ioctl$KVM_CAP_SPLIT_IRQCHIP(r4, 0x4068aea3, &(0x7f0000000180)={0x79, 0x0, 0x7d6}) syz_emit_ethernet(0x0, 0x0, 0x0) r5 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_mreqsrc(r5, 0x0, 0x27, &(0x7f0000000040)={@multicast2, @local}, 0xc) r6 = socket$inet(0x2, 0x80000, 0x0) setsockopt$inet_mreqn(r6, 0x0, 0x27, &(0x7f0000000000)={@multicast1, @local}, 0xc) preadv(0xffffffffffffffff, &(0x7f0000000140)=[{&(0x7f0000000a40)=""/65, 0x41}], 0x1, 0x400006, 0x3) 2m5.28354133s ago: executing program 33 (id=187): socket$inet6(0xa, 0x80000, 0x0) fanotify_init(0x200, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sched_setattr(0x0, 0x0, 0x0) syz_open_dev$ndb(0x0, 0x0, 0x115440) openat$ocfs2_control(0xffffff9c, &(0x7f0000000100), 0x8101, 0x0) r2 = socket$l2tp(0x2, 0x2, 0x73) sendto$l2tp(r2, &(0x7f0000000040)="52784a0e000071000000c83b", 0xff92, 0x0, &(0x7f0000000100)={0x2, 0x0, @local}, 0x10) setsockopt$inet_tcp_TCP_MD5SIG(0xffffffffffffffff, 0x6, 0xe, 0x0, 0x0) set_mempolicy(0x3, 0x0, 0x5) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) r3 = openat$audio1(0xffffffffffffff9c, &(0x7f0000000080), 0x129202, 0x0) ioctl$SNDCTL_DSP_SETFMT(r3, 0xc0045005, &(0x7f0000000140)=0x2000) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f0000000040)={&(0x7f0000000000)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x7, 0x80000, 0x0, 0xffffffffffffffff}) ioctl$KVM_CAP_SPLIT_IRQCHIP(r4, 0x4068aea3, &(0x7f0000000180)={0x79, 0x0, 0x7d6}) syz_emit_ethernet(0x0, 0x0, 0x0) r5 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_mreqsrc(r5, 0x0, 0x27, &(0x7f0000000040)={@multicast2, @local}, 0xc) r6 = socket$inet(0x2, 0x80000, 0x0) setsockopt$inet_mreqn(r6, 0x0, 0x27, &(0x7f0000000000)={@multicast1, @local}, 0xc) preadv(0xffffffffffffffff, &(0x7f0000000140)=[{&(0x7f0000000a40)=""/65, 0x41}], 0x1, 0x400006, 0x3) 55.936465896s ago: executing program 0 (id=460): sched_setattr(0x0, 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)={0x1c, 0x4, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0) 55.847501542s ago: executing program 0 (id=462): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="12000000020000000400000003"], 0x50) r1 = socket$inet_tcp(0x2, 0x1, 0x0) listen(r1, 0x0) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000580)={r0, &(0x7f0000000480), &(0x7f0000000540)=@tcp=r1}, 0x20) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000100)={r0, &(0x7f0000000080), &(0x7f0000000180)=@tcp=r1}, 0x20) 55.713412408s ago: executing program 0 (id=463): r0 = syz_usb_connect$hid(0x2, 0x36, &(0x7f0000000240)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x4f3, 0x755, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x40, 0xb1, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x1, 0x0, {0x9, 0x21, 0x101, 0x0, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x3ff, 0xc}}}}}]}}]}}, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000340)={0x2c, &(0x7f0000000040)={0x20, 0x23, 0x7, {0x7, 0xf, "00e4000000"}}, 0x0, 0x0, 0x0, 0x0}, 0x0) r1 = syz_open_dev$hidraw(&(0x7f0000000280), 0x82, 0x2) ioctl$HIDIOCGRAWPHYS(r1, 0x80404805, &(0x7f0000000640)) 54.946296871s ago: executing program 3 (id=471): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00090581d7"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000840)={0x24, 0x0, 0x0, &(0x7f0000000880)={0x0, 0x22, 0xf, {[@global=@item_012={0x0, 0x1, 0x5}, @local=@item_4={0x3, 0x2, 0x0, "45501821"}, @global=@item_012={0x1, 0x1, 0x9, "f5"}, @global=@item_012={0x1, 0x1, 0x1, "84"}, @main=@item_4={0x3, 0x0, 0xb, "9e3ce079"}]}}, 0x0}, 0x0) r1 = syz_open_dev$hiddev(&(0x7f0000000540), 0x0, 0x0) ioctl$HIDIOCGREPORT(r1, 0x400c4807, &(0x7f0000000040)={0x3, 0x200, 0x7}) 54.697352612s ago: executing program 4 (id=473): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_ASSOCIATE(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000003c0)={0x1c, r1, 0x1, 0x70bd2c, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x4000815}, 0x850) 54.164611233s ago: executing program 4 (id=474): socket$inet6(0xa, 0x2, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000002c0)=ANY=[@ANYBLOB], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, 0x0, 0x0) syz_emit_ethernet(0x4a, &(0x7f00000004c0)={@broadcast, @dev, @void, {@ipv4={0x800, @icmp={{0x8, 0x4, 0x0, 0x0, 0x3c, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local, {[@timestamp_prespec={0x44, 0xc, 0xff, 0x3, 0x2, [{@multicast1, 0x7}]}]}}, @dest_unreach={0xc, 0x0, 0x0, 0x0, 0x0, 0x0, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @dev, @multicast1}}}}}}, 0x0) 53.988370528s ago: executing program 4 (id=475): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r0, &(0x7f0000000180)=ANY=[], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r0, 0x0) r1 = socket$inet_mptcp(0x2, 0x1, 0x106) setsockopt$inet_int(r1, 0x0, 0x13, &(0x7f00000002c0)=0x6d, 0x4) 53.865427045s ago: executing program 0 (id=476): r0 = syz_usb_connect$rtl8150(0x3, 0x3f, &(0x7f00000003c0)={{0x12, 0x1, 0x110, 0xff, 0xff, 0x0, 0x40, 0xbda, 0x8150, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2d, 0x1, 0x1, 0x5, 0x80, 0x0, {{0x9, 0x4, 0x0, 0x7f, 0x3, 0xff, 0x11, 0x1, 0x5, "", {{0x9, 0x5, 0x81, 0x2, 0x40, 0x6, 0x9, 0x4}, {0x9, 0x5, 0x2, 0x2, 0x20, 0x2, 0x57, 0x6e}, {0x9, 0x5, 0x83, 0x3, 0x240, 0x3, 0x82, 0x8}}}}}}]}}, 0x0) syz_usb_control_io$rtl8150(r0, &(0x7f0000000580)={0x14, 0x0, &(0x7f0000000480)={0x0, 0x3, 0x3}}, 0x0) syz_usb_control_io$rtl8150(r0, &(0x7f0000002980)={0x14, 0x0, &(0x7f00000028c0)={0x0, 0x3, 0x3}}, 0x0) syz_usb_control_io$rtl8150(r0, 0x0, 0x0) syz_usb_control_io$rtl8150(r0, 0x0, &(0x7f0000004280)={0x2c, 0x0, 0x0, 0x0, 0x0, &(0x7f0000004240)={0x40, 0x5, 0x2, "2bd8"}}) 53.756032358s ago: executing program 4 (id=477): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000000c0)={'geneve1\x00', 0x0}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'hsr0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=@newlink={0x48, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x940, 0x57ac123a25013287}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @hsr={{0x8}, {0x1c, 0x2, 0x0, 0x1, [@IFLA_HSR_SLAVE2={0x8, 0x2, r3}, @IFLA_HSR_SLAVE1={0x8, 0x1, r2}, @IFLA_HSR_MULTICAST_SPEC={0x5, 0x3, 0xfe}]}}}]}, 0x48}, 0x1, 0x0, 0x0, 0xd1}, 0x0) 53.120895031s ago: executing program 4 (id=478): sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000540)=[{{0x0, 0x0, &(0x7f0000000400)=[{&(0x7f00000008c0)="83556f524e5b4275202de9e9190a4e45413b785e52d04218ff14259285fc60a04bc6b2219b8c6853a6622cf43ff12c6e70d446cb089d24e78c3e9315e114c8a7316f4fe07425a43afc3f2146fd5b3fa9944ac1fff9e40cb9d497259e2f8443386550fc0255f733c2c4592534f4c24aa04090941068f785925c29c444a6887d4a23cffdd0da78bccb1ee094cc21d79dddfd1ee274ec69d98e4ce1efdf416ca3948f3e2d92e348b88fd9387473855b1fdcd7493d01f0453924af3a79bc5d40b7e5ab2c6bd87501389f038abd8f0b2c59445502d726c974e0e57eab107a6ad6f2a998529e4bdafb9ed3a4cf482682f5369b1ca77c8dae495685a16821fd0da5b3b17b58909c93344ff6b6908a5de6530ebb79b7096253ed28f981b117f1af480914519ce90117ffc37d83297da593ce451f464a6b272b35442e3bc42881092cc92420590b6230a6af3817a7b4ca4d7a46e0c5d814ee1f6d9a20a255c54b88476ac582e3e4d99ba105b0f4dfb48d666aa23f70fbe69249f33f75fb4e5cbf27f1ecd1f47bfa745d508d3c599de413ab6b7f00ae14e2ed3c83da269536787bf4ff3f0d117b8415df306504b3020bfa61450bd88b8c73362f2ccd2217a49b8948f0ead1cac7c3f8da62ecc2219826bde12cf42eb9f9378909858d99d28e736316d96e2735850218ae8f89dfb2459ebc25571077a7602a55d51b2582a5d5e322e5816bc464beace66726fa5a8b0b84be74b85dd81115bf7dc16d2a45db14e6b52e05ab8f54b7d775d90db2ea7a63d7a84812ed5a56346fcbd1ef7b0f8f3f6833a99270f678ec85e3ce2ce718531e898016f81dec1c2702e7e0b04539cdc298c00cd464ca36342b634a61e2ba4e8c3ede56d78cac00fb4137aaddba05c519713989c60aed06231c82", 0x284}], 0x1}}], 0x1, 0x60cd894) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x202, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) ioctl$KVM_GET_MSRS_cpu(r2, 0xc008ae88, &(0x7f0000000380)={0x21, 0x0, [{0x298, 0x0, 0x100}]}) 52.996210001s ago: executing program 3 (id=479): r0 = socket$netlink(0x10, 0x3, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000cc0)=@newqdisc={0x2c, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xfffffdfc, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}, {0x2, 0x3}}, [@TCA_EGRESS_BLOCK={0x8, 0xe, 0x5}]}, 0x2c}, 0x1, 0x0, 0x0, 0x240400cc}, 0x4000080) 52.76940386s ago: executing program 4 (id=480): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x9, &(0x7f0000006680)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) utimensat(0xffffffffffffff9c, &(0x7f00000003c0)='.\x00', 0x0, 0x0) 52.644095281s ago: executing program 3 (id=481): r0 = socket$kcm(0x2, 0x200000000000001, 0x106) sendmsg$inet(r0, &(0x7f0000000080)={&(0x7f0000000140)={0x2, 0x4001, @local}, 0x10, 0x0}, 0x34004811) r1 = socket$kcm(0x10, 0x2, 0x4) recvmmsg(r1, &(0x7f0000000b40)=[{{0x0, 0x0, 0x0}, 0x8}], 0x1, 0x2, 0x0) sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000280)="89000000120081ae08061cdc030ec080fffffffe0000000000e2ffca1b1f0000000004c00e72f750375ed08a56331dbf9ed7815e381ad6e747033a0093b837dc6cc01e32efaec8c7a6ec08120800030006010000bdad446b9bbc7a46e3988285dcdf12f2130809d78f0a947ee2b49e33538afa8af92347514f0b56a20ff27fff000000000000000000", 0x89}], 0x1}, 0x0) 51.611629698s ago: executing program 3 (id=482): socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r2}, 0x4) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0x10, &(0x7f0000000640)=ANY=[@ANYBLOB="18080000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r2, @ANYBLOB="0000000000000000b70500000000000085000000a500000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f00000000c0)=r3, 0x4) sendmsg$inet(r1, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x8880) 51.429397468s ago: executing program 0 (id=483): connect$unix(0xffffffffffffffff, 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0) sendmsg$TIPC_CMD_GET_NODES(0xffffffffffffffff, 0x0, 0x0) sched_setattr(0x0, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="0100000009000000070000004f0c000001000000", @ANYRES32=0x1, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000100), &(0x7f0000000100), 0x6c7, r0}, 0x38) 51.428130203s ago: executing program 3 (id=484): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x5, 0x0, 0x1}, 0x50) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008"], 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000010c0)={0x16, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000300)={r1, 0x2000000, 0xe, 0x0, &(0x7f0000000600)="c9f7b98600"/14, 0x0, 0x7ffd, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 51.229573406s ago: executing program 0 (id=485): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)={0x2c, r1, 0x5, 0xfffffffd, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20004090}, 0x4) 51.186665867s ago: executing program 3 (id=486): listen(0xffffffffffffffff, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x80a02, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) sendmsg$tipc(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x851}, 0x4004080) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) mount$afs(0x0, &(0x7f0000002840)='./file0\x00', &(0x7f0000002880), 0x700, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000000)='mountstats\x00') lseek(r2, 0x10001, 0x0) syz_usbip_server_init(0x3) close_range(r0, 0xffffffffffffffff, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) mount_setattr(0xffffffffffffffff, 0x0, 0x1800, &(0x7f0000000280)={0x100004, 0x8a, 0x100000, {r3}}, 0x20) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x10000008ebc, 0x0) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000100)={'ip6tnl0\x00', &(0x7f0000000040)={'syztnl0\x00', 0x0, 0x2f, 0x3, 0x2, 0xfffffffd, 0x7c, @ipv4={'\x00', '\xff\xff', @broadcast}, @local, 0x20, 0x791, 0x4, 0x10}}) setsockopt$MRT6_ADD_MIF(0xffffffffffffffff, 0x29, 0xca, &(0x7f0000000140)={0x1, 0x0, 0x3, r4, 0xa}, 0xc) r5 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r5, 0xae60) ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x2) 1.323321354s ago: executing program 34 (id=485): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)={0x2c, r1, 0x5, 0xfffffffd, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20004090}, 0x4) 201.430752ms ago: executing program 35 (id=486): listen(0xffffffffffffffff, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x80a02, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) sendmsg$tipc(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x851}, 0x4004080) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) mount$afs(0x0, &(0x7f0000002840)='./file0\x00', &(0x7f0000002880), 0x700, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000000)='mountstats\x00') lseek(r2, 0x10001, 0x0) syz_usbip_server_init(0x3) close_range(r0, 0xffffffffffffffff, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) mount_setattr(0xffffffffffffffff, 0x0, 0x1800, &(0x7f0000000280)={0x100004, 0x8a, 0x100000, {r3}}, 0x20) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x10000008ebc, 0x0) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000100)={'ip6tnl0\x00', &(0x7f0000000040)={'syztnl0\x00', 0x0, 0x2f, 0x3, 0x2, 0xfffffffd, 0x7c, @ipv4={'\x00', '\xff\xff', @broadcast}, @local, 0x20, 0x791, 0x4, 0x10}}) setsockopt$MRT6_ADD_MIF(0xffffffffffffffff, 0x29, 0xca, &(0x7f0000000140)={0x1, 0x0, 0x3, r4, 0xa}, 0xc) r5 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r5, 0xae60) ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x2) 0s ago: executing program 36 (id=480): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x9, &(0x7f0000006680)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) utimensat(0xffffffffffffff9c, &(0x7f00000003c0)='.\x00', 0x0, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.253' (ED25519) to the list of known hosts. [ 80.640409][ T5824] cgroup: Unknown subsys name 'net' [ 80.878949][ T5824] cgroup: Unknown subsys name 'cpuset' [ 80.965153][ T5824] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 82.785797][ T5824] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 85.281679][ T5837] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 85.284805][ T5837] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 85.299355][ T5837] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 85.300508][ T5837] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 85.301237][ T5837] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 85.427962][ T5837] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 85.429644][ T5837] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 85.430661][ T5837] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 85.433773][ T5837] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 85.436325][ T5837] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 85.563310][ T5157] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 85.567547][ T5157] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 85.570545][ T5157] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 85.576069][ T5157] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 85.579743][ T5157] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 85.663961][ T5837] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 85.675084][ T5837] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 85.676889][ T5837] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 85.678028][ T5837] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 85.679645][ T5837] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 85.706379][ T59] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 85.708451][ T59] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 85.711743][ T5157] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 85.712995][ T5157] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 85.717709][ T59] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 86.268285][ T5840] chnl_net:caif_netlink_parms(): no params data found [ 86.427285][ T5834] chnl_net:caif_netlink_parms(): no params data found [ 86.731742][ T5843] chnl_net:caif_netlink_parms(): no params data found [ 86.745615][ T1248] cfg80211: failed to load regulatory.db [ 86.909555][ T5840] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.909720][ T5840] bridge0: port 1(bridge_slave_0) entered disabled state [ 86.910231][ T5840] bridge_slave_0: entered allmulticast mode [ 86.934772][ T5840] bridge_slave_0: entered promiscuous mode [ 86.977720][ T5840] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.978127][ T5840] bridge0: port 2(bridge_slave_1) entered disabled state [ 86.978231][ T5840] bridge_slave_1: entered allmulticast mode [ 86.979716][ T5840] bridge_slave_1: entered promiscuous mode [ 87.335356][ T5845] chnl_net:caif_netlink_parms(): no params data found [ 87.366592][ T5837] Bluetooth: hci0: command tx timeout [ 87.441466][ T5846] chnl_net:caif_netlink_parms(): no params data found [ 87.453636][ T5834] bridge0: port 1(bridge_slave_0) entered blocking state [ 87.453772][ T5834] bridge0: port 1(bridge_slave_0) entered disabled state [ 87.454009][ T5834] bridge_slave_0: entered allmulticast mode [ 87.457907][ T5834] bridge_slave_0: entered promiscuous mode [ 87.484052][ T5840] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 87.508989][ T5834] bridge0: port 2(bridge_slave_1) entered blocking state [ 87.509080][ T5834] bridge0: port 2(bridge_slave_1) entered disabled state [ 87.509182][ T5834] bridge_slave_1: entered allmulticast mode [ 87.510652][ T5834] bridge_slave_1: entered promiscuous mode [ 87.534422][ T5837] Bluetooth: hci1: command tx timeout [ 87.549077][ T5840] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 87.684450][ T5837] Bluetooth: hci2: command tx timeout [ 87.764472][ T5837] Bluetooth: hci3: command tx timeout [ 87.844482][ T5837] Bluetooth: hci4: command tx timeout [ 88.206654][ T5843] bridge0: port 1(bridge_slave_0) entered blocking state [ 88.206799][ T5843] bridge0: port 1(bridge_slave_0) entered disabled state [ 88.206970][ T5843] bridge_slave_0: entered allmulticast mode [ 88.209552][ T5843] bridge_slave_0: entered promiscuous mode [ 88.223727][ T5834] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 88.255173][ T5840] team0: Port device team_slave_0 added [ 88.255782][ T5843] bridge0: port 2(bridge_slave_1) entered blocking state [ 88.256997][ T5843] bridge0: port 2(bridge_slave_1) entered disabled state [ 88.257491][ T5843] bridge_slave_1: entered allmulticast mode [ 88.259860][ T5843] bridge_slave_1: entered promiscuous mode [ 88.272418][ T5834] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 88.306677][ T5840] team0: Port device team_slave_1 added [ 89.100712][ T5843] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 89.166704][ T5834] team0: Port device team_slave_0 added [ 89.168085][ T5840] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 89.168094][ T5840] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 89.168108][ T5840] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 89.169777][ T5845] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.169982][ T5845] bridge0: port 1(bridge_slave_0) entered disabled state [ 89.170219][ T5845] bridge_slave_0: entered allmulticast mode [ 89.171897][ T5845] bridge_slave_0: entered promiscuous mode [ 89.179240][ T5843] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 89.179447][ T5846] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.179571][ T5846] bridge0: port 1(bridge_slave_0) entered disabled state [ 89.179723][ T5846] bridge_slave_0: entered allmulticast mode [ 89.182179][ T5846] bridge_slave_0: entered promiscuous mode [ 89.188566][ T5834] team0: Port device team_slave_1 added [ 89.202411][ T5840] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 89.202423][ T5840] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 89.202448][ T5840] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 89.204243][ T5845] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.209390][ T5845] bridge0: port 2(bridge_slave_1) entered disabled state [ 89.209561][ T5845] bridge_slave_1: entered allmulticast mode [ 89.212885][ T5845] bridge_slave_1: entered promiscuous mode [ 89.323751][ T5846] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.323882][ T5846] bridge0: port 2(bridge_slave_1) entered disabled state [ 89.324055][ T5846] bridge_slave_1: entered allmulticast mode [ 89.339265][ T5846] bridge_slave_1: entered promiscuous mode [ 89.444640][ T5837] Bluetooth: hci0: command tx timeout [ 89.613091][ T5837] Bluetooth: hci1: command tx timeout [ 89.774546][ T5837] Bluetooth: hci2: command tx timeout [ 89.799005][ T5843] team0: Port device team_slave_0 added [ 89.844703][ T5837] Bluetooth: hci3: command tx timeout [ 89.924495][ T5837] Bluetooth: hci4: command tx timeout [ 89.947617][ T5834] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 89.947631][ T5834] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 89.947656][ T5834] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 89.952651][ T5845] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 89.955589][ T5843] team0: Port device team_slave_1 added [ 89.967365][ T5846] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 90.086476][ T5834] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 90.086493][ T5834] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 90.086517][ T5834] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 90.090608][ T5845] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 90.191475][ T5846] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 90.506863][ T5840] hsr_slave_0: entered promiscuous mode [ 90.507833][ T5840] hsr_slave_1: entered promiscuous mode [ 90.589700][ T5843] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 90.589716][ T5843] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 90.589740][ T5843] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 90.703051][ T5845] team0: Port device team_slave_0 added [ 90.704252][ T5843] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 90.704265][ T5843] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 90.704881][ T5843] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 90.708845][ T5846] team0: Port device team_slave_0 added [ 90.815631][ T5845] team0: Port device team_slave_1 added [ 90.898369][ T5846] team0: Port device team_slave_1 added [ 91.316129][ T5834] hsr_slave_0: entered promiscuous mode [ 91.318407][ T5834] hsr_slave_1: entered promiscuous mode [ 91.319016][ T5834] debugfs: 'hsr0' already exists in 'hsr' [ 91.319105][ T5834] Cannot create hsr debugfs directory [ 91.526092][ T5837] Bluetooth: hci0: command tx timeout [ 91.648386][ T5845] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 91.648402][ T5845] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 91.648426][ T5845] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 91.663277][ T5846] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 91.663291][ T5846] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 91.663360][ T5846] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 91.685920][ T5837] Bluetooth: hci1: command tx timeout [ 91.735784][ T5845] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 91.735797][ T5845] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 91.735821][ T5845] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 91.759096][ T5846] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 91.759110][ T5846] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 91.759134][ T5846] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 91.778153][ T5843] hsr_slave_0: entered promiscuous mode [ 91.779298][ T5843] hsr_slave_1: entered promiscuous mode [ 91.780157][ T5843] debugfs: 'hsr0' already exists in 'hsr' [ 91.780178][ T5843] Cannot create hsr debugfs directory [ 91.855252][ T5837] Bluetooth: hci2: command tx timeout [ 91.924439][ T5837] Bluetooth: hci3: command tx timeout [ 92.004445][ T5837] Bluetooth: hci4: command tx timeout [ 92.609652][ T5845] hsr_slave_0: entered promiscuous mode [ 92.610931][ T5845] hsr_slave_1: entered promiscuous mode [ 92.612103][ T5845] debugfs: 'hsr0' already exists in 'hsr' [ 92.612125][ T5845] Cannot create hsr debugfs directory [ 92.622462][ T5846] hsr_slave_0: entered promiscuous mode [ 92.623696][ T5846] hsr_slave_1: entered promiscuous mode [ 92.625552][ T5846] debugfs: 'hsr0' already exists in 'hsr' [ 92.625575][ T5846] Cannot create hsr debugfs directory [ 93.604473][ T5837] Bluetooth: hci0: command tx timeout [ 93.717459][ T5840] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 93.764527][ T5837] Bluetooth: hci1: command tx timeout [ 93.770650][ T5840] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 93.832214][ T5840] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 93.892550][ T5840] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 93.924425][ T5837] Bluetooth: hci2: command tx timeout [ 94.005599][ T5837] Bluetooth: hci3: command tx timeout [ 94.022325][ T5834] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 94.070526][ T5834] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 94.084396][ T5837] Bluetooth: hci4: command tx timeout [ 94.110536][ T5834] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 94.160284][ T5834] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 94.302503][ T5843] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 94.347148][ T5843] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 94.387469][ T5843] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 94.440495][ T5843] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 94.589472][ T5845] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 94.644072][ T5845] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 94.673408][ T5845] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 94.710462][ T5845] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 94.820893][ T5840] 8021q: adding VLAN 0 to HW filter on device bond0 [ 94.887064][ T5846] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 94.932789][ T5846] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 94.972021][ T5846] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 95.025503][ T5846] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 95.075038][ T5840] 8021q: adding VLAN 0 to HW filter on device team0 [ 95.128976][ T1111] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.130798][ T1111] bridge0: port 1(bridge_slave_0) entered forwarding state [ 95.190212][ T5834] 8021q: adding VLAN 0 to HW filter on device bond0 [ 95.192970][ T1111] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.193072][ T1111] bridge0: port 2(bridge_slave_1) entered forwarding state [ 95.304806][ T5834] 8021q: adding VLAN 0 to HW filter on device team0 [ 95.319027][ T5843] 8021q: adding VLAN 0 to HW filter on device bond0 [ 95.358823][ T57] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.359454][ T57] bridge0: port 1(bridge_slave_0) entered forwarding state [ 95.408488][ T57] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.408636][ T57] bridge0: port 2(bridge_slave_1) entered forwarding state [ 95.459174][ T5843] 8021q: adding VLAN 0 to HW filter on device team0 [ 95.493465][ T67] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.493592][ T67] bridge0: port 1(bridge_slave_0) entered forwarding state [ 95.551489][ T5845] 8021q: adding VLAN 0 to HW filter on device bond0 [ 95.571667][ T57] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.573366][ T57] bridge0: port 2(bridge_slave_1) entered forwarding state [ 95.750841][ T5845] 8021q: adding VLAN 0 to HW filter on device team0 [ 95.793870][ T5846] 8021q: adding VLAN 0 to HW filter on device bond0 [ 95.813620][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.813752][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 95.862397][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.862543][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 95.918690][ T5846] 8021q: adding VLAN 0 to HW filter on device team0 [ 95.987375][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.987595][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 95.995662][ T5840] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 96.057969][ T1454] bridge0: port 2(bridge_slave_1) entered blocking state [ 96.064561][ T1454] bridge0: port 2(bridge_slave_1) entered forwarding state [ 96.447569][ T5834] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 96.707403][ T5843] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 96.849001][ T5834] veth0_vlan: entered promiscuous mode [ 96.941338][ T5834] veth1_vlan: entered promiscuous mode [ 96.972559][ T5845] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 97.039302][ T5843] veth0_vlan: entered promiscuous mode [ 97.068929][ T5840] veth0_vlan: entered promiscuous mode [ 97.086851][ T5846] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 97.113330][ T5843] veth1_vlan: entered promiscuous mode [ 97.142367][ T5840] veth1_vlan: entered promiscuous mode [ 97.156075][ T5834] veth0_macvtap: entered promiscuous mode [ 97.187903][ T5834] veth1_macvtap: entered promiscuous mode [ 97.244044][ T5845] veth0_vlan: entered promiscuous mode [ 97.282557][ T5834] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 97.322366][ T5845] veth1_vlan: entered promiscuous mode [ 97.335335][ T5843] veth0_macvtap: entered promiscuous mode [ 97.339213][ T5834] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 97.371198][ T5840] veth0_macvtap: entered promiscuous mode [ 97.389169][ T5846] veth0_vlan: entered promiscuous mode [ 97.391418][ T5843] veth1_macvtap: entered promiscuous mode [ 97.420515][ T1111] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.437840][ T1111] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.439746][ T5840] veth1_macvtap: entered promiscuous mode [ 97.443388][ T1111] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.469934][ T1111] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.492615][ T5846] veth1_vlan: entered promiscuous mode [ 97.560683][ T5843] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 97.648394][ T5840] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 97.652521][ T5843] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 97.735896][ T5845] veth0_macvtap: entered promiscuous mode [ 97.750163][ T5840] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 97.783670][ T1111] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.811720][ T1111] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.833008][ T1111] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.833588][ T5845] veth1_macvtap: entered promiscuous mode [ 97.852296][ T1111] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.863727][ T1111] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.880461][ T1454] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.880488][ T1454] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.882546][ T1111] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.892129][ T1111] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.930617][ T1111] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.071575][ T5846] veth0_macvtap: entered promiscuous mode [ 98.104001][ T5845] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 98.145009][ T1454] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 98.145026][ T1454] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 98.197484][ T5846] veth1_macvtap: entered promiscuous mode [ 98.306635][ T5845] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 98.372325][ T67] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.378111][ T67] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 98.378127][ T67] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 98.382279][ T67] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.402352][ T1166] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.421945][ T1166] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.435845][ T5846] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 98.568086][ T5846] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 98.648092][ T67] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 98.648109][ T67] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 98.962366][ T67] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.621090][ T67] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.621957][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.621973][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 99.672414][ T67] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.691692][ T67] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.751918][ T1111] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.751936][ T1111] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 100.289704][ T5956] 9pnet_virtio: no channels available for device syz [ 103.743325][ T57] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 103.743346][ T57] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 107.101218][ T57] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 107.101238][ T57] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 107.308150][ T57] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 107.308169][ T57] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 109.456821][ T1111] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 109.456839][ T1111] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 111.707164][ T6006] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 113.269756][ T6020] 9pnet_fd: p9_fd_create_tcp (6020): problem connecting socket to 127.0.0.1 [ 114.066106][ T6020] 9pnet_fd: p9_fd_create_tcp (6020): problem connecting socket to 127.0.0.1 [ 117.894519][ T5921] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 119.107125][ T5921] usb 5-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 119.107153][ T5921] usb 5-1: config 0 interface 0 has no altsetting 0 [ 119.112443][ T5921] usb 5-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 119.112470][ T5921] usb 5-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 119.112490][ T5921] usb 5-1: Product: syz [ 119.112505][ T5921] usb 5-1: Manufacturer: syz [ 119.112519][ T5921] usb 5-1: SerialNumber: syz [ 119.522767][ T6066] process 'syz.1.28' launched '/dev/fd/5' with NULL argv: empty string added [ 120.371957][ T5921] usb 5-1: config 0 descriptor?? [ 121.237881][ T6073] overlayfs: missing 'lowerdir' [ 121.277023][ T5921] usb 5-1: can't set config #0, error -71 [ 121.305055][ T5921] usb 5-1: USB disconnect, device number 2 [ 121.483911][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 121.593991][ T6082] netlink: 4 bytes leftover after parsing attributes in process `syz.2.32'. [ 121.674330][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 121.804333][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 121.889134][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 121.924323][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 122.003306][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 122.038893][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 122.039583][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 122.044344][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 122.050406][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 128.532653][ T5920] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 128.833010][ T5920] usb 2-1: Using ep0 maxpacket: 8 [ 128.836252][ T5920] usb 2-1: config index 0 descriptor too short (expected 301, got 45) [ 128.836312][ T5920] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 128.836335][ T5920] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 128.837480][ T5920] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 128.837506][ T5920] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 128.837550][ T5920] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 128.837572][ T5920] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 130.597972][ T5920] usb 2-1: can't set config #16, error -71 [ 130.782352][ T5920] usb 2-1: USB disconnect, device number 2 [ 132.025689][ T5848] usb 3-1: new full-speed USB device number 2 using dummy_hcd [ 132.991268][ T5848] usb 3-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 132.991299][ T5848] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 132.991319][ T5848] usb 3-1: Product: syz [ 132.991334][ T5848] usb 3-1: Manufacturer: syz [ 132.991348][ T5848] usb 3-1: SerialNumber: syz [ 133.036152][ T5848] usb 3-1: config 0 descriptor?? [ 133.393930][ T5848] usb 3-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 133.764315][ T6147] netlink: 28 bytes leftover after parsing attributes in process `syz.0.46'. [ 134.893032][ T1325] ieee802154 phy0 wpan0: encryption failed: -22 [ 135.089774][ T1325] ieee802154 phy1 wpan1: encryption failed: -22 [ 135.192632][ T6149] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 135.864994][ T5848] dvb_usb_rtl28xxu 3-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -32 [ 135.984996][ T5954] usb 3-1: USB disconnect, device number 2 [ 137.708688][ T37] audit: type=1326 audit(1757553855.191:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6160 comm="syz.2.50" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f501e3deba9 code=0x0 [ 139.205249][ T6170] binder: 6162:6170 ioctl c0306201 0 returned -14 [ 139.411464][ T6170] block device autoloading is deprecated and will be removed. [ 144.978149][ T6190] batadv0: entered promiscuous mode [ 144.978535][ T6190] vlan2: entered promiscuous mode [ 145.945207][ T6205] netlink: 68 bytes leftover after parsing attributes in process `syz.2.58'. [ 147.652877][ T6214] netlink: 452 bytes leftover after parsing attributes in process `syz.0.61'. [ 151.501505][ C1] vkms_vblank_simulate: vblank timer overrun [ 151.961857][ C1] vkms_vblank_simulate: vblank timer overrun [ 152.176458][ C1] vkms_vblank_simulate: vblank timer overrun [ 153.319496][ C1] vkms_vblank_simulate: vblank timer overrun [ 153.350764][ C1] vkms_vblank_simulate: vblank timer overrun [ 155.077053][ C1] vkms_vblank_simulate: vblank timer overrun [ 155.249333][ C1] vkms_vblank_simulate: vblank timer overrun [ 156.127321][ C1] vkms_vblank_simulate: vblank timer overrun [ 156.450346][ C1] vkms_vblank_simulate: vblank timer overrun [ 157.480668][ C1] vkms_vblank_simulate: vblank timer overrun [ 158.142256][ C1] vkms_vblank_simulate: vblank timer overrun [ 161.430187][ T6277] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 162.850426][ T5954] usb 2-1: new full-speed USB device number 3 using dummy_hcd [ 162.900780][ T37] audit: type=1800 audit(1757553878.738:3): pid=6284 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.3.79" name="file0" dev="fuse" ino=2 res=0 errno=0 [ 163.131309][ T5954] usb 2-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 163.131328][ T5954] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 163.131339][ T5954] usb 2-1: Product: syz [ 163.131346][ T5954] usb 2-1: Manufacturer: syz [ 163.131353][ T5954] usb 2-1: SerialNumber: syz [ 163.242978][ T5954] usb 2-1: config 0 descriptor?? [ 163.696534][ T5954] usb 2-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 165.086990][ T6291] Process accounting resumed [ 166.071863][ T59] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 166.083901][ T59] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 166.086659][ T59] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 166.093052][ T59] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 166.094511][ T59] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 166.479731][ T5954] dvb_usb_rtl28xxu 2-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 166.484703][ T5954] usb 2-1: USB disconnect, device number 3 [ 168.298385][ T59] Bluetooth: hci5: command tx timeout [ 168.324398][ T6315] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 168.324723][ T6315] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 170.517096][ T59] Bluetooth: hci5: command tx timeout [ 172.433449][ T6318] ceph: No mds server is up or the cluster is laggy [ 172.433449][ T6321] ceph: No mds server is up or the cluster is laggy [ 172.441625][ T5920] libceph: connect (1)[b::]:6789 error -101 [ 172.445668][ T5920] libceph: mon0 (1)[b::]:6789 connect error [ 173.234384][ T59] Bluetooth: hci5: command tx timeout [ 173.256870][ T5920] libceph: connect (1)[b::]:6789 error -101 [ 173.257078][ T5920] libceph: mon0 (1)[b::]:6789 connect error [ 173.262685][ T5954] libceph: connect (1)[c::]:6789 error -101 [ 173.262869][ T5954] libceph: mon0 (1)[c::]:6789 connect error [ 173.696262][ T981] libceph: connect (1)[c::]:6789 error -101 [ 173.696468][ T981] libceph: mon0 (1)[c::]:6789 connect error [ 175.799358][ T5907] libceph: connect (1)[b::]:6789 error -101 [ 175.799530][ T5907] libceph: mon0 (1)[b::]:6789 connect error [ 176.603772][ T59] Bluetooth: hci5: command tx timeout [ 178.111871][ T37] audit: type=1326 audit(1757553892.930:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6356 comm="syz.0.93" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f947ea7eba9 code=0x7ffc0000 [ 178.115020][ T37] audit: type=1326 audit(1757553892.949:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6356 comm="syz.0.93" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f947ea7eba9 code=0x7ffc0000 [ 178.118305][ T37] audit: type=1326 audit(1757553892.958:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6356 comm="syz.0.93" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f947ea7eba9 code=0x7ffc0000 [ 178.119480][ T37] audit: type=1326 audit(1757553892.958:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6356 comm="syz.0.93" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f947ea7eba9 code=0x7ffc0000 [ 178.119960][ T37] audit: type=1326 audit(1757553892.967:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6356 comm="syz.0.93" exe="/root/syz-executor" sig=0 arch=c000003e syscall=302 compat=0 ip=0x7f947ea7eba9 code=0x7ffc0000 [ 178.121041][ T37] audit: type=1326 audit(1757553892.967:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6356 comm="syz.0.93" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f947ea7eba9 code=0x7ffc0000 [ 178.121590][ T37] audit: type=1326 audit(1757553892.967:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6356 comm="syz.0.93" exe="/root/syz-executor" sig=0 arch=c000003e syscall=144 compat=0 ip=0x7f947ea7eba9 code=0x7ffc0000 [ 178.122067][ T37] audit: type=1326 audit(1757553892.967:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6356 comm="syz.0.93" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f947ea7eba9 code=0x7ffc0000 [ 178.122621][ T37] audit: type=1326 audit(1757553892.967:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6356 comm="syz.0.93" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f947ea7eba9 code=0x7ffc0000 [ 178.808267][ T37] audit: type=1326 audit(1757553892.995:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6356 comm="syz.0.93" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7f947ea7eba9 code=0x7ffc0000 [ 179.212995][ T6368] overlayfs: missing 'lowerdir' [ 182.576772][ T6298] chnl_net:caif_netlink_parms(): no params data found [ 189.797444][ T6398] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(8) [ 189.797725][ T6398] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 189.818878][ T6398] vhci_hcd vhci_hcd.0: Device attached [ 190.704843][ T6410] vhci_hcd: connection closed [ 190.775159][ T168] vhci_hcd: stop threads [ 190.775911][ T168] vhci_hcd: release socket [ 190.817916][ T168] vhci_hcd: disconnect device [ 196.180481][ T6436] netlink: 28 bytes leftover after parsing attributes in process `syz.0.107'. [ 199.198316][ T1325] ieee802154 phy0 wpan0: encryption failed: -22 [ 199.198391][ T1325] ieee802154 phy1 wpan1: encryption failed: -22 [ 203.590884][ T6479] Zero length message leads to an empty skb [ 203.912819][ T1122] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 213.762678][ T1122] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 214.017977][ T6515] syz.4.127 uses obsolete (PF_INET,SOCK_PACKET) [ 217.069036][ T6517] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 218.527617][ T6524] Bluetooth: hci1: command 0x0406 tx timeout [ 218.527736][ T6524] Bluetooth: hci0: command 0x0406 tx timeout [ 218.527826][ T6524] Bluetooth: hci3: command 0x0406 tx timeout [ 220.484046][ T37] kauditd_printk_skb: 9 callbacks suppressed [ 220.484063][ T37] audit: type=1326 audit(1757553932.652:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6527 comm="syz.4.132" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f9322eeeba9 code=0x0 [ 222.043682][ T1122] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 222.608105][ T6298] bridge0: port 1(bridge_slave_0) entered blocking state [ 222.608249][ T6298] bridge0: port 1(bridge_slave_0) entered disabled state [ 222.608489][ T6298] bridge_slave_0: entered allmulticast mode [ 222.644151][ T6298] bridge_slave_0: entered promiscuous mode [ 222.691993][ T6298] bridge0: port 2(bridge_slave_1) entered blocking state [ 222.694207][ T6298] bridge0: port 2(bridge_slave_1) entered disabled state [ 222.694435][ T6298] bridge_slave_1: entered allmulticast mode [ 222.733242][ T6298] bridge_slave_1: entered promiscuous mode [ 225.707228][ T6576] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1 [ 225.707607][ T6576] FAT-fs (loop9): unable to read boot sector [ 227.252213][ T6580] netlink: 12 bytes leftover after parsing attributes in process `syz.0.139'. [ 227.252248][ T6580] netlink: 12 bytes leftover after parsing attributes in process `syz.0.139'. [ 230.305928][ T1122] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 230.342236][ T6580] bridge0: port 3(vlan2) entered blocking state [ 230.342318][ T6580] bridge0: port 3(vlan2) entered disabled state [ 230.342443][ T6580] vlan2: entered allmulticast mode [ 230.342452][ T6580] bridge0: entered allmulticast mode [ 230.386063][ T6580] vlan2: left allmulticast mode [ 230.386077][ T6580] bridge0: left allmulticast mode [ 230.438703][ T6298] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 230.566183][ T5907] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 230.933803][ T5907] usb 5-1: Using ep0 maxpacket: 16 [ 230.936372][ T5907] usb 5-1: device descriptor read/all, error -71 [ 233.504191][ T6606] comedi comedi3: 8255: I/O port conflict (0x5,4) [ 233.504224][ T6606] comedi comedi3: 8255: I/O port conflict (0x2,4) [ 233.504277][ T6606] comedi comedi3: 8255: I/O port conflict (0x1,4) [ 233.504326][ T6606] comedi comedi3: 8255: I/O port conflict (0x7fffffff,4) [ 233.504352][ T6606] comedi comedi3: 8255: I/O port conflict (0x5c952399,4) [ 233.504378][ T6606] comedi comedi3: 8255: I/O port conflict (0x5,4) [ 233.504404][ T6606] comedi comedi3: 8255: I/O port conflict (0x3ff,4) [ 233.504432][ T6606] comedi comedi3: 8255: I/O port conflict (0x2,4) [ 233.504479][ T6606] comedi comedi3: 8255: I/O port conflict (0x1,4) [ 233.504510][ T6606] comedi comedi3: 8255: I/O port conflict (0x1,4) [ 233.504539][ T6606] comedi comedi3: 8255: I/O port conflict (0x9,4) [ 234.819673][ T1122] bridge_slave_1: left allmulticast mode [ 234.831073][ T1122] bridge_slave_1: left promiscuous mode [ 234.834792][ T1122] bridge0: port 2(bridge_slave_1) entered disabled state [ 235.809537][ T5837] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 235.814055][ T5837] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 235.825308][ T5837] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 235.847120][ T5837] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 235.856220][ T5837] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 236.058269][ T1122] bridge_slave_0: left allmulticast mode [ 236.058302][ T1122] bridge_slave_0: left promiscuous mode [ 236.058556][ T1122] bridge0: port 1(bridge_slave_0) entered disabled state [ 238.073180][ T59] Bluetooth: hci2: command tx timeout [ 240.126847][ T5907] usb 5-1: new full-speed USB device number 5 using dummy_hcd [ 240.688439][ T59] Bluetooth: hci2: command tx timeout [ 241.342814][ T6646] loop2: detected capacity change from 0 to 7 [ 241.354007][ T6646] loop2: [ 241.354039][ T6646] loop2: partition table partially beyond EOD, truncated [ 241.601949][ T6650] Invalid logical block size (8192) [ 242.608680][ T5907] usb 5-1: device descriptor read/all, error -71 [ 242.953848][ T59] Bluetooth: hci2: command tx timeout [ 244.183169][ T6677] program syz.0.164 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 244.879096][ T44] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 245.243957][ T44] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 245.244205][ T44] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0xB has invalid wMaxPacketSize 0 [ 245.244273][ T44] usb 2-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 0 [ 245.244393][ T44] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 245.244417][ T44] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 245.289364][ T5837] Bluetooth: hci2: command tx timeout [ 245.289507][ T5837] Bluetooth: hci4: command 0x0406 tx timeout [ 251.071535][ T44] usb 2-1: can't set config #27, error -110 [ 251.118135][ T6707] capability: warning: `syz.3.169' uses deprecated v2 capabilities in a way that may be insecure [ 252.644782][ T44] usb 2-1: USB disconnect, device number 4 [ 257.002919][ C1] vkms_vblank_simulate: vblank timer overrun [ 259.135324][ T6729] binder: 6726:6729 ioctl 541b 200000000140 returned -22 [ 264.852679][ T1325] ieee802154 phy0 wpan0: encryption failed: -22 [ 264.852752][ T1325] ieee802154 phy1 wpan1: encryption failed: -22 [ 267.818170][ T6033] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 268.107659][ T6033] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9375, bcdDevice=1a.9e [ 268.107715][ T6033] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 273.284128][ T6033] usb 1-1: config 0 descriptor?? [ 273.479315][ T6033] usb 1-1: can't set config #0, error -71 [ 273.530308][ T6033] usb 1-1: USB disconnect, device number 2 [ 273.675409][ T6790] syz.1.178 (6790): drop_caches: 2 [ 274.889314][ T6821] Bluetooth: MGMT ver 1.23 [ 275.482431][ T59] Bluetooth: hci1: unexpected event for opcode 0x0404 [ 281.017853][ T6860] netlink: 4 bytes leftover after parsing attributes in process `syz.3.194'. [ 286.899119][ T1122] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 287.005375][ T1122] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 287.310054][ T1122] bond0 (unregistering): Released all slaves [ 297.509249][ T5157] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 297.522110][ T5157] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 297.534300][ T5157] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 297.535731][ T5157] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 297.539681][ T5157] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 297.613320][ T5837] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 297.621799][ T5837] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 297.670162][ T5837] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 297.687628][ T5837] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 297.689629][ T5837] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 300.296976][ T5837] Bluetooth: hci5: command tx timeout [ 300.297309][ T5837] Bluetooth: hci6: command tx timeout [ 302.462216][ T5157] Bluetooth: hci6: command tx timeout [ 302.462249][ T5157] Bluetooth: hci5: command tx timeout [ 303.456081][ T5954] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 304.246141][ T5954] usb 4-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 304.246174][ T5954] usb 4-1: config 0 interface 0 has no altsetting 0 [ 304.258065][ T5954] usb 4-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 304.258095][ T5954] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 304.258115][ T5954] usb 4-1: Product: syz [ 304.258129][ T5954] usb 4-1: Manufacturer: syz [ 304.258144][ T5954] usb 4-1: SerialNumber: syz [ 304.381510][ T5954] usb 4-1: config 0 descriptor?? [ 304.437261][ T5954] usb 4-1: selecting invalid altsetting 0 [ 304.759871][ T5837] Bluetooth: hci5: command tx timeout [ 304.759919][ T5837] Bluetooth: hci6: command tx timeout [ 304.777993][ T31] usb 4-1: USB disconnect, device number 2 [ 305.092872][ T1122] hsr_slave_0: left promiscuous mode [ 305.135479][ T1122] hsr_slave_1: left promiscuous mode [ 305.136583][ T1122] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 305.136672][ T1122] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 305.181646][ T1122] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 305.181678][ T1122] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 305.188662][ T5954] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 305.335268][ T1122] veth1_macvtap: left promiscuous mode [ 305.335427][ T1122] veth0_macvtap: left promiscuous mode [ 305.335637][ T1122] veth1_vlan: left promiscuous mode [ 305.335831][ T1122] veth0_vlan: left promiscuous mode [ 305.350810][ T5954] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 305.350838][ T5954] usb 5-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 305.350857][ T5954] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 305.351024][ T5954] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9 [ 305.351049][ T5954] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024 [ 305.353350][ T5954] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 305.353377][ T5954] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 305.353396][ T5954] usb 5-1: Product: syz [ 305.353409][ T5954] usb 5-1: Manufacturer: syz [ 305.383987][ T5954] cdc_wdm 5-1:1.0: skipping garbage [ 305.384008][ T5954] cdc_wdm 5-1:1.0: skipping garbage [ 305.413106][ T5954] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device [ 305.413148][ T5954] cdc_wdm 5-1:1.0: Unknown control protocol [ 305.473578][ T5954] libceph: connect (1)[c::]:6789 error -101 [ 305.473808][ T5954] libceph: mon0 (1)[c::]:6789 connect error [ 305.503644][ T5954] libceph: connect (1)[c::]:6789 error -101 [ 305.503880][ T5954] libceph: mon0 (1)[c::]:6789 connect error [ 305.570763][ T6033] libceph: connect (1)[b::]:6789 error -101 [ 305.570995][ T6033] libceph: mon0 (1)[b::]:6789 connect error [ 305.616258][ T5954] usb 5-1: USB disconnect, device number 7 [ 305.778537][ T9] libceph: connect (1)[c::]:6789 error -101 [ 305.778773][ T9] libceph: mon0 (1)[c::]:6789 connect error [ 305.840269][ T6033] libceph: connect (1)[b::]:6789 error -101 [ 305.840508][ T6033] libceph: mon0 (1)[b::]:6789 connect error [ 306.326452][ T5954] libceph: connect (1)[c::]:6789 error -101 [ 306.326681][ T5954] libceph: mon0 (1)[c::]:6789 connect error [ 306.380826][ T6978] ceph: No mds server is up or the cluster is laggy [ 306.383744][ T6980] ceph: No mds server is up or the cluster is laggy [ 306.386593][ T44] libceph: connect (1)[b::]:6789 error -101 [ 306.386820][ T44] libceph: mon0 (1)[b::]:6789 connect error [ 307.180678][ T5157] Bluetooth: hci6: command tx timeout [ 307.180712][ T5157] Bluetooth: hci5: command tx timeout [ 308.265677][ T7023] netlink: 12 bytes leftover after parsing attributes in process `syz.0.256'. [ 310.179615][ T6033] usb 5-1: new full-speed USB device number 8 using dummy_hcd [ 310.380223][ T6033] usb 5-1: config 0 interface 0 altsetting 9 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 310.380257][ T6033] usb 5-1: config 0 interface 0 altsetting 9 endpoint 0x81 has invalid wMaxPacketSize 0 [ 310.380279][ T6033] usb 5-1: config 0 interface 0 has no altsetting 0 [ 310.380312][ T6033] usb 5-1: New USB device found, idVendor=17ef, idProduct=60ee, bcdDevice= 0.00 [ 310.380335][ T6033] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 310.386916][ T6033] usb 5-1: config 0 descriptor?? [ 310.967779][ T6033] lenovo 0003:17EF:60EE.0001: hidraw0: USB HID v0.01 Device [HID 17ef:60ee] on usb-dummy_hcd.4-1/input0 [ 311.076059][ T6033] lenovo 0003:17EF:60EE.0001: Failed to switch middle button: -71 [ 311.076448][ T6033] lenovo 0003:17EF:60EE.0001: Fn-lock setting failed: -71 [ 311.076804][ T6033] lenovo 0003:17EF:60EE.0001: Sensitivity setting failed: -71 [ 311.090734][ T6033] usb 5-1: USB disconnect, device number 8 [ 311.516735][ T1122] team0 (unregistering): Port device team_slave_1 removed [ 311.742370][ T1122] team0 (unregistering): Port device team_slave_0 removed [ 311.943245][ T6033] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 312.125108][ T6033] usb 5-1: Using ep0 maxpacket: 32 [ 312.127759][ T6033] usb 5-1: config 0 has an invalid interface number: 67 but max is 0 [ 312.127792][ T6033] usb 5-1: config 0 has no interface number 0 [ 312.131335][ T6033] usb 5-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 312.131352][ T6033] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 312.131363][ T6033] usb 5-1: Product: syz [ 312.131370][ T6033] usb 5-1: Manufacturer: syz [ 312.131378][ T6033] usb 5-1: SerialNumber: syz [ 312.190302][ T6033] usb 5-1: config 0 descriptor?? [ 312.194716][ T6033] smsc95xx v2.0.0 [ 312.194737][ T6033] smsc95xx 5-1:0.67 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22 [ 312.195372][ T6033] smsc95xx 5-1:0.67: probe with driver smsc95xx failed with error -22 [ 314.295541][ T44] usb 5-1: USB disconnect, device number 9 [ 314.406875][ T7052] netlink: 'syz.0.268': attribute type 49 has an invalid length. [ 316.325498][ T7072] sctp: [Deprecated]: syz.3.272 (pid 7072) Use of int in max_burst socket option. [ 316.325498][ T7072] Use struct sctp_assoc_value instead [ 316.584621][ T6912] chnl_net:caif_netlink_parms(): no params data found [ 317.691930][ T6914] chnl_net:caif_netlink_parms(): no params data found [ 320.096959][ T7105] sg_write: data in/out 1048540/42 bytes for SCSI command 0x0-- guessing data in; [ 320.096959][ T7105] program syz.3.284 not setting count and/or reply_len properly [ 321.383022][ T7120] netlink: 20 bytes leftover after parsing attributes in process `syz.0.288'. [ 321.383052][ T7120] netlink: 36 bytes leftover after parsing attributes in process `syz.0.288'. [ 321.448444][ T6912] bridge0: port 1(bridge_slave_0) entered blocking state [ 321.448599][ T6912] bridge0: port 1(bridge_slave_0) entered disabled state [ 321.448832][ T6912] bridge_slave_0: entered allmulticast mode [ 321.451778][ T6912] bridge_slave_0: entered promiscuous mode [ 321.674985][ T6912] bridge0: port 2(bridge_slave_1) entered blocking state [ 321.675169][ T6912] bridge0: port 2(bridge_slave_1) entered disabled state [ 321.675407][ T6912] bridge_slave_1: entered allmulticast mode [ 321.678831][ T6912] bridge_slave_1: entered promiscuous mode [ 321.934791][ T6914] bridge0: port 1(bridge_slave_0) entered blocking state [ 321.934931][ T6914] bridge0: port 1(bridge_slave_0) entered disabled state [ 321.935442][ T6914] bridge_slave_0: entered allmulticast mode [ 321.947314][ T6914] bridge_slave_0: entered promiscuous mode [ 322.586101][ T6914] bridge0: port 2(bridge_slave_1) entered blocking state [ 322.586849][ T6914] bridge0: port 2(bridge_slave_1) entered disabled state [ 322.589119][ T6914] bridge_slave_1: entered allmulticast mode [ 322.699034][ T6914] bridge_slave_1: entered promiscuous mode [ 322.747064][ T31] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 322.804606][ T6912] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 323.238488][ T31] usb 5-1: unable to get BOS descriptor or descriptor too short [ 323.238776][ T31] usb 5-1: no configurations [ 323.238811][ T31] usb 5-1: can't read configurations, error -22 [ 323.353310][ T7149] netlink: 28 bytes leftover after parsing attributes in process `syz.0.300'. [ 323.353334][ T7149] netlink: 28 bytes leftover after parsing attributes in process `syz.0.300'. [ 323.353349][ T7149] netlink: 28 bytes leftover after parsing attributes in process `syz.0.300'. [ 323.452408][ T6912] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 323.590069][ T37] audit: type=1326 audit(1757554029.113:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7156 comm="syz.3.304" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff6861feba9 code=0x7ffc0000 [ 323.591400][ T37] audit: type=1326 audit(1757554029.113:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7156 comm="syz.3.304" exe="/root/syz-executor" sig=0 arch=c000003e syscall=334 compat=0 ip=0x7ff6861feba9 code=0x7ffc0000 [ 323.591522][ T37] audit: type=1326 audit(1757554029.113:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7156 comm="syz.3.304" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff6861feba9 code=0x7ffc0000 [ 323.591700][ T37] audit: type=1326 audit(1757554029.113:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7156 comm="syz.3.304" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff6861feba9 code=0x7ffc0000 [ 323.592133][ T37] audit: type=1326 audit(1757554029.113:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7156 comm="syz.3.304" exe="/root/syz-executor" sig=0 arch=c000003e syscall=444 compat=0 ip=0x7ff6861feba9 code=0x7ffc0000 [ 323.592292][ T37] audit: type=1326 audit(1757554029.113:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7156 comm="syz.3.304" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff6861feba9 code=0x7ffc0000 [ 323.592419][ T37] audit: type=1326 audit(1757554029.113:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7156 comm="syz.3.304" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff6861feba9 code=0x7ffc0000 [ 324.568882][ T7172] Bluetooth: hci0: load_link_keys: expected 51203 bytes, got 7 bytes [ 325.407304][ T6914] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 325.559594][ T6914] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 325.569752][ T6912] team0: Port device team_slave_0 added [ 325.856014][ T1122] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 325.970914][ T6912] team0: Port device team_slave_1 added [ 326.795917][ T7214] program syz.4.326 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 327.087865][ T1122] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 330.052862][ T7228] netlink: 24 bytes leftover after parsing attributes in process `syz.4.330'. [ 330.092122][ T6914] team0: Port device team_slave_0 added [ 330.093408][ T6912] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 330.093421][ T6912] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 330.093447][ T6912] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 330.192069][ T6914] team0: Port device team_slave_1 added [ 330.203408][ T6912] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 330.203426][ T6912] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 330.203451][ T6912] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 330.516512][ T1325] ieee802154 phy0 wpan0: encryption failed: -22 [ 330.518393][ T1325] ieee802154 phy1 wpan1: encryption failed: -22 [ 330.530213][ T7238] netlink: 24 bytes leftover after parsing attributes in process `syz.4.335'. [ 330.890794][ T1122] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 330.941254][ T6914] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 330.941269][ T6914] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 330.941292][ T6914] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 330.991675][ T31] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 331.094506][ T6914] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 331.094522][ T6914] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 331.094547][ T6914] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 331.156456][ T31] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 129, changing to 11 [ 331.156510][ T31] usb 4-1: New USB device found, idVendor=046d, idProduct=ca03, bcdDevice= 0.00 [ 331.156534][ T31] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 331.190614][ T31] usb 4-1: config 0 descriptor?? [ 331.452916][ T7256] IPVS: set_ctl: invalid protocol: 0 0.0.0.0:0 [ 331.498994][ T1122] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 331.634862][ T6912] hsr_slave_0: entered promiscuous mode [ 331.642301][ T6912] hsr_slave_1: entered promiscuous mode [ 331.643274][ T6912] debugfs: 'hsr0' already exists in 'hsr' [ 331.643295][ T6912] Cannot create hsr debugfs directory [ 331.646940][ T31] logitech 0003:046D:CA03.0002: unbalanced delimiter at end of report description [ 331.647723][ T31] logitech 0003:046D:CA03.0002: parse failed [ 331.647823][ T31] logitech 0003:046D:CA03.0002: probe with driver logitech failed with error -22 [ 331.695147][ T7254] sit0: entered promiscuous mode [ 331.718696][ T7254] netlink: 'syz.0.342': attribute type 1 has an invalid length. [ 331.718720][ T7254] netlink: 1 bytes leftover after parsing attributes in process `syz.0.342'. [ 331.889025][ T5907] usb 5-1: new high-speed USB device number 12 using dummy_hcd [ 331.907752][ T31] usb 4-1: USB disconnect, device number 3 [ 332.060417][ T5907] usb 5-1: config 220 has an invalid interface number: 76 but max is 2 [ 332.060446][ T5907] usb 5-1: config 220 contains an unexpected descriptor of type 0x2, skipping [ 332.060464][ T5907] usb 5-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config [ 332.060482][ T5907] usb 5-1: config 220 has no interface number 2 [ 332.060555][ T5907] usb 5-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12 [ 332.060581][ T5907] usb 5-1: config 220 interface 0 has no altsetting 0 [ 332.060598][ T5907] usb 5-1: config 220 interface 76 has no altsetting 0 [ 332.060614][ T5907] usb 5-1: config 220 interface 1 has no altsetting 0 [ 332.065839][ T5907] usb 5-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 332.065870][ T5907] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 332.065891][ T5907] usb 5-1: Product: syz [ 332.065905][ T5907] usb 5-1: Manufacturer: syz [ 332.065920][ T5907] usb 5-1: SerialNumber: syz [ 332.325737][ T6914] hsr_slave_0: entered promiscuous mode [ 332.327279][ T6914] hsr_slave_1: entered promiscuous mode [ 332.330415][ T6914] debugfs: 'hsr0' already exists in 'hsr' [ 332.330441][ T6914] Cannot create hsr debugfs directory [ 332.350515][ T5907] usb 5-1: Found UVC 7.01 device syz (8086:0b07) [ 332.350557][ T5907] usb 5-1: No valid video chain found. [ 332.350707][ T5907] usb 5-1: selecting invalid altsetting 0 [ 332.426888][ T5907] usb 5-1: selecting invalid altsetting 0 [ 332.426946][ T5907] usbtest 5-1:220.1: probe with driver usbtest failed with error -22 [ 332.457638][ T5907] usb 5-1: USB disconnect, device number 12 [ 333.289750][ T5907] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 333.425937][ T7281] mmap: syz.4.354 (7281) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 333.451831][ T5907] usb 1-1: Using ep0 maxpacket: 8 [ 333.462593][ T5907] usb 1-1: New USB device found, idVendor=047d, idProduct=5003, bcdDevice=2f.8c [ 333.462622][ T5907] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 333.462642][ T5907] usb 1-1: Product: syz [ 333.462656][ T5907] usb 1-1: Manufacturer: syz [ 333.462669][ T5907] usb 1-1: SerialNumber: syz [ 333.471508][ T5907] usb 1-1: config 0 descriptor?? [ 333.494488][ T5907] gspca_main: se401-2.14.0 probing 047d:5003 [ 333.778636][ T37] audit: type=1326 audit(1757554038.646:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7287 comm="syz.3.357" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff6861feba9 code=0x7ffc0000 [ 333.780779][ T37] audit: type=1326 audit(1757554038.646:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7287 comm="syz.3.357" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff6861feba9 code=0x7ffc0000 [ 333.781207][ T37] audit: type=1326 audit(1757554038.646:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7287 comm="syz.3.357" exe="/root/syz-executor" sig=0 arch=c000003e syscall=334 compat=0 ip=0x7ff6861feba9 code=0x7ffc0000 [ 333.853735][ T37] audit: type=1326 audit(1757554038.646:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7287 comm="syz.3.357" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff6861feba9 code=0x7ffc0000 [ 333.854073][ T37] audit: type=1326 audit(1757554038.712:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7287 comm="syz.3.357" exe="/root/syz-executor" sig=0 arch=c000003e syscall=305 compat=0 ip=0x7ff6861feba9 code=0x7ffc0000 [ 333.854409][ T37] audit: type=1326 audit(1757554038.712:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7287 comm="syz.3.357" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff6861feba9 code=0x7ffc0000 [ 333.854970][ T37] audit: type=1326 audit(1757554038.712:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7287 comm="syz.3.357" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff6861feba9 code=0x7ffc0000 [ 333.910402][ T5907] gspca_se401: ExtraFeatures: 24 [ 334.046383][ T1122] bridge_slave_1: left allmulticast mode [ 334.046422][ T1122] bridge_slave_1: left promiscuous mode [ 334.046667][ T1122] bridge0: port 2(bridge_slave_1) entered disabled state [ 334.130540][ T5907] input: se401 as /devices/platform/dummy_hcd.0/usb1/1-1/input/input5 [ 334.148977][ T1122] bridge_slave_0: left allmulticast mode [ 334.149009][ T1122] bridge_slave_0: left promiscuous mode [ 334.149342][ T1122] bridge0: port 1(bridge_slave_0) entered disabled state [ 334.220978][ T5907] usb 1-1: USB disconnect, device number 3 [ 334.265400][ T1122] bridge_slave_1: left allmulticast mode [ 334.265431][ T1122] bridge_slave_1: left promiscuous mode [ 334.265658][ T1122] bridge0: port 2(bridge_slave_1) entered disabled state [ 334.349661][ T1122] bridge_slave_0: left allmulticast mode [ 334.349695][ T1122] bridge_slave_0: left promiscuous mode [ 334.349951][ T1122] bridge0: port 1(bridge_slave_0) entered disabled state [ 337.107081][ T1122] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 337.195661][ T1122] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 337.232665][ T1122] bond0 (unregistering): Released all slaves [ 337.587844][ T1122] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 337.655563][ T1122] bond0 (unregistering): Released all slaves [ 338.336968][ T7336] Bluetooth: received HCILL_WAKE_UP_ACK in state 2 [ 338.623740][ T6033] usb 5-1: new high-speed USB device number 13 using dummy_hcd [ 340.515981][ T5837] Bluetooth: hci2: Opcode 0x1003 failed: -110 [ 340.547868][ T6033] usb 5-1: Using ep0 maxpacket: 8 [ 340.551527][ T6033] usb 5-1: config index 0 descriptor too short (expected 5924, got 36) [ 340.551554][ T6033] usb 5-1: config 250 has an invalid interface number: 228 but max is -1 [ 340.551576][ T6033] usb 5-1: config 250 has 1 interface, different from the descriptor's value: 0 [ 340.551597][ T6033] usb 5-1: config 250 has no interface number 0 [ 340.551649][ T6033] usb 5-1: config 250 interface 228 altsetting 255 endpoint 0x1 has invalid maxpacket 65280, setting to 1024 [ 340.551677][ T6033] usb 5-1: config 250 interface 228 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 1024 [ 340.551702][ T6033] usb 5-1: config 250 interface 228 altsetting 255 bulk endpoint 0x82 has invalid maxpacket 26 [ 340.551727][ T6033] usb 5-1: config 250 interface 228 altsetting 255 has 2 endpoint descriptors, different from the interface descriptor's value: 17 [ 340.551755][ T6033] usb 5-1: config 250 interface 228 has no altsetting 0 [ 340.555578][ T6033] usb 5-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07 [ 340.555606][ T6033] usb 5-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59 [ 340.555626][ T6033] usb 5-1: Product: syz [ 340.555641][ T6033] usb 5-1: SerialNumber: syz [ 340.734985][ T6033] hub 5-1:250.228: bad descriptor, ignoring hub [ 340.735016][ T6033] hub 5-1:250.228: probe with driver hub failed with error -5 [ 340.996253][ T6033] usblp 5-1:250.228: usblp0: USB Bidirectional printer dev 13 if 228 alt 255 proto 3 vid 0x0525 pid 0xD292 [ 341.041298][ T7356] netlink: 12 bytes leftover after parsing attributes in process `syz.0.383'. [ 341.328607][ T6088] usb 5-1: USB disconnect, device number 13 [ 341.334578][ T6088] usblp0: removed [ 341.434997][ T5954] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 341.635657][ T5954] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 341.635687][ T5954] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 341.635707][ T5954] usb 4-1: Product: syz [ 341.635721][ T5954] usb 4-1: Manufacturer: syz [ 341.635735][ T5954] usb 4-1: SerialNumber: syz [ 341.646570][ T5954] usb 4-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 341.899333][ T5848] usb 4-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 341.941083][ T1122] hsr_slave_0: left promiscuous mode [ 341.962626][ T1122] hsr_slave_1: left promiscuous mode [ 341.964426][ T1122] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 341.964455][ T1122] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 342.005183][ T1122] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 342.005216][ T1122] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 343.113633][ T5848] ath9k_htc 4-1:1.0: ath9k_htc: Target is unresponsive [ 343.114152][ T5848] ath9k_htc: Failed to initialize the device [ 343.409502][ T7381] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 343.586698][ T7383] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 346.333716][ T9] usb 4-1: USB disconnect, device number 4 [ 346.424153][ T9] usb 4-1: ath9k_htc: USB layer deinitialized [ 346.435171][ T1122] veth1_macvtap: left promiscuous mode [ 346.435296][ T1122] veth0_macvtap: left promiscuous mode [ 346.435635][ T1122] veth1_vlan: left promiscuous mode [ 346.435850][ T1122] veth0_vlan: left promiscuous mode [ 346.802282][ T44] usb 5-1: new high-speed USB device number 14 using dummy_hcd [ 346.982686][ T44] usb 5-1: Using ep0 maxpacket: 32 [ 346.987439][ T44] usb 5-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40 [ 346.987467][ T44] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 347.018305][ T44] usb 5-1: config 0 descriptor?? [ 347.248709][ T44] dvb-usb: found a 'Elgato EyeTV Sat' in warm state. [ 347.267997][ T44] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 347.270405][ T44] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat) [ 347.270521][ T44] usb 5-1: media controller created [ 347.342885][ T44] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 347.477832][ T44] az6027: usb out operation failed. (-71) [ 347.478257][ T44] az6027: usb out operation failed. (-71) [ 347.478270][ T44] stb0899_attach: Driver disabled by Kconfig [ 347.478279][ T44] az6027: no front-end attached [ 347.478279][ T44] [ 347.478682][ T44] az6027: usb out operation failed. (-71) [ 347.478704][ T44] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat' [ 347.481936][ T44] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.4/usb5/5-1/input/input6 [ 347.543190][ T44] dvb-usb: schedule remote query interval to 400 msecs. [ 347.543214][ T44] dvb-usb: Elgato EyeTV Sat successfully initialized and connected. [ 347.571097][ T44] usb 5-1: USB disconnect, device number 14 [ 347.768574][ T44] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected. [ 347.964225][ T37] audit: type=1326 audit(1757554051.902:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7404 comm="syz.0.401" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f947ea7eba9 code=0x7ffc0000 [ 347.964286][ T37] audit: type=1326 audit(1757554051.902:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7404 comm="syz.0.401" exe="/root/syz-executor" sig=0 arch=c000003e syscall=200 compat=0 ip=0x7f947ea7eba9 code=0x7ffc0000 [ 347.964324][ T37] audit: type=1326 audit(1757554051.902:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7404 comm="syz.0.401" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f947ea7eba9 code=0x7ffc0000 [ 347.964359][ T37] audit: type=1326 audit(1757554051.912:41): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7404 comm="syz.0.401" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f947ea7eba9 code=0x7ffc0000 [ 349.082899][ T7421] ALSA: mixer_oss: invalid OSS volume 'PHOõfiЧaEEAKER' [ 349.083813][ T7421] ALSA: mixer_oss: invalid OSS volume 'Â' [ 349.259618][ T1897] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 349.446389][ T1897] usb 1-1: Using ep0 maxpacket: 8 [ 349.448955][ T1897] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 349.448985][ T1897] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 349.449009][ T1897] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 349.449032][ T1897] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 349.449073][ T1897] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 349.449095][ T1897] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 349.716923][ T1897] usb 1-1: GET_CAPABILITIES returned 0 [ 349.716975][ T1897] usbtmc 1-1:16.0: can't read capabilities [ 349.948876][ T5848] usb 1-1: USB disconnect, device number 4 [ 350.286508][ T1122] team0 (unregistering): Port device team_slave_1 removed [ 350.681927][ T1122] team0 (unregistering): Port device team_slave_0 removed [ 351.284741][ T7447] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 354.240850][ T6912] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 354.918308][ T6912] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 355.318433][ T6912] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 355.904864][ T6914] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 356.037913][ T6914] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 356.089415][ T6914] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 356.163452][ T6914] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 356.281460][ T5837] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 356.299684][ T5837] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 356.301011][ T5837] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 356.333895][ T5837] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 356.352451][ T5837] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 356.485538][ T5848] usb 5-1: new high-speed USB device number 15 using dummy_hcd [ 356.653348][ T5848] usb 5-1: Using ep0 maxpacket: 16 [ 356.660972][ T5848] usb 5-1: config 0 has an invalid interface number: 8 but max is 0 [ 356.661000][ T5848] usb 5-1: config 0 has no interface number 0 [ 356.661046][ T5848] usb 5-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 356.661071][ T5848] usb 5-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 356.665311][ T5848] usb 5-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f [ 356.665339][ T5848] usb 5-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3 [ 356.665359][ T5848] usb 5-1: Product: syz [ 356.665373][ T5848] usb 5-1: SerialNumber: syz [ 356.680075][ T5848] usb 5-1: config 0 descriptor?? [ 356.726963][ T5848] cm109 5-1:0.8: invalid payload size 0, expected 4 [ 356.730215][ T5848] input: CM109 USB driver as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.8/input/input7 [ 356.958604][ C0] cm109 5-1:0.8: cm109_urb_ctl_callback: usb_submit_urb (urb_irq) failed -90 [ 357.187134][ C0] cm109 5-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 357.189141][ C0] cm109 5-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 357.189496][ C0] cm109 5-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 357.189756][ C0] cm109 5-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 357.191074][ C0] cm109 5-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 357.191824][ C0] cm109 5-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 357.192072][ C0] cm109 5-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 357.192351][ C0] cm109 5-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 357.192598][ C0] cm109 5-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 357.192716][ T1897] usb 5-1: USB disconnect, device number 15 [ 357.192847][ C0] cm109 5-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 357.192869][ C0] cm109 5-1:0.8: cm109_submit_buzz_toggle: usb_submit_urb (urb_ctl) failed -19 [ 357.351481][ T1897] cm109 5-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19 [ 357.836838][ T6914] 8021q: adding VLAN 0 to HW filter on device bond0 [ 358.052104][ T6914] 8021q: adding VLAN 0 to HW filter on device team0 [ 358.086350][ T1166] bridge0: port 1(bridge_slave_0) entered blocking state [ 358.086574][ T1166] bridge0: port 1(bridge_slave_0) entered forwarding state [ 358.148318][ T1166] bridge0: port 2(bridge_slave_1) entered blocking state [ 358.148472][ T1166] bridge0: port 2(bridge_slave_1) entered forwarding state [ 358.304649][ T7492] chnl_net:caif_netlink_parms(): no params data found [ 358.570258][ T5157] Bluetooth: hci2: command tx timeout [ 358.676839][ T6033] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 358.861132][ T6033] usb 4-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 358.861196][ T6033] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 358.861222][ T6033] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 358.861244][ T6033] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 358.863741][ T6033] usb 4-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 358.863769][ T6033] usb 4-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 358.863790][ T6033] usb 4-1: Manufacturer: syz [ 358.880307][ T6033] usb 4-1: config 0 descriptor?? [ 359.430822][ T7492] bridge0: port 1(bridge_slave_0) entered blocking state [ 359.431708][ T7492] bridge0: port 1(bridge_slave_0) entered disabled state [ 359.431954][ T7492] bridge_slave_0: entered allmulticast mode [ 359.434714][ T7492] bridge_slave_0: entered promiscuous mode [ 359.456917][ T6033] appleir 0003:05AC:8243.0003: item fetching failed at offset 0/1 [ 359.457859][ T6033] appleir 0003:05AC:8243.0003: parse failed [ 359.457966][ T6033] appleir 0003:05AC:8243.0003: probe with driver appleir failed with error -22 [ 359.518632][ T7492] bridge0: port 2(bridge_slave_1) entered blocking state [ 359.518886][ T7492] bridge0: port 2(bridge_slave_1) entered disabled state [ 359.519113][ T7492] bridge_slave_1: entered allmulticast mode [ 359.533404][ T7492] bridge_slave_1: entered promiscuous mode [ 359.677285][ T31] usb 4-1: USB disconnect, device number 5 [ 359.988287][ T7492] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 360.118155][ T7492] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 360.290902][ T44] usb 1-1: new full-speed USB device number 5 using dummy_hcd [ 360.454774][ T44] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64 [ 360.454824][ T44] usb 1-1: New USB device found, idVendor=04f3, idProduct=0755, bcdDevice= 0.00 [ 360.454847][ T44] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 360.463991][ T44] usb 1-1: config 0 descriptor?? [ 360.466091][ T7568] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 360.743386][ T7492] team0: Port device team_slave_0 added [ 360.763615][ T7492] team0: Port device team_slave_1 added [ 360.782637][ T5157] Bluetooth: hci2: command tx timeout [ 360.980611][ T44] elan 0003:04F3:0755.0004: hidraw0: USB HID v1.01 Device [HID 04f3:0755] on usb-dummy_hcd.0-1/input0 [ 361.060599][ T31] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 361.148820][ T9] usb 1-1: USB disconnect, device number 5 [ 361.226069][ T31] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 361.226103][ T31] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 361.226125][ T31] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 361.226164][ T31] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 361.226187][ T31] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 361.289050][ T31] usb 4-1: config 0 descriptor?? [ 361.409437][ T7492] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 361.409454][ T7492] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 361.409479][ T7492] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 361.414214][ T7492] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 361.414229][ T7492] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 361.414253][ T7492] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 361.811225][ T31] plantronics 0003:047F:FFFF.0005: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 362.081536][ T6033] usb 4-1: USB disconnect, device number 6 [ 362.140108][ T31] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 362.149315][ T7597] geneve1: entered promiscuous mode [ 362.204378][ T7597] geneve1: left promiscuous mode [ 362.303414][ T31] usb 1-1: config 1 interface 0 altsetting 127 bulk endpoint 0x81 has invalid maxpacket 64 [ 362.303447][ T31] usb 1-1: config 1 interface 0 altsetting 127 bulk endpoint 0x2 has invalid maxpacket 32 [ 362.303472][ T31] usb 1-1: config 1 interface 0 has no altsetting 0 [ 362.307615][ T31] usb 1-1: New USB device found, idVendor=0bda, idProduct=8150, bcdDevice= 0.40 [ 362.307644][ T31] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 362.307664][ T31] usb 1-1: Product: syz [ 362.307678][ T31] usb 1-1: Manufacturer: syz [ 362.307692][ T31] usb 1-1: SerialNumber: syz [ 362.353020][ T5837] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 362.365785][ T5837] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 362.367064][ T5837] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 362.369529][ T5837] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 362.371849][ T5837] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 362.426866][ T7595] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 362.427007][ T7595] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 362.965059][ T7492] hsr_slave_0: entered promiscuous mode [ 362.968618][ T7492] hsr_slave_1: entered promiscuous mode [ 362.970557][ T7492] debugfs: 'hsr0' already exists in 'hsr' [ 362.970583][ T7492] Cannot create hsr debugfs directory [ 363.006775][ T5837] Bluetooth: hci2: command tx timeout [ 363.581388][ T31] (unnamed net_device) (uninitialized): Assigned a random MAC address: 7a:30:57:60:84:87 [ 364.620109][ T5837] Bluetooth: hci3: command tx timeout [ 365.235685][ T5837] Bluetooth: hci2: command tx timeout [ 366.768748][ T5837] Bluetooth: hci3: command tx timeout [ 368.996399][ T5837] Bluetooth: hci3: command tx timeout [ 375.063523][ T5837] Bluetooth: hci3: command tx timeout [ 378.333497][ C1] sched: DL replenish lagged too much [ 396.201416][ T1325] ieee802154 phy0 wpan0: encryption failed: -22 [ 396.201491][ T1325] ieee802154 phy1 wpan1: encryption failed: -22 [ 417.160344][ T5157] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 417.163756][ T5157] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 417.190713][ T5157] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 417.192053][ T5157] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 417.192928][ T5157] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 417.262444][ T5157] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 417.283100][ T5157] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 417.284343][ T5157] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 417.285715][ T5157] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 417.309753][ T5157] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 417.458343][ T5157] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 417.484947][ T5157] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 417.486155][ T5157] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 417.487354][ T5157] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 417.488146][ T5157] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 419.445928][ T5837] Bluetooth: hci5: command tx timeout [ 419.531096][ T5157] Bluetooth: hci6: command tx timeout [ 419.713222][ T5157] Bluetooth: hci7: command tx timeout [ 420.419332][ T5837] Bluetooth: hci8: unexpected cc 0x0c03 length: 249 > 1 [ 420.439215][ T5837] Bluetooth: hci8: unexpected cc 0x1003 length: 249 > 9 [ 420.449221][ T5837] Bluetooth: hci8: unexpected cc 0x1001 length: 249 > 9 [ 420.469929][ T5837] Bluetooth: hci8: unexpected cc 0x0c23 length: 249 > 4 [ 420.470858][ T5837] Bluetooth: hci8: unexpected cc 0x0c38 length: 249 > 2 [ 421.669079][ T5837] Bluetooth: hci5: command tx timeout [ 421.754507][ T5837] Bluetooth: hci6: command tx timeout [ 421.925484][ T5837] Bluetooth: hci7: command tx timeout [ 422.695249][ T5837] Bluetooth: hci8: command tx timeout [ 423.892367][ T5837] Bluetooth: hci5: command tx timeout [ 423.977871][ T5837] Bluetooth: hci6: command tx timeout [ 424.159408][ T5837] Bluetooth: hci7: command tx timeout [ 424.918722][ T5837] Bluetooth: hci8: command tx timeout [ 426.126698][ T5837] Bluetooth: hci5: command tx timeout [ 426.211793][ T5837] Bluetooth: hci6: command tx timeout [ 426.372478][ T5837] Bluetooth: hci7: command tx timeout [ 426.870026][ T5157] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 426.887557][ T5157] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 426.888773][ T5157] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 426.890273][ T5157] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 426.891065][ T5157] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 427.152682][ T5157] Bluetooth: hci8: command tx timeout [ 429.376154][ T5157] Bluetooth: hci8: command tx timeout [ 432.361681][ T31] rtl8150 1-1:1.0: eth10: rtl8150 is detected [ 432.403503][ T31] usb 1-1: USB disconnect, device number 6 [ 434.410705][ T5157] Bluetooth: hci0: command tx timeout [ 436.645219][ T5157] Bluetooth: hci0: command tx timeout [ 438.857210][ T5157] Bluetooth: hci0: command tx timeout [ 441.080675][ T5157] Bluetooth: hci0: command tx timeout [ 461.876634][ T1325] ieee802154 phy0 wpan0: encryption failed: -22 [ 461.876712][ T1325] ieee802154 phy1 wpan1: encryption failed: -22 [ 481.729611][ T5837] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 481.753912][ T5837] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 481.755271][ T5837] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 481.756620][ T5837] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 481.757517][ T5837] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 481.922971][ T5837] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 481.942283][ T5837] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 481.943600][ T5837] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 481.944971][ T5837] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 481.968274][ T5837] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 482.063484][ T5157] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 482.081723][ T5157] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 482.083030][ T5157] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 482.084223][ T5157] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 482.118417][ T5157] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 484.009028][ T5157] Bluetooth: hci1: command tx timeout [ 484.180092][ T5157] Bluetooth: hci2: command tx timeout [ 484.351187][ T5157] Bluetooth: hci4: command tx timeout [ 485.483869][ T5837] Bluetooth: hci9: unexpected cc 0x0c03 length: 249 > 1 [ 485.493316][ T5837] Bluetooth: hci9: unexpected cc 0x1003 length: 249 > 9 [ 485.494549][ T5837] Bluetooth: hci9: unexpected cc 0x1001 length: 249 > 9 [ 485.517086][ T5837] Bluetooth: hci9: unexpected cc 0x0c23 length: 249 > 4 [ 485.518227][ T5837] Bluetooth: hci9: unexpected cc 0x0c38 length: 249 > 2 [ 486.232647][ T5157] Bluetooth: hci1: command tx timeout [ 486.403510][ T5157] Bluetooth: hci2: command tx timeout [ 486.574386][ T5157] Bluetooth: hci4: command tx timeout [ 487.771840][ T5157] Bluetooth: hci9: command tx timeout [ 488.455877][ T5157] Bluetooth: hci1: command tx timeout [ 488.626812][ T5157] Bluetooth: hci2: command tx timeout [ 488.797691][ T5157] Bluetooth: hci4: command tx timeout [ 489.995184][ T5157] Bluetooth: hci9: command tx timeout [ 490.679283][ T5157] Bluetooth: hci1: command tx timeout [ 490.850312][ T5157] Bluetooth: hci2: command tx timeout [ 491.021208][ T5157] Bluetooth: hci4: command tx timeout [ 492.073070][ T5837] Bluetooth: hci10: unexpected cc 0x0c03 length: 249 > 1 [ 492.075913][ T5837] Bluetooth: hci10: unexpected cc 0x1003 length: 249 > 9 [ 492.077420][ T5837] Bluetooth: hci10: unexpected cc 0x1001 length: 249 > 9 [ 492.078617][ T5837] Bluetooth: hci10: unexpected cc 0x0c23 length: 249 > 4 [ 492.109252][ T5837] Bluetooth: hci10: unexpected cc 0x0c38 length: 249 > 2 [ 492.218535][ T5837] Bluetooth: hci9: command tx timeout [ 494.356246][ T5837] Bluetooth: hci10: command tx timeout [ 494.441861][ T5837] Bluetooth: hci9: command tx timeout [ 496.579653][ T5837] Bluetooth: hci10: command tx timeout [ 496.932628][ T5837] Bluetooth: hci3: command 0x0406 tx timeout [ 498.813696][ T5837] Bluetooth: hci10: command tx timeout [ 501.026450][ T5837] Bluetooth: hci10: command tx timeout [ 527.549363][ T1325] ieee802154 phy0 wpan0: encryption failed: -22 [ 527.549442][ T1325] ieee802154 phy1 wpan1: encryption failed: -22 [ 546.416952][ T5837] Bluetooth: hci11: unexpected cc 0x0c03 length: 249 > 1 [ 546.437600][ T5837] Bluetooth: hci11: unexpected cc 0x1003 length: 249 > 9 [ 546.440439][ T5837] Bluetooth: hci11: unexpected cc 0x1001 length: 249 > 9 [ 546.441737][ T5837] Bluetooth: hci11: unexpected cc 0x0c23 length: 249 > 4 [ 546.442651][ T5837] Bluetooth: hci11: unexpected cc 0x0c38 length: 249 > 2 [ 546.574786][ T7681] Bluetooth: hci12: unexpected cc 0x0c03 length: 249 > 1 [ 546.577824][ T7681] Bluetooth: hci12: unexpected cc 0x1003 length: 249 > 9 [ 546.579068][ T7681] Bluetooth: hci12: unexpected cc 0x1001 length: 249 > 9 [ 546.580224][ T7681] Bluetooth: hci12: unexpected cc 0x0c23 length: 249 > 4 [ 546.581006][ T7681] Bluetooth: hci12: unexpected cc 0x0c38 length: 249 > 2 [ 546.699359][ T59] Bluetooth: hci13: unexpected cc 0x0c03 length: 249 > 1 [ 546.722857][ T59] Bluetooth: hci13: unexpected cc 0x1003 length: 249 > 9 [ 546.733492][ T59] Bluetooth: hci13: unexpected cc 0x1001 length: 249 > 9 [ 546.743123][ T59] Bluetooth: hci13: unexpected cc 0x0c23 length: 249 > 4 [ 546.743965][ T59] Bluetooth: hci13: unexpected cc 0x0c38 length: 249 > 2 [ 551.135624][ T7690] Bluetooth: hci14: unexpected cc 0x0c03 length: 249 > 1 [ 551.190473][ T7690] Bluetooth: hci14: unexpected cc 0x1003 length: 249 > 9 [ 551.199830][ T7690] Bluetooth: hci14: unexpected cc 0x1001 length: 249 > 9 [ 551.201143][ T7690] Bluetooth: hci14: unexpected cc 0x0c23 length: 249 > 4 [ 551.217356][ T7690] Bluetooth: hci14: unexpected cc 0x0c38 length: 249 > 2 [ 557.365547][ T7698] Bluetooth: hci15: unexpected cc 0x0c03 length: 249 > 1 [ 557.393769][ T7698] Bluetooth: hci15: unexpected cc 0x1003 length: 249 > 9 [ 557.395037][ T7698] Bluetooth: hci15: unexpected cc 0x1001 length: 249 > 9 [ 557.396987][ T7698] Bluetooth: hci15: unexpected cc 0x0c23 length: 249 > 4 [ 557.397771][ T7698] Bluetooth: hci15: unexpected cc 0x0c38 length: 249 > 2 [ 568.082145][ T7685] Bluetooth: hci0: command 0x0406 tx timeout [ 593.237494][ T1325] ieee802154 phy0 wpan0: encryption failed: -22 [ 593.237575][ T1325] ieee802154 phy1 wpan1: encryption failed: -22 [ 606.275716][ T5837] Bluetooth: hci11: command tx timeout [ 608.433202][ T7685] Bluetooth: hci15: command tx timeout [ 608.433586][ T7685] Bluetooth: hci12: command tx timeout [ 608.433744][ T7685] Bluetooth: hci13: command tx timeout [ 608.433876][ T7685] Bluetooth: hci11: command tx timeout [ 608.465059][ T7690] Bluetooth: hci14: command tx timeout [ 610.656433][ T59] Bluetooth: hci13: command tx timeout [ 610.656464][ T59] Bluetooth: hci11: command tx timeout [ 610.656485][ T59] Bluetooth: hci15: command tx timeout [ 610.656505][ T59] Bluetooth: hci12: command tx timeout [ 610.656733][ T7690] Bluetooth: hci14: command tx timeout [ 610.715261][ T5157] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 610.737548][ T5157] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 610.738936][ T5157] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 610.740294][ T5157] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 610.741211][ T5157] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 610.904426][ T7690] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 610.924954][ T7690] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 610.926219][ T7690] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 610.927416][ T7690] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 610.928465][ T7690] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 610.986561][ T5157] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 611.019917][ T5157] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 611.021212][ T5157] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 611.022787][ T5157] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 611.023607][ T5157] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 612.879665][ T7690] Bluetooth: hci14: command tx timeout [ 612.879697][ T7690] Bluetooth: hci12: command tx timeout [ 612.879718][ T7690] Bluetooth: hci15: command tx timeout [ 612.879738][ T7690] Bluetooth: hci11: command tx timeout [ 612.879757][ T7690] Bluetooth: hci13: command tx timeout [ 612.965537][ T7690] Bluetooth: hci5: command tx timeout [ 613.136234][ T7690] Bluetooth: hci6: command tx timeout [ 613.224931][ T7690] Bluetooth: hci7: command tx timeout [ 615.115749][ T59] Bluetooth: hci13: command tx timeout [ 615.115782][ T59] Bluetooth: hci15: command tx timeout [ 615.115804][ T59] Bluetooth: hci12: command tx timeout [ 615.115825][ T59] Bluetooth: hci14: command tx timeout [ 615.190109][ T5157] Bluetooth: hci5: command tx timeout [ 615.370339][ T5157] Bluetooth: hci6: command tx timeout [ 615.445255][ T5157] Bluetooth: hci7: command tx timeout [ 616.705014][ T7681] Bluetooth: hci8: unexpected cc 0x0c03 length: 249 > 1 [ 616.733381][ T7681] Bluetooth: hci8: unexpected cc 0x1003 length: 249 > 9 [ 616.734747][ T7681] Bluetooth: hci8: unexpected cc 0x1001 length: 249 > 9 [ 616.735909][ T7681] Bluetooth: hci8: unexpected cc 0x0c23 length: 249 > 4 [ 616.736713][ T7681] Bluetooth: hci8: unexpected cc 0x0c38 length: 249 > 2 [ 617.326604][ T7681] Bluetooth: hci4: command 0x0406 tx timeout [ 617.326885][ T7681] Bluetooth: hci9: command 0x0406 tx timeout [ 617.326979][ T7681] Bluetooth: hci2: command 0x0406 tx timeout [ 617.327067][ T7681] Bluetooth: hci1: command 0x0406 tx timeout [ 617.416345][ T5157] Bluetooth: hci5: command tx timeout [ 617.583108][ T5157] Bluetooth: hci6: command tx timeout [ 617.668637][ T5157] Bluetooth: hci7: command tx timeout [ 618.951293][ T5157] Bluetooth: hci8: command tx timeout [ 619.635589][ T5157] Bluetooth: hci5: command tx timeout [ 619.812616][ T5157] Bluetooth: hci6: command tx timeout [ 619.892175][ T5157] Bluetooth: hci7: command tx timeout [ 621.174690][ T5157] Bluetooth: hci8: command tx timeout [ 622.418962][ T5837] Bluetooth: hci16: unexpected cc 0x0c03 length: 249 > 1 [ 622.439486][ T5837] Bluetooth: hci16: unexpected cc 0x1003 length: 249 > 9 [ 622.440979][ T5837] Bluetooth: hci16: unexpected cc 0x1001 length: 249 > 9 [ 622.442165][ T5837] Bluetooth: hci16: unexpected cc 0x0c23 length: 249 > 4 [ 622.442938][ T5837] Bluetooth: hci16: unexpected cc 0x0c38 length: 249 > 2 [ 622.810888][ T5157] Bluetooth: hci10: command 0x0406 tx timeout [ 623.398050][ T5157] Bluetooth: hci8: command tx timeout [ 625.621607][ T5157] Bluetooth: hci8: command tx timeout [ 638.373887][ T38] INFO: task kworker/u8:1:13 blocked for more than 143 seconds. [ 638.373916][ T38] Not tainted syzkaller #0 [ 638.373927][ T38] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 638.373939][ T38] task:kworker/u8:1 state:D stack:20088 pid:13 tgid:13 ppid:2 task_flags:0x4208060 flags:0x00004000 [ 638.373987][ T38] Workqueue: ipv6_addrconf addrconf_dad_work [ 638.374026][ T38] Call Trace: [ 638.374032][ T38] [ 638.374046][ T38] __schedule+0x16f3/0x4c20 [ 638.374101][ T38] ? __pfx___schedule+0x10/0x10 [ 638.374145][ T38] ? _raw_spin_unlock_irq+0x23/0x50 [ 638.374176][ T38] rt_mutex_schedule+0x77/0xf0 [ 638.374196][ T38] rt_mutex_slowlock_block+0x5ba/0x6d0 [ 638.374219][ T38] ? task_blocks_on_rt_mutex+0x78c/0x1380 [ 638.374259][ T38] rt_mutex_slowlock+0x2b1/0x6e0 [ 638.374284][ T38] ? rt_mutex_slowlock+0x1c9/0x6e0 [ 638.374307][ T38] ? __pfx_rt_mutex_slowlock+0x10/0x10 [ 638.374340][ T38] ? lockdep_hardirqs_on+0x9c/0x150 [ 638.374371][ T38] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 638.374407][ T38] ? addrconf_dad_work+0x119/0x15a0 [ 638.374425][ T38] mutex_lock_nested+0x16a/0x1d0 [ 638.374452][ T38] ? addrconf_dad_work+0x119/0x15a0 [ 638.374475][ T38] addrconf_dad_work+0x119/0x15a0 [ 638.374499][ T38] ? __lock_acquire+0xab9/0xd20 [ 638.374531][ T38] ? __pfx_addrconf_dad_work+0x10/0x10 [ 638.374551][ T38] ? process_scheduled_works+0x9ef/0x17b0 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 638.374581][ T38] ? _raw_spin_unlock_irq+0x23/0x50 [ 638.374607][ T38] ? process_scheduled_works+0x9ef/0x17b0 [ 638.374643][ T38] ? process_scheduled_works+0x9ef/0x17b0 [ 638.374668][ T38] process_scheduled_works+0xade/0x17b0 [ 638.374721][ T38] ? __pfx_process_scheduled_works+0x10/0x10 [ 638.374763][ T38] worker_thread+0x8a0/0xda0 [ 638.374815][ T38] kthread+0x70e/0x8a0 [ 638.374845][ T38] ? __pfx_worker_thread+0x10/0x10 [ 638.374868][ T38] ? __pfx_kthread+0x10/0x10 [ 638.374900][ T38] ? __pfx_kthread+0x10/0x10 [ 638.374927][ T38] ret_from_fork+0x3f9/0x770 [ 638.374954][ T38] ? __pfx_ret_from_fork+0x10/0x10 [ 638.374985][ T38] ? __switch_to_asm+0x39/0x70 [ 638.375003][ T38] ? __switch_to_asm+0x33/0x70 [ 638.375019][ T38] ? __pfx_kthread+0x10/0x10 [ 638.375048][ T38] ret_from_fork_asm+0x1a/0x30 [ 638.375083][ T38] [ 638.375133][ T38] INFO: task kworker/u8:7:1122 blocked for more than 143 seconds. [ 638.375147][ T38] Not tainted syzkaller #0 [ 638.375156][ T38] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 638.375164][ T38] task:kworker/u8:7 state:D stack:22744 pid:1122 tgid:1122 ppid:2 task_flags:0x4208060 flags:0x00004000 [ 638.375211][ T38] Workqueue: netns cleanup_net [ 638.375235][ T38] Call Trace: [ 638.375241][ T38] [ 638.375254][ T38] __schedule+0x16f3/0x4c20 [ 638.375306][ T38] ? __pfx___schedule+0x10/0x10 [ 638.375351][ T38] ? _raw_spin_unlock_irq+0x23/0x50 [ 638.375380][ T38] rt_mutex_schedule+0x77/0xf0 [ 638.375399][ T38] rt_mutex_slowlock_block+0x5ba/0x6d0 [ 638.375422][ T38] ? task_blocks_on_rt_mutex+0x78c/0x1380 [ 638.375462][ T38] rt_mutex_slowlock+0x2b1/[ 638.375462][ T38] rt_mutex_slowlock+0x2b1/0x6e0 [ 638.375487][ T38] ? rt_mutex_slowlock+0x1c9/0x6e0 [ 638.375510][ T38] ? __pfx_rt_mutex_slowlock+0x10/0x10 [ 638.375543][ T38] ? lockdep_hardirqs_on+0x9c/0x150 [ 638.375573][ T38] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 638.375610][ T38] ? rtnl_net_dev_lock+0x257/0x2f0 [ 638.375641][ T38] mutex_lock_nested+0x16a/0x1d0 [ 638.375662][ T38] ? rtnl_net_dev_lock+0x257/0x2f0 [ 638.375688][ T38] ? rtnl_net_dev_lock+0x36/0x2f0 [ 638.375713][ T38] rtnl_net_dev_lock+0x257/0x2f0 [ 638.375741][ T38] register_netdevice_notifier_dev_net+0x33/0x240 [ 638.375774][ T38] nsim_create+0xd4d/0xf20 [ 638.375806][ T38] __nsim_dev_port_add+0x6b6/0xb10 [ 638.375841][ T38] ? __pfx___nsim_dev_port_add+0x10/0x10 [ 638.375866][ T38] ? queue_delayed_work_on+0x1f7/0x280 [ 638.375895][ T38] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 638.375944][ T38] nsim_dev_port_add_all+0x37/0xf0 [ 638.375971][ T38] nsim_dev_reload_up+0x451/0x780 [ 638.376003][ T38] ? __pfx_nsim_dev_reload_up+0x10/0x10 [ 638.376042][ T38] devlink_reload+0x4f5/0x8d0 [ 638.376076][ T38] ? __pfx_devlink_reload+0x10/0x10 [ 638.376095][ T38] ? xa_get_mark+0x70f/0x7b0 [ 638.376128][ T38] devlink_pernet_pre_exit+0x1d9/0x3d0 [ 638.376151][ T38] ? __pfx_devlink_pernet_pre_exit+0x10/0x10 [ 638.376179][ T38] ? class_remove_file_ns+0x124/0x160 [ 638.376207][ T38] ops_undo_list+0x184/0x990 [ 638.376240][ T38] ? __pfx_ops_undo_list+0x10/0x10 [ 638.376277][ T38] cleanup_net+0x4cb/0x800 [ 638.376306][ T38] ? __pfx_cleanup_net+0x10/0x10 [ 638.376335][ T38] ? _raw_spin_unlock_irq+0x23/0x50 [ 638.376361][ T38] ? process_scheduled_works+0x9ef/0x17b0 [ 638.376383][ T38] ? process_scheduled_works+0x9ef/0x17b0 [ 638.376408][ T38] process_scheduled_works+0xade/0x17b0 [ 638.376462][ T38] ? __pfx_process_scheduled_works+0x10/0x10 [ 638.376504][ T38] worker_thread+0x8a0/0xda0 [ 638.376531][ T38] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 638.376566][ T38] ? __kthread_parkme+0x7b/0x200 [ 638.376600][ T38] kthread+0x70e/0x8a0 [ 638.376635][ T38] ? __pfx_worker_thread+0x10/0x10 [ 638.376657][ T38] ? __pfx_kthread+0x10/0x10 [ 638.376690][ T38] ? __pfx_kthread+0x10/0x10 [ 638.376718][ T38] ret_from_fork+0x3f9/0x770 [ 638.376745][ T38] ? __pfx_ret_from_fork+0x10/0x10 [ 638.376775][ T38] ? __switch_to_asm+0x39/0x70 [ 638.376792][ T38] ? __switch_to_asm+0x33/0x70 [ 638.376809][ T38] ? __pfx_kthread+0x10/0x10 [ 638.376836][ T38] ret_from_fork_asm+0x1a/0x30 [ 638.376871][ T38] [ 638.376952][ T38] INFO: task kworker/u8:15:6090 blocked for more than 143 seconds. [ 638.376966][ T38] Not tainted syzkaller #0 [ 638.376975][ T38] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 638.376983][ T38] task:kworker/u8:15 state:D stack:22384 pid:6090 tgid:6090 ppid:2 task_flags:0x4208060 flags:0x00004000 [ 638.377029][ T38] Workqueue: events_unbound linkwatch_event [ 638.377049][ T38] Call Trace: [ 638.377055][ T38] [ 638.377067][ T38] __schedule+0x16f3/0x4c20 [ 638.377119][ T38] ? __pfx___schedule+0x10/0x10 [ 638.377164][ T38] ? _raw_spin_unlock_irq+0x23/0x50 [ 638.377194][ T38] rt_mutex_schedule+0x77/0xf0 [ 638.377212][ T38] rt_mutex_slowlock_block+0x5ba/0x6d0 [ 638.377235][ T38] ? task_blocks_on_rt_mutex+0x78c/0x1380 [ 638.377275][ T38] rt_mutex_slowlock+0x2b1/0x6e0 [ 638.377300][ T38] ? rt_mutex_slowlock+0x1c9/0x6e0 [ 638.377324][ T38] ? __pfx_rt_mutex_slowlock+0x10/0x10 [ 638.377357][ T38] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 638.377391][ T38] ? process_scheduled_works+0x9ef/0x17b0 [ 638.377419][ T38] ? linkwatch_event+0xe/0x60 [ 638.377436][ T38] mutex_lock_nested+0x16a/0x1d0 [ 638.377457][ T38] ? linkwatch_event+0xe/0x60 [ 638.377475][ T38] ? process_scheduled_works+0x9ef/0x17b0 [ 638.377500][ T38] linkwatch_event+0xe/0x60 [ 638.377517][ T38] process_scheduled_works+0xade/0x17b0 [ 638.377571][ T38] ? __pfx_process_scheduled_works+0x10/0x10 [ 638.377613][ T38] worker_thread+0x8a0/0xda0 [ 638.377670][ T38] kthread+0x70e/0x8a0 [ 638.377700][ T38] ? __pfx_worker_thread+0x10/0x10 [ 638.377723][ T38] ? __pfx_kthread+0x10/0x10 [ 638.377756][ T38] ? __pfx_kthread+0x10/0x10 [ 638.377783][ T38] ret_from_fork+0x3f9/0x770 [ 638.377810][ T38] ? __pfx_ret_from_fork+0x10/0x10 [ 638.377841][ T38] ? __switch_to_asm+0x39/0x70 [ 638.377858][ T38] ? __switch_to_asm+0x33/0x70 [ 638.377875][ T38] ? __pfx_kthread+0x10/0x10 [ 638.377903][ T38] ret_from_fork_asm+0x1a/0x30 [ 638.377938][ T38] [ 638.377951][ T38] INFO: task syz.3.334:7239 blocked for more than 143 seconds. [ 638.377964][ T38] Not tainted syzkaller #0 [ 638.377973][ T38] Blocked by coredump. [ 638.377979][ T38] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 638.377987][ T38] task:syz.3.334 state:D stack:25704 pid:7239 tgid:7239 ppid:5834 task_flags:0x40044c flags:0x00004006 [ 638.378033][ T38] Call Trace: [ 638.378039][ T38] [ 638.378051][ T38] __schedule+0x16f3/0x4c20 [ 638.378100][ T38] ? __lock_acquire+0xab9/0xd20 [ 638.378124][ T38] ? __pfx___schedule+0x10/0x10 [ 638.378167][ T38] ? schedule+0x91/0x360 [ 638.378196][ T38] schedule+0x165/0x360 [ 638.378223][ T38] schedule_timeout+0x9a/0x270 [ 638.378248][ T38] ? __pfx_schedule_timeout+0x10/0x10 [ 638.378285][ T38] ? _raw_spin_unlock_irq+0x23/0x50 [ 638.378311][ T38] ? lockdep_hardirqs_on+0x9c/0x150 [ 638.378335][ T38] ? wait_for_completion+0x267/0x5d0 [ 638.378364][ T38] wait_for_completion+0x2bf/0x5d0 [ 638.378403][ T38] ? __pfx_wait_for_completion+0x10/0x10 [ 638.378437][ T38] ? __init_swait_queue_head+0xa9/0x150 [ 638.378464][ T38] rcu_barrier+0x463/0x570 [ 638.378492][ T38] ? __pfx_tun_chr_close+0x10/0x10 [ 638.378520][ T38] netdev_run_todo+0x327/0xea0 [ 638.378544][ T38] ? __pfx_netif_state_change+0x10/0x10 [ 638.378568][ T38] ? __pfx_netdev_run_todo+0x10/0x10 [ 638.378586][ T38] ? kasan_quarantine_put+0xdd/0x220 [ 638.378608][ T38] ? lockdep_hardirqs_on+0x9c/0x150 [ 638.378648][ T38] ? netdev_state_change+0x1ca/0x220 [ 638.378675][ T38] ? __pfx_tun_chr_close+0x10/0x10 [ 638.378702][ T38] tun_chr_close+0x13f/0x1c0 [ 638.378730][ T38] __fput+0x45b/0xa80 [ 638.378762][ T38] task_work_run+0x1d4/0x260 [ 638.378785][ T38] ? __pfx_task_work_run+0x10/0x10 [ 638.378805][ T38] ? do_exit+0x6b0/0x2300 [ 638.378821][ T38] ? kmem_cache_free+0x195/0x510 [ 638.378853][ T38] do_exit+0x6b5/0x2300 [ 638.378870][ T38] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 638.378903][ T38] ? __lock_acquire+0xab9/0xd20 [ 638.378929][ T38] ? __pfx_do_exit+0x10/0x10 [ 638.378944][ T38] ? rt_mutex_slowunlock+0x493/0x8a0 [ 638.378969][ T38] ? rt_spin_lock+0x1bb/0x2c0 [ 638.379002][ T38] do_group_exit+0x21c/0x2d0 [ 638.379026][ T38] get_signal+0x125e/0x1310 [ 638.379073][ T38] arch_do_signal_or_restart+0x9a/0x750 [ 638.379096][ T38] ? __pfx_get_timespec64+0x10/0x10 [ 638.379125][ T38] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 638.379163][ T38] ? exit_to_user_mode_loop+0x40/0x110 [ 638.379191][ T38] exit_to_user_mode_loop+0x75/0x110 [ 638.379216][ T38] do_syscall_64+0x2bd/0x3b0 [ 638.379233][ T38] ? lockdep_hardirqs_on+0x9c/0x150 [ 638.379259][ T38] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 638.379278][ T38] ? clear_bhb_loop+0x60/0xb0 [ 638.379301][ T38] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 638.379325][ T38] RIP: 0033:0x7ff686231465 [ 638.379346][ T38] RSP: 002b:00007ff684465f80 EFLAGS: 00000293 ORIG_RAX: 00000000000000e6 [ 638.379364][ T38] RAX: fffffffffffffdfc RBX: 00007ff686445fa0 RCX: 00007ff686231465 [ 638.379378][ T38] RDX: 00007ff684465fc0 RSI: 0000000000000000 RDI: 0000000000000000 [ 638.379390][ T38] RBP: 00007ff686281e19 R08: 0000000000000000 R09: 0000000000000000 [ 638.379402][ T38] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 638.379414][ T38] R13: 00007ff686446038 R14: 00007ff686445fa0 R15: 00007ffd6a231ce8 [ 638.379445][ T38] [ 638.379458][ T38] INFO: task syz-executor:7598 blocked for more than 143 seconds. [ 638.379471][ T38] Not tainted syzkaller #0 [ 638.379480][ T38] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 638.379488][ T38] task:syz-executor state:D stack:25032 pid:7598 tgid:7598 ppid:1 task_flags:0x400140 flags:0x00004006 [ 638.379542][ T38] Call Trace: [ 638.379548][ T38] [ 638.379559][ T38] __schedule+0x16f3/0x4c20 [ 638.379613][ T38] ? __pfx___schedule+0x10/0x10 [ 638.379663][ T38] ? _raw_spin_unlock_irq+0x23/0x50 [ 638.379693][ T38] rt_mutex_schedule+0x77/0xf0 [ 638.379711][ T38] rt_mutex_slowlock_block+0x5ba/0x6d0 [ 638.379734][ T38] ? task_blocks_on_rt_mutex+0xf12/0x1380 [ 638.379774][ T38] rt_mutex_slowlock+0x2b1/0x6e0 [ 638.379799][ T38] ? rt_mutex_slowlock+0x1c9/0x6e0 [ 638.379823][ T38] ? __pfx_rt_mutex_slowlock+0x10/0x10 [ 638.379844][ T38] ? __lock_acquire+0xab9/0xd20 [ 638.379878][ T38] ? ops_undo_list+0x2a4/0x990 [ 638.379907][ T38] ? synchronize_rcu+0x11a/0x310 [ 638.379925][ T38] ? __pfx_synchronize_rcu+0x10/0x10 [ 638.379950][ T38] ? ops_undo_list+0x2a4/0x990 [ 638.379974][ T38] mutex_lock_nested+0x16a/0x1d0 [ 638.380001][ T38] ops_undo_list+0x2a4/0x990 [ 638.380034][ T38] ? __pfx_ops_undo_list+0x10/0x10 [ 638.380057][ T38] ? ops_init+0x469/0x5c0 [ 638.380092][ T38] setup_net+0x2d3/0x320 [ 638.380120][ T38] ? __pfx_setup_net+0x10/0x10 [ 638.380147][ T38] ? __mutex_rt_init+0x3b/0x50 [ 638.380173][ T38] copy_net_ns+0x31b/0x4d0 [ 638.380202][ T38] create_new_namespaces+0x3f3/0x720 [ 638.380230][ T38] ? security_capable+0x7e/0x2e0 [ 638.380265][ T38] unshare_nsproxy_namespaces+0x11c/0x170 [ 638.380292][ T38] ksys_unshare+0x4c8/0x8c0 [ 638.380325][ T38] ? __pfx_ksys_unshare+0x10/0x10 [ 638.380353][ T38] ? rt_spin_unlock+0x65/0x80 [ 638.380387][ T38] __x64_sys_unshare+0x38/0x50 [ 638.380413][ T38] do_syscall_64+0xfa/0x3b0 [ 638.380430][ T38] ? lockdep_hardirqs_on+0x9c/0x150 [ 638.380456][ T38] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 638.380474][ T38] ? clear_bhb_loop+0x60/0xb0 [ 638.380498][ T38] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 638.380516][ T38] RIP: 0033:0x7fd532d203a7 [ 638.380531][ T38] RSP: 002b:00007ffc845ed188 EFLAGS: 00000202 ORIG_RAX: 0000000000000110 [ 638.380549][ T38] RAX: ffffffffffffffda RBX: 00007fd532f65f40 RCX: 00007fd532d203a7 [ 638.380563][ T38] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000000 [ 638.380575][ T38] RBP: 00007fd532f667b8 R08: 0000000000000000 R09: 0000000000000000 [ 638.380587][ T38] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000008 [ 638.380598][ T38] R13: 0000000000000003 R14: 0000000000000009 R15: 0000000000000000 [ 638.380632][ T38] [ 638.380643][ T38] INFO: task syz-executor:7651 blocked for more than 143 seconds. [ 638.380655][ T38] Not tainted syzkaller #0 [ 638.380665][ T38] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 638.380673][ T38] task:syz-executor state:D stack:26344 pid:7651 tgid:7651 ppid:1 task_flags:0x400140 flags:0x00004004 [ 638.380720][ T38] Call Trace: [ 638.380726][ T38] [ 638.380738][ T38] __schedule+0x16f3/0x4c20 [ 638.380783][ T38] ? __kernel_text_address+0xd/0x40 [ 638.380813][ T38] ? __pfx___schedule+0x10/0x10 [ 638.380858][ T38] ? _raw_spin_unlock_irq+0x23/0x50 [ 638.380887][ T38] rt_mutex_schedule+0x77/0xf0 [ 638.380905][ T38] rt_mutex_slowlock_block+0x5ba/0x6d0 [ 638.380928][ T38] ? task_blocks_on_rt_mutex+0x78c/0x1380 [ 638.380968][ T38] rt_mutex_slowlock+0x2b1/0x6e0 [ 638.380993][ T38] ? rt_mutex_slowlock+0x1c9/0x6e0 [ 638.381016][ T38] ? __pfx_rt_mutex_slowlock+0x10/0x10 [ 638.381049][ T38] ? lockdep_hardirqs_on+0x9c/0x150 [ 638.381079][ T38] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 638.381107][ T38] ? bpf_lsm_capable+0x9/0x20 [ 638.381130][ T38] ? security_capable+0x7e/0x2e0 [ 638.381160][ T38] ? rtnl_newlink+0x8db/0x1c70 [ 638.381182][ T38] mutex_lock_nested+0x16a/0x1d0 [ 638.381203][ T38] ? rtnl_newlink+0x8db/0x1c70 [ 638.381231][ T38] rtnl_newlink+0x8db/0x1c70 [ 638.381264][ T38] ? __lock_acquire+0xab9/0xd20 [ 638.381290][ T38] ? __pfx_rtnl_newlink+0x10/0x10 [ 638.381324][ T38] ? __lock_acquire+0xab9/0xd20 [ 638.381355][ T38] ? __lock_acquire+0xab9/0xd20 [ 638.381391][ T38] ? __lock_acquire+0xab9/0xd20 [ 638.381436][ T38] ? is_bpf_text_address+0x26/0x2b0 [ 638.381467][ T38] ? is_bpf_text_address+0x292/0x2b0 [ 638.381491][ T38] ? is_bpf_text_address+0x26/0x2b0 [ 638.381525][ T38] ? __lock_acquire+0xab9/0xd20 [ 638.381581][ T38] ? __pfx_rtnl_newlink+0x10/0x10 [ 638.381605][ T38] rtnetlink_rcv_msg+0x7cf/0xb70 [ 638.381634][ T38] ? __lock_acquire+0xab9/0xd20 [ 638.381659][ T38] ? rtnetlink_rcv_msg+0x1ab/0xb70 [ 638.381683][ T38] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 638.381725][ T38] netlink_rcv_skb+0x205/0x470 [ 638.381750][ T38] ? __lock_acquire+0xab9/0xd20 [ 638.381773][ T38] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 638.381800][ T38] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 638.381838][ T38] ? netlink_deliver_tap+0x2e/0x1b0 [ 638.381871][ T38] netlink_unicast+0x843/0xa10 [ 638.381904][ T38] ? __pfx_netlink_unicast+0x10/0x10 [ 638.381930][ T38] ? netlink_sendmsg+0x642/0xb30 [ 638.381952][ T38] ? skb_put+0x11b/0x210 [ 638.381983][ T38] netlink_sendmsg+0x805/0xb30 [ 638.382019][ T38] ? __pfx_netlink_sendmsg+0x10/0x10 [ 638.382053][ T38] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 638.382072][ T38] ? __pfx_netlink_sendmsg+0x10/0x10 [ 638.382098][ T38] __sock_sendmsg+0x219/0x270 [ 638.382126][ T38] __sys_sendto+0x3c7/0x520 [ 638.382156][ T38] ? __pfx___sys_sendto+0x10/0x10 [ 638.382196][ T38] ? fput_close_sync+0x119/0x200 [ 638.382229][ T38] ? __pfx_fput_close_sync+0x10/0x10 [ 638.382249][ T38] ? rt_spin_unlock+0x65/0x80 [ 638.382278][ T38] __x64_sys_sendto+0xde/0x100 [ 638.382309][ T38] do_syscall_64+0xfa/0x3b0 [ 638.382325][ T38] ? lockdep_hardirqs_on+0x9c/0x150 [ 638.382351][ T38] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 638.382369][ T38] ? clear_bhb_loop+0x60/0xb0 [ 638.382393][ T38] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 638.382411][ T38] RIP: 0033:0x7ff743a10a3c [ 638.382426][ T38] RSP: 002b:00007ffff349c8b0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 638.382444][ T38] RAX: ffffffffffffffda RBX: 00007ff744784620 RCX: 00007ff743a10a3c [ 638.382458][ T38] RDX: 000000000000002c RSI: 00007ff744784670 RDI: 0000000000000003 [ 638.382470][ T38] RBP: 0000000000000000 R08: 00007ffff349c904 R09: 000000000000000c [ 638.382487][ T38] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003 [ 638.382499][ T38] R13: 0000000000000000 R14: 00007ff744784670 R15: 0000000000000000 [ 638.382528][ T38] [ 638.382536][ T38] INFO: task syz-executor:7656 blocked for more than 143 seconds. [ 638.382549][ T38] Not tainted syzkaller #0 [ 638.382558][ T38] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 638.382566][ T38] task:syz-executor state:D stack:26952 pid:7656 tgid:7656 ppid:1 task_flags:0x400140 flags:0x00004004 [ 638.382613][ T38] Call Trace: [ 638.382619][ T38] [ 638.382637][ T38] __schedule+0x16f3/0x4c20 [ 638.382689][ T38] ? __pfx___schedule+0x10/0x10 [ 638.382734][ T38] ? _raw_spin_unlock_irq+0x23/0x50 [ 638.382764][ T38] rt_mutex_schedule+0x77/0xf0 [ 638.382782][ T38] rt_mutex_slowlock_block+0x5ba/0x6d0 [ 638.382805][ T38] ? task_blocks_on_rt_mutex+0xf12/0x1380 [ 638.382845][ T38] rt_mutex_slowlock+0x2b1/0x6e0 [ 638.382870][ T38] ? rt_mutex_slowlock+0x1c9/0x6e0 [ 638.382893][ T38] ? __pfx_rt_mutex_slowlock+0x10/0x10 [ 638.382913][ T38] ? __lock_acquire+0xab9/0xd20 [ 638.382949][ T38] ? inet_rtm_newaddr+0x3b0/0x18b0 [ 638.382977][ T38] ? is_bpf_text_address+0x26/0x2b0 [ 638.383006][ T38] ? inet_rtm_newaddr+0x3b0/0x18b0 [ 638.383024][ T38] mutex_lock_nested+0x16a/0x1d0 [ 638.383052][ T38] inet_rtm_newaddr+0x3b0/0x18b0 [ 638.383083][ T38] ? __pfx_inet_rtm_newaddr+0x10/0x10 [ 638.383123][ T38] ? __pfx_inet_rtm_newaddr+0x10/0x10 [ 638.383143][ T38] rtnetlink_rcv_msg+0x7cf/0xb70 [ 638.383167][ T38] ? __lock_acquire+0xab9/0xd20 [ 638.383192][ T38] ? rtnetlink_rcv_msg+0x1ab/0xb70 [ 638.383216][ T38] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 638.383260][ T38] netlink_rcv_skb+0x205/0x470 [ 638.383282][ T38] ? __lock_acquire+0xab9/0xd20 [ 638.383307][ T38] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 638.383333][ T38] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 638.383371][ T38] ? netlink_deliver_tap+0x2e/0x1b0 [ 638.383404][ T38] netlink_unicast+0x843/0xa10 [ 638.383438][ T38] ? __pfx_netlink_unicast+0x10/0x10 [ 638.383463][ T38] ? netlink_sendmsg+0x642/0xb30 [ 638.383486][ T38] ? skb_put+0x11b/0x210 [ 638.383516][ T38] netlink_sendmsg+0x805/0xb30 [ 638.383551][ T38] ? __pfx_netlink_sendmsg+0x10/0x10 [ 638.383586][ T38] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 638.383616][ T38] ? __pfx_netlink_sendmsg+0x10/0x10 [ 638.383648][ T38] __sock_sendmsg+0x219/0x270 [ 638.383674][ T38] __sys_sendto+0x3c7/0x520 [ 638.383703][ T38] ? __pfx___sys_sendto+0x10/0x10 [ 638.383762][ T38] ? exc_page_fault+0x76/0xf0 [ 638.383793][ T38] ? do_user_addr_fault+0xc8a/0x1390 [ 638.383821][ T38] __x64_sys_sendto+0xde/0x100 [ 638.383852][ T38] do_syscall_64+0xfa/0x3b0 [ 638.383869][ T38] ? lockdep_hardirqs_on+0x9c/0x150 [ 638.383894][ T38] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 638.383913][ T38] ? clear_bhb_loop+0x60/0xb0 [ 638.383936][ T38] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 638.383955][ T38] RIP: 0033:0x7fe388330a3c [ 638.383969][ T38] RSP: 002b:00007ffec841f150 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 638.383988][ T38] RAX: ffffffffffffffda RBX: 00007fe3890a4620 RCX: 00007fe388330a3c [ 638.384002][ T38] RDX: 0000000000000028 RSI: 00007fe3890a4670 RDI: 0000000000000003 [ 638.384013][ T38] RBP: 0000000000000000 R08: 00007ffec841f1a4 R09: 000000000000000c [ 638.384026][ T38] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003 [ 638.384037][ T38] R13: 0000000000000000 R14: 00007fe3890a4670 R15: 0000000000000000 [ 638.384067][ T38] [ 638.384074][ T38] INFO: task syz-executor:7658 blocked for more than 143 seconds. [ 638.384087][ T38] Not tainted syzkaller #0 [ 638.384096][ T38] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 638.384105][ T38] task:syz-executor state:D stack:26952 pid:7658 tgid:7658 ppid:1 task_flags:0x400140 flags:0x00004004 [ 638.384152][ T38] Call Trace: [ 638.384158][ T38] [ 638.384170][ T38] __schedule+0x16f3/0x4c20 [ 638.384221][ T38] ? __pfx___schedule+0x10/0x10 [ 638.384276][ T38] ? _raw_spin_unlock_irq+0x23/0x50 [ 638.644577][ T38] rt_mutex_schedule+0x77/0xf0 [ 638.644607][ T38] rt_mutex_slowlock_block+0x5ba/0x6d0 [ 638.644632][ T38] ? task_blocks_on_rt_mutex+0xf12/0x1380 [ 638.644673][ T38] rt_mutex_slowlock+0x2b1/0x6e0 [ 638.644698][ T38] ? rt_mutex_slowlock+0x1c9/0x6e0 [ 638.644722][ T38] ? __pfx_rt_mutex_slowlock+0x10/0x10 [ 638.644742][ T38] ? __lock_acquire+0xab9/0xd20 [ 638.644778][ T38] ? inet_rtm_newaddr+0x3b0/0x18b0 [ 638.644807][ T38] ? is_bpf_text_address+0x26/0x2b0 [ 638.644835][ T38] ? inet_rtm_newaddr+0x3b0/0x18b0 [ 638.644859][ T38] mutex_lock_nested+0x16a/0x1d0 [ 638.644887][ T38] inet_rtm_newaddr+0x3b0/0x18b0 [ 638.644918][ T38] ? __pfx_inet_rtm_newaddr+0x10/0x10 [ 638.644958][ T38] ? __pfx_inet_rtm_newaddr+0x10/0x10 [ 638.644978][ T38] rtnetlink_rcv_msg+0x7cf/0xb70 [ 638.645004][ T38] ? __lock_acquire+0xab9/0xd20 [ 638.645030][ T38] ? rtnetlink_rcv_msg+0x1ab/0xb70 [ 638.645054][ T38] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 638.645097][ T38] netlink_rcv_skb+0x205/0x470 [ 638.645122][ T38] ? __lock_acquire+0xab9/0xd20 [ 638.645146][ T38] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 638.645174][ T38] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 638.645211][ T38] ? netlink_deliver_tap+0x2e/0x1b0 [ 638.645245][ T38] netlink_unicast+0x843/0xa10 [ 638.645278][ T38] ? __pfx_netlink_unicast+0x10/0x10 [ 638.645304][ T38] ? netlink_sendmsg+0x642/0xb30 [ 638.645327][ T38] ? skb_put+0x11b/0x210 [ 638.645358][ T38] netlink_sendmsg+0x805/0xb30 [ 638.645394][ T38] ? __pfx_netlink_sendmsg+0x10/0x10 [ 638.645429][ T38] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 638.645448][ T38] ? __pfx_netlink_sendmsg+0x10/0x10 [ 638.645474][ T38] __sock_sendmsg+0x219/0x270 [ 638.645501][ T38] __sys_sendto+0x3c7/0x520 [ 638.645532][ T38] ? __pfx___sys_sendto+0x10/0x10 [ 638.645586][ T38] ? exc_page_fault+0x76/0xf0 [ 638.645616][ T38] ? do_user_addr_fault+0xc8a/0x1390 [ 638.645645][ T38] __x64_sys_sendto+0xde/0x100 [ 638.645676][ T38] do_syscall_64+0xfa/0x3b0 [ 638.645693][ T38] ? lockdep_hardirqs_on+0x9c/0x150 [ 638.645719][ T38] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 638.645738][ T38] ? clear_bhb_loop+0x60/0xb0 [ 638.645761][ T38] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 638.645780][ T38] RIP: 0033:0x7f9b10c70a3c [ 638.645796][ T38] RSP: 002b:00007fff4e6c3a10 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 638.645816][ T38] RAX: ffffffffffffffda RBX: 00007f9b119e4620 RCX: 00007f9b10c70a3c [ 638.645830][ T38] RDX: 0000000000000028 RSI: 00007f9b119e4670 RDI: 0000000000000003 [ 638.645843][ T38] RBP: 0000000000000000 R08: 00007fff4e6c3a64 R09: 000000000000000c [ 638.645862][ T38] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003 [ 638.645873][ T38] R13: 0000000000000000 R14: 00007f9b119e4670 R15: 0000000000000000 [ 638.645903][ T38] [ 638.645915][ T38] INFO: task syz-executor:7660 blocked for more than 143 seconds. [ 638.645929][ T38] Not tainted syzkaller #0 [ 638.645938][ T38] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 638.645947][ T38] task:syz-executor state:D stack:26952 pid:7660 tgid:7660 ppid:1 task_flags:0x400140 flags:0x00004004 [ 638.645997][ T38] Call Trace: [ 638.646002][ T38] [ 638.646013][ T38] __schedule+0x16f3/0x4c20 [ 638.646065][ T38] ? __pfx___schedule+0x10/0x10 [ 638.646110][ T38] ? _raw_spin_unlock_irq+0x23/0x50 [ 638.646139][ T38] rt_mutex_schedule+0x77/0xf0 [ 638.646157][ T38] rt_mutex_slowlock_block+0x5ba/0x6d0 [ 638.646180][ T38] ? task_blocks_on_rt_mutex+0xf12/0x1380 [ 638.646221][ T38] rt_mutex_slowlock+0x2b1/0x6e0 [ 638.646246][ T38] ? rt_mutex_slowlock+0x1c9/0x6e0 [ 638.646269][ T38] ? __pfx_rt_mutex_slowlock+0x10/0x10 [ 638.646290][ T38] ? __lock_acquire+0xab9/0xd20 [ 638.646325][ T38] ? inet_rtm_newaddr+0x3b0/0x18b0 [ 638.646353][ T38] ? is_bpf_text_address+0x26/0x2b0 [ 638.646382][ T38] ? inet_rtm_newaddr+0x3b0/0x18b0 [ 638.646400][ T38] mutex_lock_nested+0x16a/0x1d0 [ 638.646428][ T38] inet_rtm_newaddr+0x3b0/0x18b0 [ 638.646459][ T38] ? __pfx_inet_rtm_newaddr+0x10/0x10 [ 638.646498][ T38] ? __pfx_inet_rtm_newaddr+0x10/0x10 [ 638.646519][ T38] rtnetlink_rcv_msg+0x7cf/0xb70 [ 638.646543][ T38] ? __lock_acquire+0xab9/0xd20 [ 638.646569][ T38] ? rtnetlink_rcv_msg+0x1ab/0xb70 [ 638.646592][ T38] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 638.646635][ T38] netlink_rcv_skb+0x205/0x470 [ 638.646659][ T38] ? __lock_acquire+0xab9/0xd20 [ 638.646683][ T38] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 638.646710][ T38] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 638.646748][ T38] ? netlink_deliver_tap+0x2e/0x1b0 [ 638.646782][ T38] netlink_unicast+0x843/0xa10 [ 638.646815][ T38] ? __pfx_netlink_unicast+0x10/0x10 [ 638.646840][ T38] ? netlink_sendmsg+0x642/0xb30 [ 638.646869][ T38] ? skb_put+0x11b/0x210 [ 638.646899][ T38] netlink_sendmsg+0x805/0xb30 [ 638.646947][ T38] ? __pfx_netlink_sendmsg+0x10/0x10 [ 638.646982][ T38] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 638.647001][ T38] ? __pfx_netlink_sendmsg+0x10/0x10 [ 638.647027][ T38] __sock_sendmsg+0x219/0x270 [ 638.647054][ T38] __sys_sendto+0x3c7/0x520 [ 638.647084][ T38] ? __pfx___sys_sendto+0x10/0x10 [ 638.647139][ T38] ? exc_page_fault+0x76/0xf0 [ 638.647169][ T38] ? do_user_addr_fault+0xc8a/0x1390 [ 638.647197][ T38] __x64_sys_sendto+0xde/0x100 [ 638.647228][ T38] do_syscall_64+0xfa/0x3b0 [ 638.647245][ T38] ? lockdep_hardirqs_on+0x9c/0x150 [ 638.647272][ T38] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 638.647291][ T38] ? clear_bhb_loop+0x60/0xb0 [ 638.747855][ T38] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 638.747884][ T38] RIP: 0033:0x7f4413750a3c [ 638.747901][ T38] RSP: 002b:00007ffeddac6f60 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 638.747921][ T38] RAX: ffffffffffffffda RBX: 00007f44144c4620 RCX: 00007f4413750a3c [ 638.747935][ T38] RDX: 0000000000000028 RSI: 00007f44144c4670 RDI: 0000000000000003 [ 638.747948][ T38] RBP: 0000000000000000 R08: 00007ffeddac6fb4 R09: 000000000000000c [ 638.747959][ T38] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003 [ 638.747971][ T38] R13: 0000000000000000 R14: 00007f44144c4670 R15: 0000000000000000 [ 638.748001][ T38] [ 638.748035][ T38] [ 638.748035][ T38] Showing all locks held in the system: [ 638.748044][ T38] 3 locks held by kworker/u8:1/13: [ 638.748056][ T38] #0: ffff88814d094938 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 638.748107][ T38] #1: ffffc90000127bc0 ((work_completion)(&(&ifa->dad_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 638.748155][ T38] #2: ffffffff8ecd3278 (rtnl_mutex){+.+.}-{4:4}, at: addrconf_dad_work+0x119/0x15a0 [ 638.748200][ T38] 7 locks held by ktimers/0/16: [ 638.748211][ T38] 4 locks held by pr/legacy/17: [ 638.748222][ T38] 2 locks held by rcuc/0/20: [ 638.748231][ T38] #0: ffffffff8d84a7a0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 638.748278][ T38] #1: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 638.748326][ T38] 6 locks held by kworker/1:0/31: [ 638.748337][ T38] #0: ffff8881446d7138 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 638.748384][ T38] #1: ffffc90000a5fbc0 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 638.748432][ T38] #2: ffff888027b20188 (&dev->mutex){....}-{4:4}, at: hub_event+0x184/0x4a20 [ 638.748477][ T38] #3: ffff888031a44188 (&dev->mutex){....}-{4:4}, at: usb_disconnect+0xde/0x940 [ 638.748519][ T38] #4: ffff88803bd52150 (&dev->mutex){....}-{4:4}, at: device_release_driver_internal+0xb6/0x800 [ 638.748563][ T38] #5: ffffffff8d9ae570 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570 [ 638.748616][ T38] 1 lock held by khungtaskd/38: [ 638.748626][ T38] #0: ffffffff8d9a8bc0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180 [ 638.748680][ T38] 6 locks held by kworker/u8:7/1122: [ 638.748691][ T38] #0: ffff88801a6f4138 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 638.748738][ T38] #1: ffffc90004ac7bc0 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 638.748784][ T38] #2: ffffffff8ecc6380 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xf7/0x800 [ 638.748834][ T38] #3: ffff8880594770d8 (&dev->mutex){....}-{4:4}, at: devlink_pernet_pre_exit+0x10a/0x3d0 [ 638.748877][ T38] #4: ffff888059474300 (&devlink->lock_key#6){+.+.}-{4:4}, at: devlink_pernet_pre_exit+0x11c/0x3d0 [ 638.748925][ T38] #5: ffffffff8ecd3278 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_dev_lock+0x257/0x2f0 [ 638.748975][ T38] 2 locks held by kworker/u8:12/1426: [ 638.749000][ T38] 2 locks held by getty/5597: [ 638.749011][ T38] #0: ffff88823bf2c8a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 638.749063][ T38] #1: ffffc90003e8b2e0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x444/0x1410 [ 638.749110][ T38] 5 locks held by syz-executor/5824: [ 638.749121][ T38] 4 locks held by kworker/u9:2/5837: [ 638.749132][ T38] #0: ffff88803a2bf138 ((wq_completion)hci16#2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 638.749183][ T38] #1: ffffc90004d27bc0 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 638.749230][ T38] #2: ffff88807b98c0a8 (&hdev->lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x9b/0x8e0 [ 638.749277][ T38] #3: ffffffff8ee3ac38 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x516/0x8e0 [ 638.749324][ T38] 4 locks held by kworker/0:4/5848: [ 638.749334][ T38] #0: ffff888027c39538 ((wq_completion)wg-crypt-wg0#3){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 638.749386][ T38] #1: ffffc90004dd7bc0 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __ptr = (unsigned long) ((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker)))); (typeof((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker))))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 638.749447][ T38] #2: ffffffff8d84a7a0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 638.749494][ T38] #3: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 638.749544][ T38] 3 locks held by kworker/1:5/5920: [ 638.749556][ T38] 3 locks held by kworker/u8:15/6090: [ 638.749567][ T38] #0: ffff888019881138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 638.749621][ T38] #1: ffffc90005ed7bc0 ((linkwatch_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 638.749669][ T38] #2: ffffffff8ecd3278 (rtnl_mutex){+.+.}-{4:4}, at: linkwatch_event+0xe/0x60 [ 638.749715][ T38] 1 lock held by syz.4.312/7179: [ 638.749725][ T38] #0: ffffffff8d9ae570 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570 [ 638.749770][ T38] 1 lock held by syz.3.334/7239: [ 638.749780][ T38] #0: ffffffff8d9ae570 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570 [ 638.749824][ T38] 1 lock held by syz-executor/7492: [ 638.749835][ T38] #0: ffffffff8ecd3278 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x41/0x1c0 [ 638.749887][ T38] 2 locks held by syz-executor/7598: [ 638.749897][ T38] #0: ffffffff8ecc6380 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x304/0x4d0 [ 638.749946][ T38] #1: ffffffff8ecd3278 (rtnl_mutex){+.+.}-{4:4}, at: ops_undo_list+0x2a4/0x990 [ 638.749995][ T38] 1 lock held by syz.0.485/7623: [ 638.750006][ T38] #0: ffffffff8d9ae570 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570 [ 638.750050][ T38] 3 locks held by kworker/1:8/7627: [ 638.750060][ T38] #0: ffff888019898538 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 638.750108][ T38] #1: ffffc90004c17bc0 (deferred_process_work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 638.750158][ T38] #2: ffffffff8ecd3278 (rtnl_mutex){+.+.}-{4:4}, at: switchdev_deferred_process_work+0xe/0x20 [ 638.750203][ T38] 1 lock held by syz-executor/7651: [ 638.750214][ T38] #0: ffffffff8ecd3278 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x8db/0x1c70 [ 638.750263][ T38] 1 lock held by syz-executor/7656: [ 638.750274][ T38] #0: ffffffff8ecd3278 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 638.750319][ T38] 1 lock held by syz-executor/7658: [ 638.750330][ T38] #0: ffffffff8ecd3278 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 638.750374][ T38] 1 lock held by syz-executor/7660: [ 638.750384][ T38] #0: ffffffff8ecd3278 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 638.750428][ T38] 1 lock held by syz-executor/7669: [ 638.750439][ T38] #0: ffffffff8ecd3278 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 638.750483][ T38] 1 lock held by syz-executor/7672: [ 638.750494][ T38] #0: ffffffff8ecd3278 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 638.750538][ T38] 1 lock held by syz-executor/7678: [ 638.750549][ T38] #0: ffffffff8ecd3278 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 638.750599][ T38] 1 lock held by syz-executor/7680: [ 638.750609][ T38] #0: ffffffff8ecd3278 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 638.750654][ T38] 5 locks held by kworker/u9:3/7681: [ 638.750664][ T38] #0: ffff8880272ac938 ((wq_completion)hci10){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 638.750711][ T38] #1: ffffc90003e97bc0 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 638.750760][ T38] #2: ffff8880539d4e80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_cmd_sync_work+0x1d4/0x3a0 [ 638.750804][ T38] #3: ffff8880539d40a8 (&hdev->lock){+.+.}-{4:4}, at: hci_abort_conn_sync+0x242/0xe30 [ 638.750852][ T38] #4: ffffffff8ee3ac38 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_failed+0x165/0x310 [ 638.750909][ T38] 1 lock held by syz-executor/7683: [ 638.750920][ T38] #0: ffffffff8ecd3278 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 638.750964][ T38] 5 locks held by kworker/u9:4/7685: [ 638.750975][ T38] #0: ffff888036788138 ((wq_completion)hci1){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 638.751022][ T38] #1: ffffc90003c27bc0 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 638.751070][ T38] #2: ffff88807639ce80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_cmd_sync_work+0x1d4/0x3a0 [ 638.751114][ T38] #3: ffff88807639c0a8 (&hdev->lock){+.+.}-{4:4}, at: hci_abort_conn_sync+0x242/0xe30 [ 638.751164][ T38] #4: ffffffff8ee3ac38 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_failed+0x165/0x310 [ 638.751213][ T38] 1 lock held by syz-executor/7689: [ 638.751224][ T38] #0: ffffffff8ecd3278 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 638.751269][ T38] 6 locks held by kworker/u9:5/7690: [ 638.751280][ T38] #0: ffff888035151138 ((wq_completion)hci4){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 638.751327][ T38] #1: ffffc90003ed7bc0 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 638.751375][ T38] #2: ffff8880709c0e80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_cmd_sync_work+0x1d4/0x3a0 [ 638.751419][ T38] #3: ffff8880709c00a8 (&hdev->lock){+.+.}-{4:4}, at: hci_abort_conn_sync+0x242/0xe30 [ 638.751468][ T38] #4: ffffffff8ee3ac38 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_failed+0x165/0x310 [ 638.751519][ T38] #5: ffff88805787a358 (&conn->lock#2){+.+.}-{4:4}, at: l2cap_conn_del+0x70/0x680 [ 638.751575][ T38] 1 lock held by syz-executor/7697: [ 638.751591][ T38] #0: ffffffff8ecd3278 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 638.751635][ T38] 4 locks held by kworker/u9:6/7698: [ 638.751646][ T38] #0: ffff8880375be138 ((wq_completion)hci9){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 638.751693][ T38] #1: ffffc90003f27bc0 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 638.751741][ T38] #2: ffff88807cdc0e80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_cmd_sync_work+0x1d4/0x3a0 [ 638.751785][ T38] #3: ffff88807cdc00a8 (&hdev->lock){+.+.}-{4:4}, at: hci_abort_conn_sync+0x242/0xe30 [ 638.751836][ T38] 1 lock held by syz-executor/7704: [ 638.751846][ T38] #0: ffffffff8ecd3278 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 638.751890][ T38] 1 lock held by syz-executor/7706: [ 638.751901][ T38] #0: ffffffff8ecd3278 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 638.751945][ T38] 1 lock held by syz-executor/7707: [ 638.751955][ T38] #0: ffffffff8ecd3278 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 638.752000][ T38] 1 lock held by syz-executor/7711: [ 638.752010][ T38] #0: ffffffff8ecd3278 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 638.752055][ T38] 1 lock held by dhcpcd/7716: [ 638.752065][ T38] #0: ffff88803d5a4cb8 (&sb->s_type->i_mutex_key#10){+.+.}-{4:4}, at: sock_close+0x9b/0x240 [ 638.752116][ T38] 1 lock held by dhcpcd/7717: [ 638.752127][ T38] #0: ffff88803d5a0938 (&sb->s_type->i_mutex_key#10){+.+.}-{4:4}, at: sock_close+0x9b/0x240 [ 638.752177][ T38] 1 lock held by syz-executor/7719: [ 638.752187][ T38] #0: ffffffff8ecd3278 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 638.752232][ T38] 1 lock held by dhcpcd/7721: [ 638.752242][ T38] #0: ffff88803d5bda38 (&sb->s_type->i_mutex_key#10){+.+.}-{4:4}, at: sock_close+0x9b/0x240 [ 638.752293][ T38] [ 638.752298][ T38] ============================================= [ 638.752298][ T38] [ 638.752313][ T38] NMI backtrace for cpu 1 [ 638.752333][ T38] CPU: 1 UID: 0 PID: 38 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 638.752355][ T38] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 638.752365][ T38] Call Trace: [ 638.752373][ T38] [ 638.752381][ T38] dump_stack_lvl+0x189/0x250 [ 638.752410][ T38] ? __pfx_dump_stack_lvl+0x10/0x10 [ 638.752436][ T38] ? __pfx__printk+0x10/0x10 [ 638.752469][ T38] nmi_cpu_backtrace+0x39e/0x3d0 [ 638.752501][ T38] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 638.752527][ T38] ? __pfx__printk+0x10/0x10 [ 638.752551][ T38] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 638.752576][ T38] nmi_trigger_cpumask_backtrace+0x17a/0x300 [ 638.752608][ T38] watchdog+0xf93/0xfe0 [ 638.752637][ T38] ? watchdog+0x1de/0xfe0 [ 638.752665][ T38] kthread+0x70e/0x8a0 [ 638.752693][ T38] ? __pfx_watchdog+0x10/0x10 [ 638.752715][ T38] ? __pfx_kthread+0x10/0x10 [ 638.752746][ T38] ? __pfx_kthread+0x10/0x10 [ 638.752774][ T38] ret_from_fork+0x3f9/0x770 [ 638.752800][ T38] ? __pfx_ret_from_fork+0x10/0x10 [ 638.752829][ T38] ? __switch_to_asm+0x39/0x70 [ 638.752845][ T38] ? __switch_to_asm+0x33/0x70 [ 638.752861][ T38] ? __pfx_kthread+0x10/0x10 [ 638.752888][ T38] ret_from_fork_asm+0x1a/0x30 [ 638.752920][ T38] [ 638.752927][ T38] Sending NMI from CPU 1 to CPUs 0: [ 638.752950][ C0] NMI backtrace for cpu 0 [ 638.752964][ C0] CPU: 0 UID: 0 PID: 16 Comm: ktimers/0 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 638.752982][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 638.752991][ C0] RIP: 0010:__lock_acquire+0x332/0xd20 [ 638.753014][ C0] Code: e5 15 09 d5 09 cd 44 09 f5 41 89 6c c7 20 45 89 44 c7 24 4c 89 7c 24 10 4d 8d 34 c7 81 e5 ff 1f 00 00 48 0f a3 2d be c9 61 11 <73> 10 48 69 c5 c8 00 00 00 48 8d 80 f0 c2 9e 92 eb 40 83 3d 65 59 [ 638.753026][ C0] RSP: 0018:ffffc90000157610 EFLAGS: 00000003 [ 638.753040][ C0] RAX: 000000000000001e RBX: ffff8880b883c6c0 RCX: 000000000000092c [ 638.753051][ C0] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff88801ae85940 [ 638.753062][ C0] RBP: 000000000000092c R08: 0000000000000000 R09: ffffffff88e3038f [ 638.753073][ C0] R10: dffffc0000000000 R11: fffffbfff1e3ab87 R12: 0000000000000000 [ 638.753083][ C0] R13: 0000000000000000 R14: ffff88801ae86550 R15: ffff88801ae86460 [ 638.753095][ C0] FS: 0000000000000000(0000) GS:ffff8881268bf000(0000) knlGS:0000000000000000 [ 638.753109][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 638.753121][ C0] CR2: 00007f527f445000 CR3: 0000000033292000 CR4: 00000000003526f0 [ 638.753135][ C0] Call Trace: [ 638.753141][ C0] [ 638.753151][ C0] ? process_backlog+0x58f/0x900 [ 638.753171][ C0] lock_acquire+0x120/0x360 [ 638.753188][ C0] ? process_backlog+0x58f/0x900 [ 638.753213][ C0] rt_spin_lock+0x88/0x2c0 [ 638.753230][ C0] ? process_backlog+0x58f/0x900 [ 638.753249][ C0] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 638.753267][ C0] ? __pfx_rt_spin_lock+0x10/0x10 [ 638.753286][ C0] ? rt_spin_unlock+0x65/0x80 [ 638.753305][ C0] process_backlog+0x58f/0x900 [ 638.753329][ C0] __napi_poll+0xb3/0x540 [ 638.753349][ C0] net_rx_action+0x707/0xe00 [ 638.753368][ C0] ? _raw_spin_unlock_irq+0x23/0x50 [ 638.753395][ C0] ? __pfx_net_rx_action+0x10/0x10 [ 638.753428][ C0] handle_softirqs+0x22f/0x710 [ 638.753450][ C0] ? __pfx_handle_softirqs+0x10/0x10 [ 638.753473][ C0] run_ktimerd+0xcf/0x190 [ 638.753492][ C0] ? __pfx_run_ktimerd+0x10/0x10 [ 638.753511][ C0] ? schedule+0x91/0x360 [ 638.753533][ C0] ? smpboot_thread_fn+0x4d/0xa60 [ 638.753552][ C0] smpboot_thread_fn+0x53f/0xa60 [ 638.753570][ C0] ? smpboot_thread_fn+0x4d/0xa60 [ 638.753592][ C0] kthread+0x70e/0x8a0 [ 638.753613][ C0] ? __pfx_smpboot_thread_fn+0x10/0x10 [ 638.753631][ C0] ? __pfx_kthread+0x10/0x10 [ 638.753654][ C0] ? __pfx_kthread+0x10/0x10 [ 638.753674][ C0] ret_from_fork+0x3f9/0x770 [ 638.753694][ C0] ? __pfx_ret_from_fork+0x10/0x10 [ 638.753715][ C0] ? __switch_to_asm+0x39/0x70 [ 638.753729][ C0] ? __switch_to_asm+0x33/0x70 [ 638.753743][ C0] ? __pfx_kthread+0x10/0x10 [ 638.753764][ C0] ret_from_fork_asm+0x1a/0x30 [ 638.753784][ C0] [ 638.753951][ T38] Kernel panic - not syncing: hung_task: blocked tasks [ 638.753965][ T38] CPU: 1 UID: 0 PID: 38 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 638.753986][ T38] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 638.753997][ T38] Call Trace: [ 638.754004][ T38] [ 638.754012][ T38] dump_stack_lvl+0x99/0x250 [ 638.754038][ T38] ? __asan_memcpy+0x40/0x70 [ 638.754059][ T38] ? __pfx_dump_stack_lvl+0x10/0x10 [ 638.754084][ T38] ? __pfx__printk+0x10/0x10 [ 638.754117][ T38] vpanic+0x281/0x750 [ 638.754146][ T38] ? __pfx_vpanic+0x10/0x10 [ 638.754169][ T38] ? __x2apic_send_IPI_mask+0x1e4/0x260 [ 638.754189][ T38] ? lockdep_hardirqs_on+0x9c/0x150 [ 638.754225][ T38] panic+0xb9/0xc0 [ 638.754249][ T38] ? __pfx_panic+0x10/0x10 [ 638.754277][ T38] ? irq_work_queue+0xc3/0x140 [ 638.754304][ T38] ? nmi_trigger_cpumask_backtrace+0x234/0x300 [ 638.754331][ T38] watchdog+0xfd2/0xfe0 [ 638.754358][ T38] ? watchdog+0x1de/0xfe0 [ 638.754387][ T38] kthread+0x70e/0x8a0 [ 638.754416][ T38] ? __pfx_watchdog+0x10/0x10 [ 638.754438][ T38] ? __pfx_kthread+0x10/0x10 [ 638.754469][ T38] ? __pfx_kthread+0x10/0x10 [ 638.754496][ T38] ret_from_fork+0x3f9/0x770 [ 638.754522][ T38] ? __pfx_ret_from_fork+0x10/0x10 [ 638.754552][ T38] ? __switch_to_asm+0x39/0x70 [ 638.754568][ T38] ? __switch_to_asm+0x33/0x70 [ 638.754599][ T38] ? __pfx_kthread+0x10/0x10 [ 638.754627][ T38] ret_from_fork_asm+0x1a/0x30 [ 638.754660][ T38] [ 638.754893][ T38] Kernel Offset: disabled