last executing test programs: 2m40.219191249s ago: executing program 0 (id=225): r0 = socket(0x840000000002, 0x3, 0xfa) connect$inet(r0, &(0x7f0000000140)={0x2, 0x4000, @remote}, 0x10) sendmmsg$inet(r0, &(0x7f0000005240), 0x4000095, 0x0) setsockopt$inet_int(r0, 0x0, 0xa, 0x0, 0x0) 2m39.141750848s ago: executing program 0 (id=235): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x3, 0x5, &(0x7f0000006680)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x4a10c000) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) readahead(0xffffffffffffffff, 0xe, 0x8) 2m37.189264887s ago: executing program 0 (id=253): r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f0000000400)={0xc, 0x0, 0x0}) ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f0000000140)={0x28, 0x6, r1, 0x0, &(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x800}) ioctl$IOMMU_IOAS_COPY(r0, 0x3b83, &(0x7f0000000040)={0x28, 0x3, 0x0, r1, 0x3, 0xfffffffffefffff8, 0x3fff}) 2m36.949280358s ago: executing program 0 (id=257): mkdirat(0xffffffffffffff9c, &(0x7f0000002000)='./file0\x00', 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f00000002c0)=0x20) renameat2(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000080)='./bus\x00', 0x0) 2m36.702314945s ago: executing program 0 (id=260): r0 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x40042, 0x1) r1 = socket(0xa, 0x3, 0x87) sendto(r1, &(0x7f00000003c0)="e1118ce4769b", 0xfdef, 0x800, &(0x7f0000000600)=@l2tp6={0xa, 0x0, 0x7, @local, 0x5}, 0x80) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x84, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) 2m35.540023052s ago: executing program 0 (id=273): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) setxattr$system_posix_acl(&(0x7f0000002a00)='.\x00', &(0x7f0000002a40)='system.posix_acl_default\x00', &(0x7f00000001c0)=ANY=[@ANYBLOB="0200000001000000000000000400000000000000100000000000000020"], 0x24, 0x0) 2m34.839329255s ago: executing program 32 (id=273): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) setxattr$system_posix_acl(&(0x7f0000002a00)='.\x00', &(0x7f0000002a40)='system.posix_acl_default\x00', &(0x7f00000001c0)=ANY=[@ANYBLOB="0200000001000000000000000400000000000000100000000000000020"], 0x24, 0x0) 1m56.941461278s ago: executing program 2 (id=496): r0 = socket$inet(0x2, 0x1, 0x100) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r0, &(0x7f0000000200)="09268a", 0x3, 0x90, 0x0, 0x0) 1m56.488770484s ago: executing program 2 (id=504): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000640)={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmsg$kcm(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000080)="5b76d0f26d907ad0d97a8b8f6bbbdf3a199b42bdce51", 0x20}, {&(0x7f0000000100)="bdb3305248e60a68a8da42f4bd2aebdb325e786acb814019848d88e247633feac590634d554089c47c49f136d5264d3f2a0a6047", 0x34}], 0x2}, 0x800) 1m56.186228488s ago: executing program 2 (id=507): r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) r1 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$DMA_HEAP_IOCTL_ALLOC(r1, 0xc0184800, &(0x7f0000000040)={0x4, r0, 0x1}) ioctl$sock_inet_udp_SIOCINQ(r2, 0x541b, 0x0) 1m55.888892858s ago: executing program 2 (id=511): mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) mount$nfs4(&(0x7f0000000040)='/', &(0x7f0000000080)='./file0\x00', 0x0, 0x197841, 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r0, &(0x7f0000000380)='./file0\x00', r0, 0x0, 0x40) 1m55.517359434s ago: executing program 2 (id=516): r0 = socket$inet_sctp(0x2, 0x5, 0x84) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10) sendto$inet(r0, &(0x7f0000000300)="ab", 0x1, 0x0, &(0x7f0000000380)={0x2, 0x4e22, @local}, 0x10) sendmsg$inet_sctp(r0, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)=[@sndinfo={0x20, 0x84, 0x2, {0x4, 0x241, 0x0, 0x9}}], 0x20, 0x4048800}, 0x10) 1m54.26821534s ago: executing program 2 (id=525): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000080000000d"], 0x48) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000001400)={0x11, 0x15, &(0x7f0000000180)=@framed={{0x18, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x10000}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x7}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0xa9f8d52061b502e5}}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x1000009}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x20, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000140)='tlb_flush\x00', r2}, 0x18) 1m53.77363692s ago: executing program 33 (id=525): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000080000000d"], 0x48) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000001400)={0x11, 0x15, &(0x7f0000000180)=@framed={{0x18, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x10000}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x7}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0xa9f8d52061b502e5}}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x1000009}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x20, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000140)='tlb_flush\x00', r2}, 0x18) 1m26.765566288s ago: executing program 5 (id=692): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'bridge0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="2800000070000100000000000000000007000000", @ANYRES32=r2, @ANYBLOB="10000180040004"], 0x28}}, 0x0) 1m26.250764681s ago: executing program 4 (id=695): socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x12, 0x2, 0x4, 0x1}, 0x50) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{r1}, &(0x7f0000000040), &(0x7f0000000140)=r0}, 0x20) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000240)={r1, &(0x7f00000002c0), 0x0}, 0x20) 1m25.655337032s ago: executing program 5 (id=697): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000100)={0x1, &(0x7f0000000180)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) r0 = getpgid(0x0) r1 = syz_pidfd_open(r0, 0x0) pidfd_send_signal(r1, 0x21, 0x0, 0x4) 1m25.654039017s ago: executing program 1 (id=698): mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x1, 0x5d032, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x80001) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000400)={0xaa, 0x550}) ioctl$UFFDIO_COPY(r0, 0xc028aa05, &(0x7f00000000c0)={&(0x7f0000ff9000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x2000, 0x2}) 1m25.65312468s ago: executing program 3 (id=699): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000002c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000c00)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000080)={0x3c, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_FRAME={0x1f, 0x33, @action={{{}, {}, @device_b}, @vht_op_mode_ntf={0x15, 0x2, {0x1, 0x0, 0x0, 0x0, 0x1}}}}]}, 0x3c}}, 0x0) 1m25.652815587s ago: executing program 4 (id=700): bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xd, &(0x7f00000002c0)=ANY=[@ANYBLOB="18"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = openat$vicodec0(0xffffffffffffff9c, &(0x7f00000004c0), 0x2, 0x0) ioctl$VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f0000000040)={0x201, 0xa, 0x4, 0x0, 0x9}) ioctl$VIDIOC_REQBUFS(r0, 0xc0585609, &(0x7f0000000280)={0x0, 0xa, 0x0, 0x0, 0x80}) 1m25.126303477s ago: executing program 5 (id=701): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'bond0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x403, 0x4, 0x0, {0x0, 0x0, 0x300, 0x0, 0x30141}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @ipvlan={{0xb}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r2}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x44}, 0x1, 0xba01}, 0x810) 1m25.125750191s ago: executing program 4 (id=702): mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_ro(r0, &(0x7f0000000180)='cpuacct.stat\x00', 0x0, 0x0) read$FUSE(r1, &(0x7f0000005fc0)={0x2020}, 0x2020) 1m25.123911425s ago: executing program 1 (id=703): r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r0, &(0x7f00000000c0), 0x10) sendmsg$can_bcm(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000580)=ANY=[@ANYBLOB="05"], 0x48}}, 0x0) sendmsg$can_bcm(r0, &(0x7f0000000340)={0x0, 0x34, &(0x7f0000000000)={&(0x7f0000000040)={0x5, 0x609f, 0x80, {0x0, 0x2710}, {0x0, 0x2710}, {}, 0x1, @can={{0x3, 0x1}, 0x1, 0x3, 0x0, 0x0, "6ee7ba2197db18bc"}}, 0x48}, 0x1, 0x0, 0x0, 0x4}, 0x8801) 1m25.115743606s ago: executing program 3 (id=704): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="160000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000100)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000500)={r1}, 0xc) 1m24.563424445s ago: executing program 3 (id=705): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000003c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_MCAST_RATE(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000700)={0x24, r1, 0x1, 0x70bd2a, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_MCAST_RATE={0x8, 0x6b, 0x78}]}, 0x24}, 0x1, 0x0, 0x0, 0x44001}, 0xc800) 1m24.512685635s ago: executing program 4 (id=706): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="640000000001010400000000141a000002000000240001801400018008000100e000000108000200e00000010c00028005000100000000002400028014000180080001000000000008000200ac1e00010c00028005000100000000000800074000000001"], 0x64}}, 0x10) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)={0x44, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_HELP={0xc, 0x5, 0x0, 0x1, {0x5, 0x1, '\x00'}}]}, 0x44}}, 0x0) 1m24.293029893s ago: executing program 1 (id=707): syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="040ed5000410"], 0x11) setfsgid(0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0) 1m23.899017484s ago: executing program 4 (id=708): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000940)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30"], 0x7c}}, 0x0) 1m23.441003125s ago: executing program 3 (id=709): timer_create(0xfffffffd, 0x0, &(0x7f00000011c0)) timer_settime(0x0, 0x1, &(0x7f0000000100)={{0x0, 0x989680}}, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000100)={{0x77359400}, {0x77359400}}, 0x0) timer_delete(0x0) 1m23.284873139s ago: executing program 5 (id=710): r0 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000040)={0xfdfdffff, 0xfffffff7, 0x1, 0x4, 0x0, "518aba4d000000000000000000000000002000"}) r1 = dup(r0) write$UHID_INPUT(r1, &(0x7f0000001040)={0xfc, {"a2336848149e516d4b5e071887f70e09d038e7ff7fc6e5539b0d500a8b089b3f383563030890e0879b0a71c6e70a9b334a959b669a242f0a0af3988f7ef319520100ffe8d178708c523c921b1b3e31070d0773090acd3b78130daa41d8e8040000005802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828eea399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb8843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afa2d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02daee67918e5d6787463183b4b87c9050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000000f96f0e817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0x1000}}, 0x1006) 1m23.274030289s ago: executing program 1 (id=711): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000940), r0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000980)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r0, &(0x7f0000000a80)={0x0, 0x0, &(0x7f0000000a40)={&(0x7f00000009c0)={0x2c, r1, 0x1, 0x70bd2d, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r2}, @void}}, [@chandef_params=[@NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8}, @NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x1702}]]}, 0x2c}, 0x1, 0x0, 0x0, 0x40000}, 0x800) 1m23.273072409s ago: executing program 4 (id=712): syz_open_dev$vim2m(&(0x7f0000000080), 0x1, 0x2) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') r1 = socket$caif_seqpacket(0x25, 0x5, 0x3) mount$9p_fd(0x0, &(0x7f0000000300)='.\x00', &(0x7f0000000080), 0x0, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) 1m22.9558765s ago: executing program 3 (id=713): mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_ro(r0, &(0x7f0000000380)='devices.list\x00', 0x0, 0x0) preadv(r1, &(0x7f00000000c0)=[{&(0x7f0000000240)=""/134, 0x86}], 0x1, 0x5, 0x0) 1m22.681111752s ago: executing program 1 (id=714): r0 = socket$inet(0x2, 0x1, 0x0) setsockopt$inet_opts(r0, 0x0, 0x4, 0x0, 0x0) setsockopt$inet_int(r0, 0x0, 0x2, &(0x7f00000000c0)=0x8, 0x4) connect$inet(r0, &(0x7f0000000080)={0x2, 0x4e24, @local}, 0x10) 1m22.379042514s ago: executing program 5 (id=715): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0x20, &(0x7f0000000000)={@in6={{0xa, 0x4e22, 0x9, @local, 0x7}}, 0x0, 0x0, 0x3a, 0x0, "a30b3b28af4d2f246a016542daa845f387713f4048ff2ece1e75f1fc0100f41e4de6256109383664417165bba0dd5ace522fa788000000000033035551502f07b4001a00"}, 0xd8) setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000340)={@in6={{0xa, 0x4e21, 0x10, @private0={0xfc, 0x0, '\x00', 0x1}, 0x400}}, 0x0, 0x0, 0x14, 0x0, "947116a1a606754bab1c03000000000000005f00f81bef9655071f0d1aadd97b9642d9a0cd9ea71a5e9aec7f0354b089928ab125736e000000002100000000b16dbd740000000000000000000000f600"}, 0xd8) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x4e21, 0x0, @empty, 0x20000023}, 0x1c) 1m22.308165606s ago: executing program 3 (id=716): r0 = socket(0x10, 0x803, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f00000002c0)={'veth0_to_team\x00', &(0x7f0000000000)=@ethtool_channels={0x3d, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2}}) r1 = socket(0x10, 0x803, 0x0) ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f0000000140)={'veth0_to_team\x00', &(0x7f0000000280)=@ethtool_channels={0x3d, 0x100, 0x0, 0x0, 0x4, 0x2, 0x1}}) 1m6.835103092s ago: executing program 5 (id=717): r0 = socket$inet6_sctp(0xa, 0x801, 0x84) sendmmsg$inet6(r0, &(0x7f0000002680)=[{{&(0x7f0000000000)={0xa, 0x0, 0x0, @private1={0xfc, 0x1, '\x00', 0x1}}, 0x1c, &(0x7f0000000300)=[{&(0x7f0000000340)="18", 0x1}], 0x1}}, {{&(0x7f0000000140)={0xa, 0x4e20, 0x0, @private0, 0x80000005}, 0x1c, &(0x7f0000000800)=[{&(0x7f0000000180)="ed", 0x1}], 0x1}}], 0x2, 0x0) shutdown(r0, 0x1) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000bc0)={0x0, 0xd}, &(0x7f0000000c00)=0x8) 1m0.729857009s ago: executing program 1 (id=718): socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{0x0}, {&(0x7f0000000580)="d4fa0c511aad03aa5ed217677bc41c027d9c830c439c7f821ddd78b6915cb170e7603acf9e433c2903bb6773f4b0130668a1e5b5e08d21d0b69c28ca3455aed65855c86f3d1e5789d26375a0d85eaf5e92e19c9affcf76e7a94e76556d2b104ebf645747fadc91460f4b3c94e1a89b51be4a6aa4c65285f988329a8163b69c51b801500a5bacd0463976e2960e2679ef2feee5e6ce6bb78a51fb0e15820d13e4a5aa9e0742a6f8d677ad28fea356657bb550c8311b682d9003c82267a15aa7334bc53b65b9119a1a7d905c7dd365b85c230bbad0d5d0a79819e112637819d9a187cfdf782c6127d2d4281926ab0e22f7346b616fe28ed0b9f4a0c9fdac6d3a90a9c38b5e31448a45546388c95045bc22fe88c43b82a0a5d3eb61c238a5159ea98db9c00aeef644ae98a8cb8dffff3b7ba14d7971910b559623af8295", 0x13c}], 0x2, 0x0, 0x48}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x4, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x41100, 0x13, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x94) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8b18, &(0x7f0000000000)={'wlan0\x00'}) 48.396669321s ago: executing program 34 (id=716): r0 = socket(0x10, 0x803, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f00000002c0)={'veth0_to_team\x00', &(0x7f0000000000)=@ethtool_channels={0x3d, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2}}) r1 = socket(0x10, 0x803, 0x0) ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f0000000140)={'veth0_to_team\x00', &(0x7f0000000280)=@ethtool_channels={0x3d, 0x100, 0x0, 0x0, 0x4, 0x2, 0x1}}) 41.654900657s ago: executing program 35 (id=712): syz_open_dev$vim2m(&(0x7f0000000080), 0x1, 0x2) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') r1 = socket$caif_seqpacket(0x25, 0x5, 0x3) mount$9p_fd(0x0, &(0x7f0000000300)='.\x00', &(0x7f0000000080), 0x0, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) 7.691898487s ago: executing program 36 (id=717): r0 = socket$inet6_sctp(0xa, 0x801, 0x84) sendmmsg$inet6(r0, &(0x7f0000002680)=[{{&(0x7f0000000000)={0xa, 0x0, 0x0, @private1={0xfc, 0x1, '\x00', 0x1}}, 0x1c, &(0x7f0000000300)=[{&(0x7f0000000340)="18", 0x1}], 0x1}}, {{&(0x7f0000000140)={0xa, 0x4e20, 0x0, @private0, 0x80000005}, 0x1c, &(0x7f0000000800)=[{&(0x7f0000000180)="ed", 0x1}], 0x1}}], 0x2, 0x0) shutdown(r0, 0x1) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000bc0)={0x0, 0xd}, &(0x7f0000000c00)=0x8) 0s ago: executing program 37 (id=718): socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{0x0}, {&(0x7f0000000580)="d4fa0c511aad03aa5ed217677bc41c027d9c830c439c7f821ddd78b6915cb170e7603acf9e433c2903bb6773f4b0130668a1e5b5e08d21d0b69c28ca3455aed65855c86f3d1e5789d26375a0d85eaf5e92e19c9affcf76e7a94e76556d2b104ebf645747fadc91460f4b3c94e1a89b51be4a6aa4c65285f988329a8163b69c51b801500a5bacd0463976e2960e2679ef2feee5e6ce6bb78a51fb0e15820d13e4a5aa9e0742a6f8d677ad28fea356657bb550c8311b682d9003c82267a15aa7334bc53b65b9119a1a7d905c7dd365b85c230bbad0d5d0a79819e112637819d9a187cfdf782c6127d2d4281926ab0e22f7346b616fe28ed0b9f4a0c9fdac6d3a90a9c38b5e31448a45546388c95045bc22fe88c43b82a0a5d3eb61c238a5159ea98db9c00aeef644ae98a8cb8dffff3b7ba14d7971910b559623af8295", 0x13c}], 0x2, 0x0, 0x48}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x4, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x41100, 0x13, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x94) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8b18, &(0x7f0000000000)={'wlan0\x00'}) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.252' (ED25519) to the list of known hosts. [ 90.578919][ T5803] cgroup: Unknown subsys name 'net' [ 90.840890][ T5803] cgroup: Unknown subsys name 'cpuset' [ 90.915675][ T5803] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 92.149338][ T989] cfg80211: failed to load regulatory.db [ 92.993599][ T5803] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 96.908955][ T5817] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 96.913149][ T5817] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 96.914006][ T5817] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 96.935433][ T5817] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 96.946679][ T5817] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 97.171526][ T5817] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 97.182446][ T5817] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 97.192319][ T5817] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 97.202931][ T5817] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 97.214593][ T5817] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 97.260931][ T59] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 97.264047][ T59] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 97.346458][ T59] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 97.347633][ T59] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 97.348331][ T59] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 97.349933][ T5832] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 97.369951][ T5825] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 97.371503][ T5825] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 97.375733][ T5825] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 97.376668][ T5825] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 97.414338][ T5134] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 97.424657][ T5134] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 97.440597][ T5825] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 97.447519][ T5831] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 97.448636][ T5831] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 98.078533][ T5815] chnl_net:caif_netlink_parms(): no params data found [ 98.686912][ T5819] chnl_net:caif_netlink_parms(): no params data found [ 98.785935][ T5828] chnl_net:caif_netlink_parms(): no params data found [ 98.813916][ T5815] bridge0: port 1(bridge_slave_0) entered blocking state [ 98.815394][ T5815] bridge0: port 1(bridge_slave_0) entered disabled state [ 98.816152][ T5815] bridge_slave_0: entered allmulticast mode [ 98.819692][ T5815] bridge_slave_0: entered promiscuous mode [ 98.852173][ T5820] chnl_net:caif_netlink_parms(): no params data found [ 98.895465][ T5815] bridge0: port 2(bridge_slave_1) entered blocking state [ 98.895591][ T5815] bridge0: port 2(bridge_slave_1) entered disabled state [ 98.895806][ T5815] bridge_slave_1: entered allmulticast mode [ 98.898822][ T5815] bridge_slave_1: entered promiscuous mode [ 99.026932][ T5831] Bluetooth: hci0: command tx timeout [ 99.265022][ T5831] Bluetooth: hci1: command tx timeout [ 99.432574][ T5815] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 99.456207][ T5821] chnl_net:caif_netlink_parms(): no params data found [ 99.494154][ T5815] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 99.506082][ T5831] Bluetooth: hci4: command tx timeout [ 99.506094][ T5827] Bluetooth: hci2: command tx timeout [ 99.506271][ T5817] Bluetooth: hci3: command tx timeout [ 100.256736][ T5819] bridge0: port 1(bridge_slave_0) entered blocking state [ 100.256884][ T5819] bridge0: port 1(bridge_slave_0) entered disabled state [ 100.257087][ T5819] bridge_slave_0: entered allmulticast mode [ 100.259925][ T5819] bridge_slave_0: entered promiscuous mode [ 100.272214][ T5815] team0: Port device team_slave_0 added [ 100.273022][ T5828] bridge0: port 1(bridge_slave_0) entered blocking state [ 100.274651][ T5828] bridge0: port 1(bridge_slave_0) entered disabled state [ 100.278108][ T5828] bridge_slave_0: entered allmulticast mode [ 100.281281][ T5828] bridge_slave_0: entered promiscuous mode [ 100.447991][ T5819] bridge0: port 2(bridge_slave_1) entered blocking state [ 100.448108][ T5819] bridge0: port 2(bridge_slave_1) entered disabled state [ 100.448278][ T5819] bridge_slave_1: entered allmulticast mode [ 100.450226][ T5819] bridge_slave_1: entered promiscuous mode [ 100.452714][ T5815] team0: Port device team_slave_1 added [ 100.453243][ T5828] bridge0: port 2(bridge_slave_1) entered blocking state [ 100.453354][ T5828] bridge0: port 2(bridge_slave_1) entered disabled state [ 100.453488][ T5828] bridge_slave_1: entered allmulticast mode [ 100.468469][ T5828] bridge_slave_1: entered promiscuous mode [ 100.501033][ T5820] bridge0: port 1(bridge_slave_0) entered blocking state [ 100.501191][ T5820] bridge0: port 1(bridge_slave_0) entered disabled state [ 100.501466][ T5820] bridge_slave_0: entered allmulticast mode [ 100.504667][ T5820] bridge_slave_0: entered promiscuous mode [ 100.763530][ T5820] bridge0: port 2(bridge_slave_1) entered blocking state [ 100.763643][ T5820] bridge0: port 2(bridge_slave_1) entered disabled state [ 100.763816][ T5820] bridge_slave_1: entered allmulticast mode [ 100.768345][ T5820] bridge_slave_1: entered promiscuous mode [ 101.105017][ T5817] Bluetooth: hci0: command tx timeout [ 101.172468][ T5819] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 101.173764][ T5815] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 101.173780][ T5815] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 101.173800][ T5815] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 101.211618][ T5828] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 101.345039][ T5817] Bluetooth: hci1: command tx timeout [ 101.377335][ T5819] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 101.378110][ T5815] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 101.378123][ T5815] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 101.378143][ T5815] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 101.381554][ T5828] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 101.381887][ T5821] bridge0: port 1(bridge_slave_0) entered blocking state [ 101.382049][ T5821] bridge0: port 1(bridge_slave_0) entered disabled state [ 101.382185][ T5821] bridge_slave_0: entered allmulticast mode [ 101.384072][ T5821] bridge_slave_0: entered promiscuous mode [ 101.561629][ T5820] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 101.584987][ T5817] Bluetooth: hci3: command tx timeout [ 101.585021][ T5817] Bluetooth: hci2: command tx timeout [ 101.585101][ T5817] Bluetooth: hci4: command tx timeout [ 101.746081][ T5821] bridge0: port 2(bridge_slave_1) entered blocking state [ 101.746195][ T5821] bridge0: port 2(bridge_slave_1) entered disabled state [ 101.746345][ T5821] bridge_slave_1: entered allmulticast mode [ 101.748355][ T5821] bridge_slave_1: entered promiscuous mode [ 101.754530][ T5820] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 102.127968][ T5819] team0: Port device team_slave_0 added [ 102.132206][ T5828] team0: Port device team_slave_0 added [ 102.279811][ T5819] team0: Port device team_slave_1 added [ 102.358989][ T5828] team0: Port device team_slave_1 added [ 102.369741][ T5821] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 102.374608][ T5820] team0: Port device team_slave_0 added [ 102.594395][ T5820] team0: Port device team_slave_1 added [ 102.599601][ T5821] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 102.867899][ T5815] hsr_slave_0: entered promiscuous mode [ 102.870295][ T5815] hsr_slave_1: entered promiscuous mode [ 103.097041][ T5819] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 103.097056][ T5819] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 103.097076][ T5819] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 103.100695][ T5828] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 103.100714][ T5828] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 103.100741][ T5828] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 103.196104][ T5831] Bluetooth: hci0: command tx timeout [ 103.276803][ T5819] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 103.276822][ T5819] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 103.276852][ T5819] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 103.279056][ T5828] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 103.279072][ T5828] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 103.279093][ T5828] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 103.280209][ T5820] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 103.280225][ T5820] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 103.280245][ T5820] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 103.282919][ T5821] team0: Port device team_slave_0 added [ 103.425280][ T5831] Bluetooth: hci1: command tx timeout [ 103.431672][ T5820] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 103.431688][ T5820] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 103.431709][ T5820] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 103.434315][ T5821] team0: Port device team_slave_1 added [ 103.665121][ T5827] Bluetooth: hci3: command tx timeout [ 103.665229][ T5817] Bluetooth: hci2: command tx timeout [ 103.665307][ T5831] Bluetooth: hci4: command tx timeout [ 103.869277][ T5821] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 103.869292][ T5821] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 103.869312][ T5821] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 104.178831][ T5821] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 104.178849][ T5821] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 104.178881][ T5821] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 104.188640][ T5819] hsr_slave_0: entered promiscuous mode [ 104.190155][ T5819] hsr_slave_1: entered promiscuous mode [ 104.191480][ T5819] debugfs: 'hsr0' already exists in 'hsr' [ 104.191632][ T5819] Cannot create hsr debugfs directory [ 104.233763][ T5828] hsr_slave_0: entered promiscuous mode [ 104.246086][ T5828] hsr_slave_1: entered promiscuous mode [ 104.247249][ T5828] debugfs: 'hsr0' already exists in 'hsr' [ 104.247280][ T5828] Cannot create hsr debugfs directory [ 104.379257][ T5820] hsr_slave_0: entered promiscuous mode [ 104.380666][ T5820] hsr_slave_1: entered promiscuous mode [ 104.381668][ T5820] debugfs: 'hsr0' already exists in 'hsr' [ 104.381694][ T5820] Cannot create hsr debugfs directory [ 105.168300][ T5821] hsr_slave_0: entered promiscuous mode [ 105.171075][ T5821] hsr_slave_1: entered promiscuous mode [ 105.171810][ T5821] debugfs: 'hsr0' already exists in 'hsr' [ 105.171835][ T5821] Cannot create hsr debugfs directory [ 105.265104][ T5831] Bluetooth: hci0: command tx timeout [ 105.505078][ T5831] Bluetooth: hci1: command tx timeout [ 105.745089][ T5831] Bluetooth: hci4: command tx timeout [ 105.745128][ T5831] Bluetooth: hci2: command tx timeout [ 105.745152][ T5831] Bluetooth: hci3: command tx timeout [ 106.251670][ T5815] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 106.299443][ T5815] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 106.352495][ T5815] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 106.399548][ T5815] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 106.523630][ T5828] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 106.581515][ T5828] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 106.616716][ T5828] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 106.678994][ T5828] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 106.874487][ T5819] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 106.911943][ T5819] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 106.975222][ T5819] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 107.034373][ T5819] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 107.186805][ T5820] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 107.248185][ T5820] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 107.301901][ T5820] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 107.368104][ T5820] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 107.547252][ T5821] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 107.619457][ T5815] 8021q: adding VLAN 0 to HW filter on device bond0 [ 107.619852][ T5821] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 107.679121][ T5821] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 107.720315][ T5821] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 107.874473][ T5815] 8021q: adding VLAN 0 to HW filter on device team0 [ 107.920267][ T5828] 8021q: adding VLAN 0 to HW filter on device bond0 [ 107.939868][ T1421] bridge0: port 1(bridge_slave_0) entered blocking state [ 107.940067][ T1421] bridge0: port 1(bridge_slave_0) entered forwarding state [ 108.010569][ T1421] bridge0: port 2(bridge_slave_1) entered blocking state [ 108.011009][ T1421] bridge0: port 2(bridge_slave_1) entered forwarding state [ 108.080735][ T5828] 8021q: adding VLAN 0 to HW filter on device team0 [ 108.140588][ T1421] bridge0: port 1(bridge_slave_0) entered blocking state [ 108.140816][ T1421] bridge0: port 1(bridge_slave_0) entered forwarding state [ 108.189685][ T5819] 8021q: adding VLAN 0 to HW filter on device bond0 [ 108.214545][ T3987] bridge0: port 2(bridge_slave_1) entered blocking state [ 108.214709][ T3987] bridge0: port 2(bridge_slave_1) entered forwarding state [ 108.337773][ T5820] 8021q: adding VLAN 0 to HW filter on device bond0 [ 108.368469][ T5819] 8021q: adding VLAN 0 to HW filter on device team0 [ 108.468364][ T3118] bridge0: port 1(bridge_slave_0) entered blocking state [ 108.471167][ T3118] bridge0: port 1(bridge_slave_0) entered forwarding state [ 108.544173][ T57] bridge0: port 2(bridge_slave_1) entered blocking state [ 108.545044][ T57] bridge0: port 2(bridge_slave_1) entered forwarding state [ 108.573708][ T5820] 8021q: adding VLAN 0 to HW filter on device team0 [ 108.648055][ T5821] 8021q: adding VLAN 0 to HW filter on device bond0 [ 108.667974][ T57] bridge0: port 1(bridge_slave_0) entered blocking state [ 108.668584][ T57] bridge0: port 1(bridge_slave_0) entered forwarding state [ 108.736770][ T57] bridge0: port 2(bridge_slave_1) entered blocking state [ 108.736947][ T57] bridge0: port 2(bridge_slave_1) entered forwarding state [ 108.859621][ T5821] 8021q: adding VLAN 0 to HW filter on device team0 [ 108.919438][ T3569] bridge0: port 1(bridge_slave_0) entered blocking state [ 108.925064][ T3569] bridge0: port 1(bridge_slave_0) entered forwarding state [ 109.011535][ T57] bridge0: port 2(bridge_slave_1) entered blocking state [ 109.011805][ T57] bridge0: port 2(bridge_slave_1) entered forwarding state [ 109.051819][ T5815] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 109.331346][ T5828] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 109.439004][ T5815] veth0_vlan: entered promiscuous mode [ 109.528158][ T5815] veth1_vlan: entered promiscuous mode [ 109.686368][ T5819] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 109.768812][ T5828] veth0_vlan: entered promiscuous mode [ 109.835952][ T5815] veth0_macvtap: entered promiscuous mode [ 109.850441][ T5828] veth1_vlan: entered promiscuous mode [ 109.895689][ T5815] veth1_macvtap: entered promiscuous mode [ 110.042411][ T5815] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 110.048831][ T5820] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 110.051973][ T5819] veth0_vlan: entered promiscuous mode [ 110.088399][ T5815] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 110.158223][ T5819] veth1_vlan: entered promiscuous mode [ 110.169439][ T3569] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.200587][ T3569] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.204602][ T5828] veth0_macvtap: entered promiscuous mode [ 110.228607][ T3569] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.252680][ T5821] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 110.252932][ T3569] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.302886][ T5828] veth1_macvtap: entered promiscuous mode [ 110.651718][ T5828] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 110.669466][ T5819] veth0_macvtap: entered promiscuous mode [ 110.723405][ T5828] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 110.748044][ T5819] veth1_macvtap: entered promiscuous mode [ 110.777279][ T1421] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 110.777308][ T1421] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 110.823197][ T3569] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.850232][ T3569] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.886914][ T3569] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.917437][ T3569] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.954701][ T5821] veth0_vlan: entered promiscuous mode [ 111.023517][ T5819] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 111.036782][ T3118] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 111.036805][ T3118] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 111.148277][ T5819] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 111.153800][ T5821] veth1_vlan: entered promiscuous mode [ 111.315628][ T3987] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 111.350649][ T3569] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 111.368140][ T5820] veth0_vlan: entered promiscuous mode [ 111.391535][ T3569] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 111.428786][ T5934] openvswitch: netlink: IP tunnel attribute has 8 unknown bytes. [ 111.469228][ T3569] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 111.578247][ T3118] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 111.578271][ T3118] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 111.592499][ T5905] kernel write not supported for file bpf-prog (pid: 5905 comm: kworker/0:5) [ 111.639036][ T5820] veth1_vlan: entered promiscuous mode [ 111.849501][ T3987] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 111.849526][ T3987] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 111.899200][ T5821] veth0_macvtap: entered promiscuous mode [ 111.985999][ T5941] program syz.0.8 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 112.027947][ T5821] veth1_macvtap: entered promiscuous mode [ 112.103685][ T3569] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 112.103707][ T3569] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 112.197561][ T5820] veth0_macvtap: entered promiscuous mode [ 112.322181][ T5820] veth1_macvtap: entered promiscuous mode [ 112.343485][ T5821] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 112.373561][ T3569] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 112.373586][ T3569] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 112.451419][ T5821] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 112.547203][ T1113] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 112.559152][ T5820] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 112.559258][ T1113] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 112.586270][ T1421] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 112.612196][ T1421] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 112.641850][ T5820] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 112.802225][ T1113] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 112.836495][ T1113] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 112.855049][ T1113] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 112.917508][ T3569] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 113.422663][ T67] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 113.422689][ T67] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 113.528128][ T5896] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 113.711979][ T5965] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 113.783575][ T5896] usb 4-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config [ 113.783643][ T5896] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0 [ 113.783669][ T5896] usb 4-1: config 27 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 113.783717][ T5896] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 113.783743][ T5896] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 113.896957][ T1113] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 113.896982][ T1113] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 113.914959][ T1230] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 113.958305][ T5896] usb 4-1: Quirk or no altset; falling back to MIDI 1.0 [ 114.075083][ T1230] usb 3-1: Using ep0 maxpacket: 8 [ 114.078857][ T1230] usb 3-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b [ 114.078893][ T1230] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 114.124100][ T1113] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 114.124123][ T1113] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 114.164561][ T1230] pvrusb2: Hardware description: Terratec Grabster AV400 [ 114.164586][ T1230] pvrusb2: ********** [ 114.164594][ T1230] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental. [ 114.164608][ T1230] pvrusb2: Important functionality might not be entirely working. [ 114.164618][ T1230] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver. [ 114.164630][ T1230] pvrusb2: ********** [ 114.359403][ T2357] pvrusb2: Invalid write control endpoint [ 114.573602][ T5896] snd-usb-audio 4-1:27.0: probe with driver snd-usb-audio failed with error -2 [ 114.596867][ T5963] pvrusb2: Invalid write control endpoint [ 114.617867][ T1230] usb 3-1: USB disconnect, device number 2 [ 114.682183][ T3987] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 114.682217][ T3987] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 114.722928][ T5896] usb 4-1: USB disconnect, device number 2 [ 114.790449][ T2357] pvrusb2: Invalid write control endpoint [ 114.790467][ T2357] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work. [ 114.790478][ T2357] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device. [ 114.790487][ T2357] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups. [ 114.790498][ T2357] pvrusb2: Device being rendered inoperable [ 114.790623][ T2357] cx25840 1-0044: Unable to detect h/w, assuming cx23887 [ 114.790678][ T2357] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_a) [ 114.863630][ T2357] pvrusb2: Attached sub-driver cx25840 [ 114.863649][ T2357] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 114.863661][ T2357] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 116.131353][ T5804] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 116.233605][ T5996] netlink: 165 bytes leftover after parsing attributes in process `syz.1.27'. [ 116.314627][ T5804] usb 5-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 116.314661][ T5804] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 116.379330][ T5804] usb 5-1: config 0 descriptor?? [ 116.408726][ T5804] cp210x 5-1:0.0: cp210x converter detected [ 117.095484][ T5804] cp210x 5-1:0.0: failed to get vendor val 0x000e size 678: -71 [ 117.095569][ T5804] cp210x 5-1:0.0: GPIO initialisation failed: -71 [ 117.189351][ T5804] usb 5-1: cp210x converter now attached to ttyUSB0 [ 117.261477][ T5804] usb 5-1: USB disconnect, device number 2 [ 117.354679][ T5804] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 117.395284][ T5804] cp210x 5-1:0.0: device disconnected [ 118.455721][ T5896] usb 3-1: new full-speed USB device number 3 using dummy_hcd [ 118.614738][ T5896] usb 3-1: config 0 has an invalid interface number: 128 but max is 0 [ 118.615035][ T5896] usb 3-1: config 0 has no interface number 0 [ 118.656508][ T5896] usb 3-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a [ 118.656542][ T5896] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 118.656562][ T5896] usb 3-1: Product: syz [ 118.656577][ T5896] usb 3-1: Manufacturer: syz [ 118.656592][ T5896] usb 3-1: SerialNumber: syz [ 118.711310][ T5896] usb 3-1: config 0 descriptor?? [ 118.835155][ T5926] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 119.017487][ T5926] usb 4-1: config 0 has no interfaces? [ 119.046713][ T5926] usb 4-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b [ 119.046744][ T5926] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 119.046762][ T5926] usb 4-1: Product: syz [ 119.046776][ T5926] usb 4-1: Manufacturer: syz [ 119.046791][ T5926] usb 4-1: SerialNumber: syz [ 119.164018][ T5896] usb 3-1: Firmware: major: 225, minor: 107, hardware type: RZUSB (3) [ 119.168770][ T5926] usb 4-1: config 0 descriptor?? [ 119.420482][ T5896] usb 3-1: failed to fetch extended address, random address set [ 119.471295][ T6035] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 119.592233][ T6043] netlink: 80 bytes leftover after parsing attributes in process `syz.4.45'. [ 119.631383][ T5896] usb 3-1: USB disconnect, device number 3 [ 119.676674][ T31] usb 4-1: USB disconnect, device number 3 [ 119.885084][ T38] audit: type=1326 audit(1759200074.723:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6050 comm="syz.0.49" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f82dacbeec9 code=0x7ffc0000 [ 119.885141][ T38] audit: type=1326 audit(1759200074.723:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6050 comm="syz.0.49" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f82dacbeec9 code=0x7ffc0000 [ 119.885187][ T38] audit: type=1326 audit(1759200074.723:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6050 comm="syz.0.49" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f82dacbeec9 code=0x7ffc0000 [ 119.885229][ T38] audit: type=1326 audit(1759200074.723:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6050 comm="syz.0.49" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f82dacbeec9 code=0x7ffc0000 [ 119.885276][ T38] audit: type=1326 audit(1759200074.723:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6050 comm="syz.0.49" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f82dacbeec9 code=0x7ffc0000 [ 119.885322][ T38] audit: type=1326 audit(1759200074.723:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6050 comm="syz.0.49" exe="/root/syz-executor" sig=0 arch=c000003e syscall=209 compat=0 ip=0x7f82dacbeec9 code=0x7ffc0000 [ 119.885365][ T38] audit: type=1326 audit(1759200074.723:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6050 comm="syz.0.49" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f82dacbeec9 code=0x7ffc0000 [ 119.885412][ T38] audit: type=1326 audit(1759200074.723:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6050 comm="syz.0.49" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f82dacbeec9 code=0x7ffc0000 [ 120.444135][ T6057] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 121.275383][ T6075] Zero length message leads to an empty skb [ 121.348120][ T6079] loop7: detected capacity change from 0 to 7 [ 121.369194][ T6079] Dev loop7: unable to read RDB block 7 [ 121.369249][ T6079] loop7: AHDI p1 p2 [ 121.369286][ T6079] loop7: partition table partially beyond EOD, truncated [ 121.370130][ T6079] loop7: p1 start 1702000233 is beyond EOD, truncated [ 121.370840][ T6077] loop8: detected capacity change from 0 to 8 [ 121.396932][ T6077] Dev loop8: unable to read RDB block 8 [ 121.396993][ T6077] loop8: unable to read partition table [ 121.397237][ T6077] loop8: partition table beyond EOD, truncated [ 121.397257][ T6077] loop_reread_partitions: partition scan of loop8 (þ被xü^>Ñà– ) failed (rc=-5) [ 121.834340][ T6092] netlink: 'syz.3.68': attribute type 18 has an invalid length. [ 123.266562][ T6112] netlink: 8 bytes leftover after parsing attributes in process `syz.1.74'. [ 123.674128][ T6124] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant. [ 123.674128][ T6124] The task syz.4.79 (6124) triggered the difference, watch for misbehavior. [ 124.052454][ T6126] IPVS: persistence engine module ip_vs_pe_ not found [ 124.312848][ T6134] netlink: 28 bytes leftover after parsing attributes in process `syz.2.85'. [ 124.465545][ T6136] netlink: 'syz.3.86': attribute type 49 has an invalid length. [ 126.957119][ T6183] netlink: 4 bytes leftover after parsing attributes in process `syz.3.105'. [ 127.312375][ T6191] netlink: 'syz.3.109': attribute type 13 has an invalid length. [ 128.113786][ T6191] bridge0: port 2(bridge_slave_1) entered disabled state [ 128.117645][ T6191] bridge0: port 1(bridge_slave_0) entered disabled state [ 129.643074][ T6191] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 129.707609][ T6191] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 130.425193][ T6239] netlink: 'syz.4.129': attribute type 1 has an invalid length. [ 130.425221][ T6239] netlink: 72 bytes leftover after parsing attributes in process `syz.4.129'. [ 130.425239][ T6239] netlink: 97 bytes leftover after parsing attributes in process `syz.4.129'. [ 131.811149][ T6205] netlink: 'syz.0.115': attribute type 21 has an invalid length. [ 131.874864][ T3987] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 131.904382][ T3987] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 131.924026][ T3987] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 131.924083][ T3987] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 133.925059][ T5824] usb 4-1: new full-speed USB device number 4 using dummy_hcd [ 134.079351][ T5824] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 134.079380][ T5824] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 134.082485][ T5824] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 134.082516][ T5824] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 134.082538][ T5824] usb 4-1: Product: syz [ 134.082554][ T5824] usb 4-1: Manufacturer: syz [ 134.082570][ T5824] usb 4-1: SerialNumber: syz [ 134.379410][ T5824] usb 4-1: 0:2 : does not exist [ 134.413741][ T5824] usb 4-1: 5:0: failed to get current value for ch 0 (-22) [ 134.505371][ T5824] usb 4-1: USB disconnect, device number 4 [ 134.762559][ T5869] udevd[5869]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 135.494732][ T6320] sctp: [Deprecated]: syz.1.162 (pid 6320) Use of int in maxseg socket option. [ 135.494732][ T6320] Use struct sctp_assoc_value instead [ 135.622761][ T6327] netlink: 4 bytes leftover after parsing attributes in process `syz.3.166'. [ 135.624485][ T6327] netlink: 8 bytes leftover after parsing attributes in process `syz.3.166'. [ 136.107427][ T6339] syz.1.171 uses obsolete (PF_INET,SOCK_PACKET) [ 136.903586][ T6356] netlink: 52 bytes leftover after parsing attributes in process `syz.0.179'. [ 136.904999][ T5896] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 137.073412][ T5896] usb 2-1: Using ep0 maxpacket: 32 [ 137.080058][ T5896] usb 2-1: config 0 has an invalid interface number: 51 but max is 0 [ 137.080094][ T5896] usb 2-1: config 0 has no interface number 0 [ 137.101417][ T5896] usb 2-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 137.101450][ T5896] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 137.101472][ T5896] usb 2-1: Product: syz [ 137.101488][ T5896] usb 2-1: Manufacturer: syz [ 137.101504][ T5896] usb 2-1: SerialNumber: syz [ 137.144279][ T5896] usb 2-1: config 0 descriptor?? [ 137.178589][ T5896] quatech2 2-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 137.446500][ T5896] usb 2-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 137.531558][ T5896] usb 2-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 137.801995][ C1] usb 2-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 137.826608][ T5926] usb 2-1: USB disconnect, device number 2 [ 137.855973][ T5926] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 137.886370][ T5926] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 137.887449][ T5926] quatech2 2-1:0.51: device disconnected [ 138.174412][ T6375] overlayfs: failed to create directory ./bus/work (errno: 13); mounting read-only [ 138.174465][ T6375] overlayfs: fs on '.' does not support file handles, falling back to index=off,nfs_export=off. [ 138.216949][ T5896] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 138.237576][ T1322] ieee802154 phy0 wpan0: encryption failed: -22 [ 138.237685][ T1322] ieee802154 phy1 wpan1: encryption failed: -22 [ 138.406482][ T5896] usb 4-1: Using ep0 maxpacket: 8 [ 138.427658][ T5896] usb 4-1: New USB device found, idVendor=04a5, idProduct=3003, bcdDevice=3a.b2 [ 138.427692][ T5896] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 138.427714][ T5896] usb 4-1: Product: syz [ 138.427728][ T5896] usb 4-1: Manufacturer: syz [ 138.427754][ T5896] usb 4-1: SerialNumber: syz [ 138.461261][ T5896] usb 4-1: config 0 descriptor?? [ 138.691580][ T5896] gspca_main: sunplus-2.14.0 probing 04a5:3003 [ 138.867938][ T6387] netlink: 52 bytes leftover after parsing attributes in process `syz.1.194'. [ 138.868940][ T6387] netlink: 32 bytes leftover after parsing attributes in process `syz.1.194'. [ 139.296395][ T5896] gspca_sunplus: reg_w_riv err -71 [ 139.296504][ T5896] sunplus 4-1:0.0: probe with driver sunplus failed with error -71 [ 139.302346][ T5896] usb 4-1: USB disconnect, device number 5 [ 139.705388][ T6406] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 140.385877][ T5804] usb 4-1: new low-speed USB device number 6 using dummy_hcd [ 140.577465][ T5804] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 16, setting to 8 [ 140.577504][ T5804] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 4 [ 140.577552][ T5804] usb 4-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice= 0.00 [ 140.577578][ T5804] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 140.595582][ T5804] usb 4-1: config 0 descriptor?? [ 140.604287][ T6417] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 140.989556][ T6434] netlink: 8 bytes leftover after parsing attributes in process `syz.4.215'. [ 141.231407][ T5804] apple 0003:05AC:0219.0001: unknown main item tag 0x0 [ 141.231454][ T5804] apple 0003:05AC:0219.0001: unknown main item tag 0x0 [ 141.231484][ T5804] apple 0003:05AC:0219.0001: unknown main item tag 0x0 [ 141.231514][ T5804] apple 0003:05AC:0219.0001: unknown main item tag 0x0 [ 141.231541][ T5804] apple 0003:05AC:0219.0001: unknown main item tag 0x0 [ 141.231567][ T5804] apple 0003:05AC:0219.0001: unknown main item tag 0x0 [ 141.231597][ T5804] apple 0003:05AC:0219.0001: unknown main item tag 0x0 [ 141.274886][ T5804] apple 0003:05AC:0219.0001: hidraw0: USB HID vff.fa Device [HID 05ac:0219] on usb-dummy_hcd.3-1/input0 [ 141.439055][ T6446] vcan0: tx drop: invalid da for name 0x00000000000000c7 [ 141.469796][ T5905] usb 4-1: USB disconnect, device number 6 [ 141.738279][ T6448] fido_id[6448]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/report_descriptor': No such file or directory [ 141.865684][ T6457] C: renamed from team_slave_0 (while UP) [ 141.988504][ T6457] netlink: 144 bytes leftover after parsing attributes in process `syz.1.226'. [ 141.988531][ T6457] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check. [ 142.362506][ T31] IPVS: starting estimator thread 0... [ 142.462330][ T38] audit: type=1326 audit(1759200097.323:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6468 comm="syz.3.231" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fee4e2beec9 code=0x7ffc0000 [ 142.475223][ T6469] IPVS: using max 6 ests per chain, 14400 per kthread [ 142.813775][ T6478] ======================================================= [ 142.813775][ T6478] WARNING: The mand mount option has been deprecated and [ 142.813775][ T6478] and is ignored by this kernel. Remove the mand [ 142.813775][ T6478] option from the mount to silence this warning. [ 142.813775][ T6478] ======================================================= [ 143.719758][ T6494] input: syz0 as /devices/virtual/input/input5 [ 145.024918][ T5817] Bluetooth: hci4: command tx timeout [ 145.569431][ T6537] input: syz0 as /devices/virtual/input/input6 [ 145.615064][ T6534] syz.2.261 (6534) used greatest stack depth: 18968 bytes left [ 145.684601][ T6540] mmap: syz.1.264 (6540) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 146.793192][ T6558] netlink: 24 bytes leftover after parsing attributes in process `syz.4.272'. [ 148.144004][ T5831] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 148.158255][ T5831] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 148.161980][ T5831] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 148.163293][ T5831] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 148.164681][ T5831] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 149.345070][ T31] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 149.405564][ T3569] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 149.512399][ T31] usb 2-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 149.512429][ T31] usb 2-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 149.512449][ T31] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 149.512504][ T31] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9 [ 149.512532][ T31] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024 [ 149.565524][ T31] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 149.565559][ T31] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 149.565582][ T31] usb 2-1: Product: syz [ 149.565599][ T31] usb 2-1: Manufacturer: syz [ 149.578866][ T31] cdc_wdm 2-1:1.0: skipping garbage [ 149.578888][ T31] cdc_wdm 2-1:1.0: skipping garbage [ 149.640484][ T31] cdc_wdm 2-1:1.0: cdc-wdm0: USB WDM device [ 149.640527][ T31] cdc_wdm 2-1:1.0: Unknown control protocol [ 149.876819][ T3569] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 149.925661][ T5926] usb 2-1: USB disconnect, device number 3 [ 150.225068][ T5817] Bluetooth: hci0: command tx timeout [ 150.308552][ T6613] Illegal XDP return value 4294967274 on prog (id 38) dev N/A, expect packet loss! [ 150.540390][ T3569] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 150.867500][ T6623] block nbd0: server does not support multiple connections per device. [ 150.873718][ T6623] block nbd0: shutting down sockets [ 150.994876][ T5905] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 151.093610][ T3569] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 151.138669][ T6631] netlink: 28 bytes leftover after parsing attributes in process `syz.3.306'. [ 151.138768][ T6631] netlink: 12 bytes leftover after parsing attributes in process `syz.3.306'. [ 151.158572][ T5905] usb 5-1: Using ep0 maxpacket: 32 [ 151.169805][ T5905] usb 5-1: config 0 interface 0 altsetting 9 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 151.169840][ T5905] usb 5-1: config 0 interface 0 altsetting 9 endpoint 0x81 has invalid wMaxPacketSize 0 [ 151.169865][ T5905] usb 5-1: config 0 interface 0 has no altsetting 0 [ 151.171388][ T5905] usb 5-1: New USB device found, idVendor=1044, idProduct=7a4d, bcdDevice= 0.00 [ 151.171418][ T5905] usb 5-1: New USB device strings: Mfr=0, Product=1, SerialNumber=0 [ 151.171440][ T5905] usb 5-1: Product: syz [ 151.242109][ T5905] usb 5-1: config 0 descriptor?? [ 151.774088][ T5905] waterforce 0003:1044:7A4D.0002: unknown main item tag 0x0 [ 151.774131][ T5905] waterforce 0003:1044:7A4D.0002: unknown main item tag 0x0 [ 151.774161][ T5905] waterforce 0003:1044:7A4D.0002: item fetching failed at offset 2/5 [ 151.815093][ T5905] waterforce 0003:1044:7A4D.0002: hid parse failed with -22 [ 151.815210][ T5905] waterforce 0003:1044:7A4D.0002: probe with driver waterforce failed with error -22 [ 151.921020][ T5896] usb 5-1: USB disconnect, device number 3 [ 152.296343][ T6647] program syz.3.312 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 152.305214][ T5817] Bluetooth: hci0: command tx timeout [ 152.457026][ T3569] bridge_slave_1: left allmulticast mode [ 152.457232][ T3569] bridge_slave_1: left promiscuous mode [ 152.460584][ T3569] bridge0: port 2(bridge_slave_1) entered disabled state [ 152.626831][ T3569] bridge_slave_0: left allmulticast mode [ 152.626869][ T3569] bridge_slave_0: left promiscuous mode [ 152.627152][ T3569] bridge0: port 1(bridge_slave_0) entered disabled state [ 152.934554][ T6657] process 'syz.2.317' launched './file0' with NULL argv: empty string added [ 154.384999][ T5817] Bluetooth: hci0: command tx timeout [ 155.188145][ T3569] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 155.245738][ T3569] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 155.269931][ T3569] bond0 (unregistering): Released all slaves [ 155.348909][ T6651] bridge0: port 2(bridge_slave_1) entered disabled state [ 155.356252][ T6651] bridge0: port 1(bridge_slave_0) entered disabled state [ 155.597153][ T6579] chnl_net:caif_netlink_parms(): no params data found [ 155.815442][ T6677] 9p: Unknown access argument 18446744073709551615: -34 [ 156.333273][ T38] audit: type=1326 audit(1759200111.183:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6684 comm="syz.2.330" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb76033eec9 code=0x7ffc0000 [ 156.333330][ T38] audit: type=1326 audit(1759200111.193:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6684 comm="syz.2.330" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb76033eec9 code=0x7ffc0000 [ 156.383621][ T38] audit: type=1326 audit(1759200111.243:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6684 comm="syz.2.330" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb76033eec9 code=0x7ffc0000 [ 156.383688][ T38] audit: type=1326 audit(1759200111.243:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6684 comm="syz.2.330" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb76033eec9 code=0x7ffc0000 [ 156.383736][ T38] audit: type=1326 audit(1759200111.243:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6684 comm="syz.2.330" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb76033eec9 code=0x7ffc0000 [ 156.392117][ T38] audit: type=1326 audit(1759200111.253:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6684 comm="syz.2.330" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb76033eec9 code=0x7ffc0000 [ 156.407432][ T38] audit: type=1326 audit(1759200111.253:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6684 comm="syz.2.330" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb76033eec9 code=0x7ffc0000 [ 156.412209][ T38] audit: type=1326 audit(1759200111.273:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6684 comm="syz.2.330" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb76033eec9 code=0x7ffc0000 [ 156.421229][ T38] audit: type=1326 audit(1759200111.283:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6684 comm="syz.2.330" exe="/root/syz-executor" sig=0 arch=c000003e syscall=271 compat=0 ip=0x7fb76033eec9 code=0x7ffc0000 [ 156.464873][ T5817] Bluetooth: hci0: command tx timeout [ 156.484106][ T38] audit: type=1326 audit(1759200111.343:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6684 comm="syz.2.330" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb76033eec9 code=0x7ffc0000 [ 157.072520][ T6681] netlink: 'syz.4.327': attribute type 6 has an invalid length. [ 157.073833][ T6687] netlink: 12 bytes leftover after parsing attributes in process `syz.1.329'. [ 157.516668][ T5926] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 157.546841][ T6711] loop8: detected capacity change from 0 to 7 [ 157.593205][ T6711] Dev loop8: unable to read RDB block 7 [ 157.593266][ T6711] loop8: unable to read partition table [ 157.593507][ T6711] loop8: partition table beyond EOD, truncated [ 157.593542][ T6711] loop_reread_partitions: partition scan of loop8 (þ被xü^>à– ) failed (rc=-5) [ 157.679226][ T5926] usb 2-1: Using ep0 maxpacket: 16 [ 157.699066][ T5926] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 157.699123][ T5926] usb 2-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 157.699148][ T5926] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 157.757814][ T5926] usb 2-1: config 0 descriptor?? [ 158.214483][ T5926] mcp2221 0003:04D8:00DD.0003: USB HID v0.05 Device [HID 04d8:00dd] on usb-dummy_hcd.1-1/input0 [ 158.306861][ T5905] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 158.495144][ T5905] usb 4-1: Using ep0 maxpacket: 16 [ 158.559948][ T5905] usb 4-1: config 0 interface 0 has no altsetting 0 [ 158.560152][ T5905] usb 4-1: New USB device found, idVendor=0dfc, idProduct=0101, bcdDevice= 0.00 [ 158.560180][ T5905] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 158.726822][ T5905] usb 4-1: config 0 descriptor?? [ 159.146455][ T5926] usb 2-1: USB disconnect, device number 4 [ 159.199670][ T5905] hid (null): bogus close delimiter [ 159.229404][ T5905] hid-generic 0003:0DFC:0101.0004: unknown main item tag 0x0 [ 159.229449][ T5905] hid-generic 0003:0DFC:0101.0004: unknown main item tag 0x0 [ 159.229480][ T5905] hid-generic 0003:0DFC:0101.0004: unknown main item tag 0x0 [ 159.229509][ T5905] hid-generic 0003:0DFC:0101.0004: unknown main item tag 0x0 [ 159.229538][ T5905] hid-generic 0003:0DFC:0101.0004: unknown main item tag 0x0 [ 159.229568][ T5905] hid-generic 0003:0DFC:0101.0004: unknown main item tag 0x0 [ 159.229597][ T5905] hid-generic 0003:0DFC:0101.0004: unknown main item tag 0x0 [ 159.229625][ T5905] hid-generic 0003:0DFC:0101.0004: unknown main item tag 0x0 [ 159.229653][ T5905] hid-generic 0003:0DFC:0101.0004: unknown main item tag 0x0 [ 159.229680][ T5905] hid-generic 0003:0DFC:0101.0004: unknown main item tag 0x0 [ 159.323618][ T5905] hid-generic 0003:0DFC:0101.0004: item 0 4 0 9 parsing failed [ 159.324542][ T5905] hid-generic 0003:0DFC:0101.0004: probe with driver hid-generic failed with error -22 [ 159.509042][ T5905] usb 4-1: USB disconnect, device number 7 [ 159.671102][ T6579] bridge0: port 1(bridge_slave_0) entered blocking state [ 159.671245][ T6579] bridge0: port 1(bridge_slave_0) entered disabled state [ 159.671482][ T6579] bridge_slave_0: entered allmulticast mode [ 159.705351][ T6579] bridge_slave_0: entered promiscuous mode [ 159.711524][ T6579] bridge0: port 2(bridge_slave_1) entered blocking state [ 159.711704][ T6579] bridge0: port 2(bridge_slave_1) entered disabled state [ 159.712273][ T6579] bridge_slave_1: entered allmulticast mode [ 159.722164][ T6579] bridge_slave_1: entered promiscuous mode [ 160.065559][ T3569] hsr_slave_0: left promiscuous mode [ 160.114983][ T3569] hsr_slave_1: left promiscuous mode [ 160.121102][ T3569] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 160.121181][ T3569] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 160.188431][ T3569] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 160.188468][ T3569] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 160.392312][ T3569] veth1_macvtap: left promiscuous mode [ 160.392567][ T3569] veth0_macvtap: left promiscuous mode [ 160.415159][ T3569] veth1_vlan: left promiscuous mode [ 160.415680][ T3569] veth0_vlan: left promiscuous mode [ 160.855913][ T5905] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 161.007850][ T5905] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 161.007906][ T5905] usb 4-1: New USB device found, idVendor=1e7d, idProduct=2d50, bcdDevice= 0.00 [ 161.007932][ T5905] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 161.050525][ T5905] usb 4-1: config 0 descriptor?? [ 161.535636][ T5905] kovaplus 0003:1E7D:2D50.0005: item fetching failed at offset 1/3 [ 161.536464][ T5905] kovaplus 0003:1E7D:2D50.0005: parse failed [ 161.536542][ T5905] kovaplus 0003:1E7D:2D50.0005: probe with driver kovaplus failed with error -22 [ 161.705663][ T5904] usb 4-1: USB disconnect, device number 8 [ 162.308568][ T5817] Bluetooth: hci1: command 0x0406 tx timeout [ 162.436634][ T6763] netlink: 8 bytes leftover after parsing attributes in process `syz.3.357'. [ 162.494207][ T6764] netlink: 8 bytes leftover after parsing attributes in process `syz.3.357'. [ 163.868342][ T3569] team0 (unregistering): Port device team_slave_1 removed [ 164.107470][ T3569] team0 (unregistering): Port device team_slave_0 removed [ 166.517894][ T6733] kthread_run failed with err -4 [ 167.720910][ T6579] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 167.738120][ T6579] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 168.163850][ T6579] team0: Port device team_slave_0 added [ 168.196036][ T6579] team0: Port device team_slave_1 added [ 168.790657][ T6579] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 168.790676][ T6579] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 168.790706][ T6579] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 168.877701][ T6579] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 168.877722][ T6579] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 168.877752][ T6579] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 169.659753][ T6579] hsr_slave_0: entered promiscuous mode [ 169.666003][ T6579] hsr_slave_1: entered promiscuous mode [ 169.953675][ T6841] warning: `syz.1.384' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 170.124853][ T6846] tun0: tun_chr_ioctl cmd 1074025677 [ 170.125006][ T6846] tun0: linktype set to 776 [ 170.577570][ T6860] Bluetooth: MGMT ver 1.23 [ 170.866477][ T6858] netlink: 'syz.4.389': attribute type 3 has an invalid length. [ 171.225129][ T31] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 171.374995][ T31] usb 5-1: Using ep0 maxpacket: 8 [ 171.382386][ T31] usb 5-1: New USB device found, idVendor=047d, idProduct=5003, bcdDevice=2f.8c [ 171.382417][ T31] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 171.382439][ T31] usb 5-1: Product: syz [ 171.382463][ T31] usb 5-1: Manufacturer: syz [ 171.382479][ T31] usb 5-1: SerialNumber: syz [ 171.460538][ T31] usb 5-1: config 0 descriptor?? [ 171.479688][ T31] gspca_main: se401-2.14.0 probing 047d:5003 [ 171.916476][ T31] gspca_se401: Frame size: 115x0 bayer [ 171.916500][ T31] gspca_se401: Frame size: 0x0 1/16th janggu [ 171.916513][ T31] gspca_se401: Frame size: 0x0 1/16th janggu [ 172.147729][ T31] input: se401 as /devices/platform/dummy_hcd.4/usb5/5-1/input/input7 [ 172.266206][ T31] usb 5-1: USB disconnect, device number 4 [ 172.907585][ T31] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 172.927711][ T6579] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 173.014410][ T6579] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 173.067163][ T31] usb 2-1: Using ep0 maxpacket: 32 [ 173.072269][ T31] usb 2-1: config 0 has an invalid interface number: 35 but max is 0 [ 173.072302][ T31] usb 2-1: config 0 has no interface number 0 [ 173.104387][ T31] usb 2-1: New USB device found, idVendor=10c4, idProduct=818a, bcdDevice=7d.8f [ 173.104443][ T31] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 173.104469][ T31] usb 2-1: Product: syz [ 173.104485][ T31] usb 2-1: Manufacturer: syz [ 173.104500][ T31] usb 2-1: SerialNumber: syz [ 173.157176][ T31] usb 2-1: config 0 descriptor?? [ 173.170340][ T6579] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 173.268754][ T6579] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 173.407204][ T31] radio-si470x 2-1:0.35: this is not a si470x device. [ 173.442453][ T31] radio-raremono 2-1:0.35: Thanko's Raremono connected: (10C4:818A) [ 173.665306][ T31] radio-raremono 2-1:0.35: V4L2 device registered as radio48 [ 173.868104][ T5904] usb 2-1: USB disconnect, device number 5 [ 173.874272][ T5904] radio-raremono 2-1:0.35: Thanko's Raremono disconnected [ 173.902645][ T6579] 8021q: adding VLAN 0 to HW filter on device bond0 [ 173.954594][ T6933] program syz.3.414 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 174.020506][ T6579] 8021q: adding VLAN 0 to HW filter on device team0 [ 174.077048][ T171] bridge0: port 1(bridge_slave_0) entered blocking state [ 174.078744][ T171] bridge0: port 1(bridge_slave_0) entered forwarding state [ 174.126715][ T5926] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 174.208441][ T3622] bridge0: port 2(bridge_slave_1) entered blocking state [ 174.208594][ T3622] bridge0: port 2(bridge_slave_1) entered forwarding state [ 174.297764][ T5926] usb 3-1: Using ep0 maxpacket: 32 [ 174.305181][ T5926] usb 3-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40 [ 174.305209][ T5926] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 174.357626][ T5926] usb 3-1: config 0 descriptor?? [ 174.589653][ T5926] dvb-usb: found a 'Elgato EyeTV Sat' in warm state. [ 174.675118][ T6944] netlink: 56 bytes leftover after parsing attributes in process `syz.4.416'. [ 174.676342][ T5926] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 174.686314][ T5926] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat) [ 174.686433][ T5926] usb 3-1: media controller created [ 174.932047][ T5926] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 175.034985][ T5895] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 175.183604][ T5926] az6027: usb out operation failed. (-71) [ 175.192492][ T5926] az6027: usb out operation failed. (-71) [ 175.192513][ T5926] stb0899_attach: Driver disabled by Kconfig [ 175.192524][ T5926] az6027: no front-end attached [ 175.192524][ T5926] [ 175.203469][ T5895] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 175.203502][ T5895] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 175.205838][ T5895] usb 5-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 175.205869][ T5895] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 175.205891][ T5895] usb 5-1: SerialNumber: syz [ 175.210823][ T5926] az6027: usb out operation failed. (-71) [ 175.210859][ T5926] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat' [ 175.237508][ T5926] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.2/usb3/3-1/input/input8 [ 175.292789][ T5926] dvb-usb: schedule remote query interval to 400 msecs. [ 175.292887][ T5926] dvb-usb: Elgato EyeTV Sat successfully initialized and connected. [ 175.352152][ T5926] usb 3-1: USB disconnect, device number 4 [ 175.521165][ T5895] usb 5-1: 0:2 : does not exist [ 175.738141][ T6579] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 175.891465][ T5895] usb 5-1: USB disconnect, device number 5 [ 176.072077][ T6899] udevd[6899]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 176.191634][ T6972] netlink: 16402 bytes leftover after parsing attributes in process `syz.2.422'. [ 176.262953][ T5926] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected. [ 176.552193][ T38] kauditd_printk_skb: 1 callbacks suppressed [ 176.552214][ T38] audit: type=1326 audit(1759200643.415:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6980 comm="syz.2.424" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fb76033eec9 code=0x0 [ 177.347958][ T6579] veth0_vlan: entered promiscuous mode [ 177.381688][ T6579] veth1_vlan: entered promiscuous mode [ 177.539045][ T6579] veth0_macvtap: entered promiscuous mode [ 177.580628][ T6579] veth1_macvtap: entered promiscuous mode [ 177.765681][ T6579] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 178.177569][ T5896] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 178.242167][ T5904] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 178.323650][ T5896] usb 5-1: Using ep0 maxpacket: 8 [ 178.326359][ T5896] usb 5-1: config index 0 descriptor too short (expected 30, got 18) [ 178.329911][ T5896] usb 5-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea [ 178.330070][ T5896] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 178.330095][ T5896] usb 5-1: Product: syz [ 178.330120][ T5896] usb 5-1: Manufacturer: syz [ 178.330137][ T5896] usb 5-1: SerialNumber: syz [ 178.383718][ T5904] usb 4-1: Using ep0 maxpacket: 16 [ 178.404783][ T5904] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 178.404841][ T5904] usb 4-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 178.404868][ T5904] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 178.443384][ T5904] usb 4-1: config 0 descriptor?? [ 178.475552][ T5896] usb 5-1: config 0 descriptor?? [ 178.516956][ T5896] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state. [ 178.517110][ T5896] usb 5-1: setting power ON [ 178.519148][ T5896] dvb-usb: bulk message failed: -22 (2/0) [ 178.589088][ T5896] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 178.590492][ T5896] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID)) [ 178.590632][ T5896] usb 5-1: media controller created [ 178.689792][ T5896] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 178.720823][ T7019] dvb-usb: bulk message failed: -22 (3/0) [ 178.720853][ T7019] dvb-usb: bulk message failed: -22 (4/0) [ 178.720869][ T7019] cxusb: i2c read failed [ 178.721381][ T7019] cxusb: i2c wr: len=8192 is too big! [ 178.721381][ T7019] [ 178.825463][ T7028] loop7: detected capacity change from 0 to 7 [ 178.861731][ T5896] usb 5-1: selecting invalid altsetting 6 [ 178.861756][ T5896] usb 5-1: digital interface selection failed (-22) [ 178.861772][ T5896] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)' [ 178.892649][ T5904] mcp2221 0003:04D8:00DD.0006: USB HID v0.05 Device [HID 04d8:00dd] on usb-dummy_hcd.3-1/input0 [ 178.908847][ T5896] usb 5-1: setting power OFF [ 178.911030][ T5896] dvb-usb: bulk message failed: -22 (2/0) [ 178.911943][ T5896] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected. [ 178.911961][ T5896] (NULL device *): no alternate interface [ 178.915426][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 178.978360][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 178.979205][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 178.985836][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 178.985878][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 179.012505][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 179.012545][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 179.014610][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 179.014649][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 179.015672][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 179.015707][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 179.328062][ T5896] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected. [ 179.353567][ T5904] usb 4-1: USB disconnect, device number 9 [ 179.357342][ T5896] usb 5-1: USB disconnect, device number 6 [ 179.401706][ T6579] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 179.596752][ T3622] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 179.618873][ T3622] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 179.645942][ T3622] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 179.794540][ T3622] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 180.493626][ T7053] ip6_vti0: entered allmulticast mode [ 180.529973][ T7051] ip6_vti0: left allmulticast mode [ 180.568717][ T1421] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 180.568741][ T1421] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 180.888478][ T3622] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 180.888502][ T3622] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 181.031545][ T7065] netlink: 36 bytes leftover after parsing attributes in process `syz.3.454'. [ 183.586519][ T7117] netlink: 132 bytes leftover after parsing attributes in process `syz.2.474'. [ 183.802493][ T7121] sctp: [Deprecated]: syz.4.477 (pid 7121) Use of struct sctp_assoc_value in delayed_ack socket option. [ 183.802493][ T7121] Use struct sctp_sack_info instead [ 184.108346][ T7130] tap0: tun_chr_ioctl cmd 1074025675 [ 184.108372][ T7130] tap0: persist disabled [ 184.686999][ T7151] netlink: 'syz.3.489': attribute type 3 has an invalid length. [ 185.144976][ T7166] capability: warning: `syz.5.497' uses deprecated v2 capabilities in a way that may be insecure [ 185.527121][ T7179] capability: warning: `syz.4.503' uses 32-bit capabilities (legacy support in use) [ 187.988822][ T1230] usb 5-1: new full-speed USB device number 7 using dummy_hcd [ 188.162954][ T1230] usb 5-1: config index 0 descriptor too short (expected 35577, got 27) [ 188.162987][ T1230] usb 5-1: config 1 has too many interfaces: 92, using maximum allowed: 32 [ 188.163009][ T1230] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 92 [ 188.163033][ T1230] usb 5-1: config 1 has no interface number 0 [ 188.163083][ T1230] usb 5-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10 [ 188.163112][ T1230] usb 5-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17 [ 188.163157][ T1230] usb 5-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8 [ 188.163182][ T1230] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 188.309470][ T1230] snd_usb_pod 5-1:1.1: Line 6 Pocket POD found [ 188.504931][ T57] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 188.966608][ T1230] snd_usb_pod 5-1:1.1: Line 6 Pocket POD now attached [ 189.125462][ T7242] netlink: 'syz.5.534': attribute type 1 has an invalid length. [ 189.125493][ T7242] netlink: 144 bytes leftover after parsing attributes in process `syz.5.534'. [ 189.125523][ T7242] netlink: 28 bytes leftover after parsing attributes in process `syz.5.534'. [ 189.178496][ T5804] usb 5-1: USB disconnect, device number 7 [ 189.181575][ T5804] snd_usb_pod 5-1:1.1: Line 6 Pocket POD now disconnected [ 189.202911][ T7246] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 189.324456][ T57] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 189.506083][ T5817] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 189.529571][ T5817] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 189.533979][ T5817] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 189.544673][ T5817] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 189.551351][ T5817] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 190.034444][ T57] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 190.423841][ T7275] comedi comedi3: comedi_config --init_data is deprecated [ 190.613162][ T57] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 191.663822][ T5817] Bluetooth: hci4: command tx timeout [ 191.927280][ T7250] chnl_net:caif_netlink_parms(): no params data found [ 192.118036][ T7321] netlink: 'syz.3.561': attribute type 2 has an invalid length. [ 192.754855][ T57] bridge_slave_1: left allmulticast mode [ 192.754892][ T57] bridge_slave_1: left promiscuous mode [ 192.755171][ T57] bridge0: port 2(bridge_slave_1) entered disabled state [ 192.941801][ T57] bridge_slave_0: left allmulticast mode [ 192.941839][ T57] bridge_slave_0: left promiscuous mode [ 192.942141][ T57] bridge0: port 1(bridge_slave_0) entered disabled state [ 193.746060][ T5817] Bluetooth: hci4: command tx timeout [ 194.154307][ T5817] Bluetooth: hci1: unexpected event 0x2f length: 509 > 260 [ 194.676075][ T7379] program syz.3.577 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 195.674978][ T5895] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 195.815652][ T5817] Bluetooth: hci4: command tx timeout [ 195.832588][ T5895] usb 2-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 195.832623][ T5895] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 195.851114][ T5895] usb 2-1: config 0 descriptor?? [ 195.887890][ T5895] cp210x 2-1:0.0: cp210x converter detected [ 196.290652][ T5895] cp210x 2-1:0.0: failed to get vendor val 0x000e size 3: -32 [ 196.321326][ T57] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 196.322722][ T5895] usb 2-1: cp210x converter now attached to ttyUSB0 [ 196.405641][ T57] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 196.449866][ T57] bond0 (unregistering): Released all slaves [ 196.499924][ T5804] usb 2-1: USB disconnect, device number 6 [ 196.550191][ T5804] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 196.714616][ T5804] cp210x 2-1:0.0: device disconnected [ 197.894481][ T5817] Bluetooth: hci4: command tx timeout [ 198.207189][ T38] audit: type=1326 audit(1759200921.079:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7427 comm="syz.1.595" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5a9e64eec9 code=0x7ffc0000 [ 198.207477][ T38] audit: type=1326 audit(1759200921.079:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7427 comm="syz.1.595" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5a9e64eec9 code=0x7ffc0000 [ 198.208343][ T38] audit: type=1326 audit(1759200921.079:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7427 comm="syz.1.595" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f5a9e64eec9 code=0x7ffc0000 [ 198.212613][ T38] audit: type=1326 audit(1759200921.079:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7427 comm="syz.1.595" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5a9e64eec9 code=0x7ffc0000 [ 198.311597][ T38] audit: type=1326 audit(1759200921.079:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7427 comm="syz.1.595" exe="/root/syz-executor" sig=0 arch=c000003e syscall=10 compat=0 ip=0x7f5a9e64eec9 code=0x7ffc0000 [ 198.312284][ T38] audit: type=1326 audit(1759200921.179:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7427 comm="syz.1.595" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f5a9e645d67 code=0x7ffc0000 [ 198.312343][ T38] audit: type=1326 audit(1759200921.179:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7427 comm="syz.1.595" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f5a9e5eaf79 code=0x7ffc0000 [ 198.312395][ T38] audit: type=1326 audit(1759200921.179:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7427 comm="syz.1.595" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5a9e64eec9 code=0x7ffc0000 [ 198.312445][ T38] audit: type=1326 audit(1759200921.179:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7427 comm="syz.1.595" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5a9e64eec9 code=0x7ffc0000 [ 198.969342][ T7250] bridge0: port 1(bridge_slave_0) entered blocking state [ 198.969785][ T7250] bridge0: port 1(bridge_slave_0) entered disabled state [ 198.970052][ T7250] bridge_slave_0: entered allmulticast mode [ 198.980822][ T7250] bridge_slave_0: entered promiscuous mode [ 199.038083][ T7250] bridge0: port 2(bridge_slave_1) entered blocking state [ 199.038237][ T7250] bridge0: port 2(bridge_slave_1) entered disabled state [ 199.038491][ T7250] bridge_slave_1: entered allmulticast mode [ 199.055473][ T7250] bridge_slave_1: entered promiscuous mode [ 199.659342][ T1322] ieee802154 phy0 wpan0: encryption failed: -22 [ 199.659407][ T1322] ieee802154 phy1 wpan1: encryption failed: -22 [ 199.841340][ T57] hsr_slave_0: left promiscuous mode [ 199.897342][ T57] hsr_slave_1: left promiscuous mode [ 199.898377][ T57] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 199.898410][ T57] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 199.958276][ T57] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 199.958312][ T57] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 200.147578][ T7480] netlink: 'syz.3.614': attribute type 4 has an invalid length. [ 200.233288][ T57] veth1_macvtap: left promiscuous mode [ 200.233415][ T57] veth0_macvtap: left promiscuous mode [ 200.233726][ T57] veth1_vlan: left promiscuous mode [ 200.233923][ T57] veth0_vlan: left promiscuous mode [ 203.878827][ T7526] syz.4.629 (7526) used greatest stack depth: 18696 bytes left [ 203.949177][ T57] team0 (unregistering): Port device team_slave_1 removed [ 204.181790][ T57] team0 (unregistering): Port device team_slave_0 removed [ 206.535329][ T7250] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 206.554529][ T7485] netlink: 16 bytes leftover after parsing attributes in process `syz.3.616'. [ 206.594393][ T7488] netlink: 8 bytes leftover after parsing attributes in process `syz.1.617'. [ 207.147821][ T7250] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 207.330362][ T5817] Bluetooth: hci1: unexpected Set CIG Parameters response data [ 207.332374][ T5817] Bluetooth: hci1: unexpected event for opcode 0x2062 [ 207.623533][ T7250] team0: Port device team_slave_0 added [ 207.671470][ T7250] team0: Port device team_slave_1 added [ 207.749163][ T5926] usb 2-1: new full-speed USB device number 7 using dummy_hcd [ 207.931733][ T5926] usb 2-1: config 128 has an invalid interface number: 72 but max is 0 [ 207.931767][ T5926] usb 2-1: config 128 has no interface number 0 [ 207.931822][ T5926] usb 2-1: config 128 interface 72 has no altsetting 0 [ 207.935619][ T5926] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=e9.21 [ 207.935651][ T5926] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 207.935673][ T5926] usb 2-1: Product: syz [ 207.935689][ T5926] usb 2-1: Manufacturer: syz [ 207.935705][ T5926] usb 2-1: SerialNumber: syz [ 207.995349][ T7550] netlink: 104 bytes leftover after parsing attributes in process `syz.3.640'. [ 208.220318][ T7250] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 208.220337][ T7250] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 208.220367][ T7250] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 208.222901][ T7250] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 208.222917][ T7250] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 208.222946][ T7250] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 208.261290][ T7554] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 208.416856][ T5926] usb 2-1: USB disconnect, device number 7 [ 208.781163][ T7565] netlink: 148 bytes leftover after parsing attributes in process `syz.3.645'. [ 208.925894][ T7250] hsr_slave_0: entered promiscuous mode [ 208.927328][ T7250] hsr_slave_1: entered promiscuous mode [ 208.954777][ T7250] debugfs: 'hsr0' already exists in 'hsr' [ 208.954809][ T7250] Cannot create hsr debugfs directory [ 209.189332][ T7568] syz.5.647 (7568) used greatest stack depth: 16696 bytes left [ 209.321999][ T7583] netlink: 'syz.5.651': attribute type 1 has an invalid length. [ 209.322025][ T7583] netlink: 'syz.5.651': attribute type 1 has an invalid length. [ 209.322040][ T7583] netlink: 160 bytes leftover after parsing attributes in process `syz.5.651'. [ 209.322074][ T7583] netlink: 'syz.5.651': attribute type 1 has an invalid length. [ 209.322088][ T7583] netlink: 12 bytes leftover after parsing attributes in process `syz.5.651'. [ 209.432824][ T7588] netlink: 64 bytes leftover after parsing attributes in process `syz.3.653'. [ 210.970420][ T7250] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 211.100262][ T7250] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 211.188250][ T7634] netlink: 212376 bytes leftover after parsing attributes in process `syz.5.670'. [ 211.188519][ T7250] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 211.257571][ T7639] netlink: 4 bytes leftover after parsing attributes in process `syz.3.673'. [ 211.266832][ T7639] netlink: 4 bytes leftover after parsing attributes in process `syz.3.673'. [ 211.271733][ T7250] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 211.411155][ T5817] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0 [ 211.411283][ T5817] Bluetooth: hci1: Injecting HCI hardware error event [ 211.413737][ T5817] Bluetooth: hci1: hardware error 0x00 [ 212.011860][ T7250] 8021q: adding VLAN 0 to HW filter on device bond0 [ 212.333885][ T7250] 8021q: adding VLAN 0 to HW filter on device team0 [ 212.418646][ T57] bridge0: port 1(bridge_slave_0) entered blocking state [ 212.418812][ T57] bridge0: port 1(bridge_slave_0) entered forwarding state [ 212.582381][ T3569] bridge0: port 2(bridge_slave_1) entered blocking state [ 212.582662][ T3569] bridge0: port 2(bridge_slave_1) entered forwarding state [ 213.646733][ T5817] Bluetooth: hci1: Opcode 0x0c03 failed: -110 [ 213.656153][ T5904] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 213.816374][ T5904] usb 2-1: Using ep0 maxpacket: 32 [ 213.819506][ T5904] usb 2-1: config 0 has an invalid interface number: 12 but max is 0 [ 213.819536][ T5904] usb 2-1: config 0 has no interface number 0 [ 213.819613][ T5904] usb 2-1: config 0 interface 12 has no altsetting 0 [ 213.825324][ T5904] usb 2-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40 [ 213.825357][ T5904] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 213.825380][ T5904] usb 2-1: Product: syz [ 213.825396][ T5904] usb 2-1: Manufacturer: syz [ 213.825412][ T5904] usb 2-1: SerialNumber: syz [ 213.864225][ T5904] usb 2-1: config 0 descriptor?? [ 214.953836][ T5904] f81534 2-1:0.12: f81534_set_register: reg: 1002 data: 0 failed: -71 [ 214.953915][ T5904] f81534 2-1:0.12: f81534_find_config_idx: read failed: -71 [ 214.953935][ T5904] f81534 2-1:0.12: f81534_calc_num_ports: find idx failed: -71 [ 214.954172][ T5904] f81534 2-1:0.12: probe with driver f81534 failed with error -71 [ 215.044440][ T5904] usb 2-1: USB disconnect, device number 8 [ 216.039496][ T7250] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 217.097533][ T7730] ipvlan2: entered promiscuous mode [ 217.127643][ T7730] 8021q: adding VLAN 0 to HW filter on device ipvlan2 [ 217.157453][ T7730] bond0: (slave ipvlan2): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 218.231324][ T7750] netlink: 12 bytes leftover after parsing attributes in process `syz.4.708'. [ 221.395161][ C0] sched: DL replenish lagged too much [ 222.612089][ T5827] Bluetooth: hci3: command 0x0406 tx timeout [ 222.629391][ T5827] Bluetooth: hci2: command 0x0406 tx timeout [ 222.830049][ T5825] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0 [ 222.830478][ T5825] Bluetooth: hci3: Injecting HCI hardware error event [ 263.576993][ T1322] ieee802154 phy0 wpan0: encryption failed: -22 [ 263.585964][ T1322] ieee802154 phy1 wpan1: encryption failed: -22 [ 267.054628][ T5817] Bluetooth: hci3: hardware error 0x00 [ 276.798774][ T5825] Bluetooth: hci0: command 0x0406 tx timeout [ 298.543446][ T5827] Bluetooth: hci5: Opcode 0x0c03 failed: -110 [ 299.937062][ T5825] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 301.825007][ T5832] Bluetooth: hci6: Opcode 0x0c03 failed: -110 [ 303.165168][ T7808] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 303.182802][ T7808] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 303.202257][ T7808] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 303.203644][ T7808] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 303.205363][ T7808] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 303.206221][ T7808] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 303.243432][ T7808] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 303.617030][ T5832] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 303.636667][ T5832] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 303.638079][ T5832] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 303.639852][ T5832] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 303.655407][ T5832] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 307.189069][ T7801] Bluetooth: hci6: Opcode 0x0c03 failed: -110 [ 312.754718][ T5832] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 313.972295][ T5832] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 314.572720][ T7808] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 315.790627][ T7808] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 315.792009][ T7808] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 326.293481][ T1322] ieee802154 phy0 wpan0: encryption failed: -22 [ 326.363784][ T1322] ieee802154 phy1 wpan1: encryption failed: -22 [ 328.216751][ T7250] veth0_vlan: entered promiscuous mode [ 336.572464][ T5827] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 336.614063][ T5827] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 336.675116][ T5827] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 336.676952][ T5827] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 336.677810][ T5827] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 337.083904][ T59] Bluetooth: hci4: command 0x0406 tx timeout [ 357.768971][ T59] Bluetooth: hci8: unexpected cc 0x0c03 length: 249 > 1 [ 358.968135][ T59] Bluetooth: hci8: unexpected cc 0x1003 length: 249 > 9 [ 358.973422][ T59] Bluetooth: hci8: unexpected cc 0x1001 length: 249 > 9 [ 358.974920][ T59] Bluetooth: hci8: unexpected cc 0x0c23 length: 249 > 4 [ 358.975845][ T59] Bluetooth: hci8: unexpected cc 0x0c38 length: 249 > 2 [ 363.168887][ T59] Bluetooth: hci8: unexpected cc 0x0c03 length: 249 > 1 [ 363.169398][ T59] Bluetooth: hci8: unexpected cc 0x1003 length: 249 > 9 [ 363.169834][ T59] Bluetooth: hci8: unexpected cc 0x1001 length: 249 > 9 [ 363.174545][ T59] Bluetooth: hci8: unexpected cc 0x0c23 length: 249 > 4 [ 363.175414][ T59] Bluetooth: hci8: unexpected cc 0x0c38 length: 249 > 2 [ 371.515080][ T7828] Bluetooth: hci9: unexpected cc 0x0c03 length: 249 > 1 [ 371.773132][ T7828] Bluetooth: hci9: unexpected cc 0x1003 length: 249 > 9 [ 371.775851][ T7828] Bluetooth: hci9: unexpected cc 0x1001 length: 249 > 9 [ 371.778168][ T7828] Bluetooth: hci9: unexpected cc 0x0c23 length: 249 > 4 [ 371.779054][ T7828] Bluetooth: hci9: unexpected cc 0x0c38 length: 249 > 2 [ 380.630041][ T7821] Bluetooth: hci9: unexpected cc 0x0c03 length: 249 > 1 [ 381.160988][ T7821] Bluetooth: hci9: unexpected cc 0x1003 length: 249 > 9 [ 381.612103][ T7821] Bluetooth: hci9: unexpected cc 0x1001 length: 249 > 9 [ 383.199522][ T7821] Bluetooth: hci10: unexpected cc 0x0c03 length: 249 > 1 [ 384.287605][ T7828] Bluetooth: hci9: unexpected cc 0x0c23 length: 249 > 4 [ 384.288468][ T7828] Bluetooth: hci9: unexpected cc 0x0c38 length: 249 > 2 [ 385.280827][ T1322] ieee802154 phy0 wpan0: encryption failed: -22 [ 385.317494][ T1322] ieee802154 phy1 wpan1: encryption failed: -22 [ 387.229071][ T7821] Bluetooth: hci10: command 0x1003 tx timeout [ 387.378021][ T59] Bluetooth: hci10: Opcode 0x1003 failed: -110 [ 387.588616][ T7821] Bluetooth: hci10: unexpected cc 0x1003 length: 249 > 9 [ 393.634419][ T7821] Bluetooth: hci10: unexpected cc 0x0c03 length: 249 > 1 [ 394.904214][ T7821] Bluetooth: hci10: unexpected cc 0x1003 length: 249 > 9 [ 396.574670][ T7821] Bluetooth: hci10: unexpected cc 0x1001 length: 249 > 9 [ 399.869907][ T7821] Bluetooth: hci10: unexpected cc 0x0c23 length: 249 > 4 [ 399.871032][ T7821] Bluetooth: hci10: unexpected cc 0x0c38 length: 249 > 2 [ 412.121517][ T5817] Bluetooth: hci1: Opcode 0x0c03 failed: -110 [ 413.178469][ T7834] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 415.499436][ T5817] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 417.961457][ T7837] Bluetooth: hci1: Opcode 0x1003 failed: -110 [ 419.079693][ T7828] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 419.729258][ T39] INFO: task kworker/u8:10:3118 blocked for more than 143 seconds. [ 419.729305][ T39] Not tainted syzkaller #0 [ 419.729317][ T39] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 419.729331][ T39] task:kworker/u8:10 state:D stack:20584 pid:3118 tgid:3118 ppid:2 task_flags:0x4208060 flags:0x00004000 [ 419.729399][ T39] Workqueue: ipv6_addrconf addrconf_dad_work [ 419.729442][ T39] Call Trace: [ 419.729453][ T39] [ 419.729471][ [ 419.729471][ T39] __schedule+0x16f3/0x4c20 [ 419.729531][ T39] ? lockdep_hardirqs_on+0x9c/0x150 [ 419.729559][ T39] ? __pfx___schedule+0x10/0x10 [ 419.729615][ T39] ? _raw_spin_unlock_irq+0x23/0x50 [ 419.729641][ T39] rt_mutex_schedule+0x77/0xf0 [ 419.729674][ T39] rt_mutex_slowlock_block+0x5ba/0x6d0 [ 419.729705][ T39] ? task_blocks_on_rt_mutex+0x78c/0x1380 [ 419.729755][ T39] rt_mutex_slowlock+0x2b1/0x6e0 [ 419.729789][ T39] ? rt_mutex_slowlock+0x1c9/0x6e0 [ 419.729821][ T39] ? __pfx_rt_mutex_slowlock+0x10/0x10 [ 419.729863][ T39] ? lockdep_hardirqs_on+0x9c/0x150 [ 419.729890][ T39] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 419.729923][ T39] ? addrconf_dad_work+0x119/0x15a0 [ 419.729949][ T39] mutex_lock_nested+0x16a/0x1d0 [ 419.729978][ T39] ? addrconf_dad_work+0x119/0x15a0 [ 419.730009][ T39] addrconf_dad_work+0x119/0x15a0 [ 419.730040][ T39] ? __lock_acquire+0xab9/0xd20 [ 419.730082][ T39] ? __pfx_addrconf_dad_work+0x10/0x10 [ 419.730110][ T39] ? process_scheduled_works+0x9ef/0x17b0 [ 419.730148][ T39] ? _raw_spin_unlock_irq+0x23/0x50 [ 419.730170][ T39] ? process_scheduled_works+0x9ef/0x17b0 [ 419.730199][ T39] ? process_scheduled_works+0x9ef/0x17b0 [ 419.730232][ T39] process_scheduled_works+0xae1/0x17b0 [ 419.730296][ T39] ? __pfx_process_scheduled_works+0x10/0x10 [ 419.730346][ T39] worker_thread+0x8a0/0xda0 [ 419.730407][ T39] kthread+0x711/0x8a0 [ 419.730434][ T39] ? __pfx_worker_thread+0x10/0x10 [ 419.730466][ T39] ? __pfx_kthread+0x10/0x10 [ 419.730493][ T39] ? __pfx_kthread+0x10/0x10 [ 419.730528][ T39] ret_from_fork+0x436/0x7d0 [ 419.730565][ T39] ? __pfx_ret_from_fork+0x10/0x10 [ 419.730605][ T39] ? __switch_to_asm+0x39/0x70 [ 419.730629][ T39] ? __switch_to_asm+0x33/0x70 [ 419.730652][ T39] ? __pfx_kthread+0x10/0x10 [ 419.730685][ T39] ret_from_fork_asm+0x1a/0x30 [ 419.730727][ T39] [ 419.730749][ T39] INFO: task dhcpcd:5480 blocked for more than 143 seconds. [ 419.730765][ T39] Not tainted syzkaller #0 [ 419.730776][ T39] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 419.730787][ T39] task:dhcpcd state:D stack:21072 pid:5480 tgid:5480 ppid:5479 task_flags:0x400140 flags:0x00004002 [ 419.730850][ T39] Call Trace: [ 419.730858][ T39] [ 419.730872][ T39] __schedule+0x16f3/0x4c20 [ 419.730914][ T39] ? kernel_text_address+0xa5/0xe0 [ 419.730941][ T39] ? __kernel_text_address+0xd/0x40 [ 419.730965][ T39] ? unwind_get_return_address+0x4d/0x90 [ 419.731002][ T39] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 419.731030][ T39] ? arch_stack_walk+0xfc/0x150 [ 419.731061][ T39] ? __pfx___schedule+0x10/0x10 [ 419.731117][ T39] ? _raw_spin_unlock_irq+0x23/0x50 [ 419.731143][ T39] rt_mutex_schedule+0x77/0xf0 [ 419.731167][ T39] rt_mutex_slowlock_block+0x5ba/0x6d0 [ 419.731197][ T39] ? task_blocks_on_rt_mutex+0xf12/0x1380 [ 419.731247][ T39] rt_mutex_slowlock+0x2b1/0x6e0 [ 419.731281][ T39] ? rt_mutex_slowlock+0x1c9/0x6e0 [ 419.731313][ T39] ? __pfx_rt_mutex_slowlock+0x10/0x10 [ 419.731356][ T39] ? rtnl_dumpit+0x92/0x200 [ 419.731393][ T39] ? rcu_is_watching+0x15/0xb0 [ 419.731417][ T39] ? trace_kmalloc+0x1f/0xd0 [ 419.731449][ T39] ? __kmalloc_node_track_caller_noprof+0x213/0x450 [ 419.731492][ T39] ? rtnl_dumpit+0x92/0x200 [ 419.731523][ T39] mutex_lock_nested+0x16a/0x1d0 [ 419.731551][ T39] ? __build_skb_around+0x257/0x3e0 [ 419.731590][ T39] ? __pfx_rtnl_dump_ifinfo+0x10/0x10 [ 419.731626][ T39] rtnl_dumpit+0x92/0x200 [ 419.731671][ T39] netlink_dump+0x6e4/0xe90 [ 419.731720][ T39] ? __pfx_netlink_dump+0x10/0x10 [ 419.731752][ T39] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 419.731776][ T39] ? lockdep_hardirqs_on+0x9c/0x150 [ 419.731826][ T39] __netlink_dump_start+0x5cb/0x7e0 [ 419.731870][ T39] rtnetlink_rcv_msg+0x9eb/0xb70 [ 419.731907][ T39] ? __pfx_rtnl_dump_ifinfo+0x10/0x10 [ 419.731943][ T39] ? rtnetlink_rcv_msg+0x1ab/0xb70 [ 419.731977][ T39] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 419.732011][ T39] ? __pfx_rtnl_dumpit+0x10/0x10 [ 419.732044][ T39] ? __pfx_rtnl_dump_ifinfo+0x10/0x10 [ 419.732094][ T39] netlink_rcv_skb+0x205/0x470 [ 419.732126][ T39] ? __lock_acquire+0xab9/0xd20 [ 419.732160][ T39] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 419.732198][ T39] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 419.732246][ T39] ? netlink_deliver_tap+0x2e/0x1b0 [ 419.732290][ T39] netlink_unicast+0x843/0xa10 [ 419.732333][ T39] ? __pfx_netlink_unicast+0x10/0x10 [ 419.732367][ T39] ? netlink_sendmsg+0x642/0xb30 [ 419.732401][ T39] ? skb_put+0x11b/0x210 [ 419.732428][ T39] netlink_sendmsg+0x805/0xb30 [ 419.732474][ T39] ? __pfx_netlink_sendmsg+0x10/0x10 [ 419.732520][ T39] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 419.732546][ T39] ? __pfx_netlink_sendmsg+0x10/0x10 [ 419.732583][ T39] __sock_sendmsg+0x219/0x270 [ 419.732619][ T39] __sys_sendto+0x3c7/0x520 [ 419.732646][ T39] ? __pfx___sys_sendto+0x10/0x10 [ 419.732799][ T39] ? rcu_is_watching+0x15/0xb0 [ 419.732831][ T39] __x64_sys_sendto+0xde/0x100 [ 419.732858][ T39] do_syscall_64+0xfa/0x3b0 [ 419.732881][ T39] ? lockdep_hardirqs_on+0x9c/0x150 [ 419.732903][ T39] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 419.732927][ T39] ? clear_bhb_loop+0x60/0xb0 [ 419.732956][ T39] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 419.732979][ T39] RIP: 0033:0x7ff05620e407 [ 419.733008][ T39] RSP: 002b:00007ffc73e2db20 EFLAGS: 00000202 ORIG_RAX: 000000000000002c [ 419.733032][ T39] RAX: ffffffffffffffda RBX: 00007ff056184740 RCX: 00007ff05620e407 [ 419.733050][ T39] RDX: 0000000000000014 RSI: 00007ffc73e2dbb0 RDI: 000000000000001e [ 419.733065][ T39] RBP: 00007ffc73e2db94 R08: 00007ffc73e2db94 R09: 000000000000000c [ 419.733080][ T39] R10: 0000000000000000 R11: 0000000000000202 R12: 00007ffc73e4e4a0 [ 419.733095][ T39] R13: 00007ff0561846c8 R14: 00007ffc73e2dc90 R15: 00007ffc73e3e270 [ 419.733131][ T39] [ 419.733210][ T39] [ 419.733210][ T39] Showing all locks held in the system: [ 419.733221][ T39] 2 locks held by kworker/0:1/10: [ 419.733236][ T39] 2 locks held by ksoftirqd/0/15: [ 419.733248][ T39] #0: ffffffff8d24a6a0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 419.733336][ T39] #1: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 419.733398][ T39] 4 locks held by pr/legacy/17: [ 419.733413][ T39] 2 locks held by rcuc/1/28: [ 419.733425][ T39] #0: ffffffff8d24a6a0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 419.733485][ T39] #1: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 419.733547][ T39] 6 locks held by ktimers/1/29: [ 419.733560][ T39] 2 locks held by ksoftirqd/1/30: [ 419.733572][ T39] #0: ffffffff8d24a6a0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 419.733632][ T39] #1: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 419.733703][ T39] 7 locks held by kworker/u8:2/37: [ 419.733716][ T39] #0: ffff888019481138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 419.733777][ T39] #1: ffffc90000ac7bc0 ((work_completion)(&(&nsim_dev->trap_data->trap_report_dw)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 419.733841][ T39] #2: ffff8880361ca300 (&devlink->lock_key){+.+.}-{4:4}, at: nsim_dev_trap_report_work+0x57/0xbc0 [ 419.733896][ T39] #3: ffff88803401f120 (&nsim_trap_data->trap_lock){+.+.}-{3:3}, at: nsim_dev_trap_report_work+0x1ad/0xbc0 [ 419.733950][ T39] #4: ffffffff8d3a9d40 (rcu_read_lock){....}-{1:3}, at: rt_spin_lock+0x1bb/0x2c0 [ 419.734009][ T39] #5: ffffffff8d24a6a0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 419.734070][ T39] #6: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 419.734130][ T39] 1 lock held by khungtaskd/39: [ 419.734143][ T39] #0: ffffffff8d3a9d40 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180 [ 419.734203][ T39] 5 locks held by kworker/u8:3/57: [ 419.734216][ T39] #0: ffff888019481138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 419.734277][ T39] #1: ffffc9000123fbc0 ((work_completion)(&rdev->wiphy_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 419.734339][ T39] #2: ffff88805f140898 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: cfg80211_wiphy_work+0xc4/0x470 [ 419.734407][ T39] #3: ffffffff8d24a6a0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 419.734466][ T39] #4: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 419.734528][ T39] 4 locks held by kworker/u9:0/59: [ 419.734541][ T39] #0: ffff88802efc2138 ((wq_completion)hci9#2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 419.734612][ T39] #1: ffffc9000125fbc0 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 419.734681][ T39] #2: ffff88802ecec0a8 (&hdev->lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x9b/0x8e0 [ 419.734751][ T39] #3: ffffffff8e7cdd98 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x516/0x8e0 [ 419.734823][ T39] 4 locks held by kworker/0:2/989: [ 419.734843][ T39] #0: ffff888035cf7538 ((wq_completion)wg-kex-wg0#10){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 419.734910][ T39] #1: ffffc900047e7bc0 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __ptr = (unsigned long) ((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker)))); (typeof((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker))))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 419.734992][ T39] #2: ffffffff8d24a6a0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 419.735052][ T39] #3: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 419.735115][ T39] 4 locks held by kworker/u8:6/1113: [ 419.735128][ T39] #0: ffff88814d980938 ((wq_completion)bat_events){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 419.735189][ T39] #1: ffffc90004a57bc0 ((work_completion)(&(&bat_priv->dat.work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 419.735252][ T39] #2: ffffffff8d24a6a0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 419.735311][ T39] #3: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 419.735372][ T39] 5 locks held by kworker/u8:7/1121: [ 419.735387][ T39] 2 locks held by irq/34-virtio1-/1185: [ 419.735400][ T39] #0: ffffffff8d24a6a0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 419.735459][ T39] #1: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 419.735522][ T39] 2 locks held by kworker/1:2/1230: [ 419.735540][ T39] #0: ffff888019498538 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 419.735602][ T39] #1: ffffc90004e47bc0 (free_ipc_work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 419.735670][ T39] 5 locks held by kworker/u8:9/1421: [ 419.735696][ T39] 3 locks held by kworker/u8:10/3118: [ 419.735709][ T39] #0: ffff88802fd58938 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 419.735770][ T39] #1: ffffc9000cd37bc0 ((work_completion)(&(&ifa->dad_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 419.735832][ T39] #2: ffffffff8e6662f8 (rtnl_mutex){+.+.}-{4:4}, at: addrconf_dad_work+0x119/0x15a0 [ 419.735892][ T39] 5 locks held by kworker/u8:12/3622: [ 419.735905][ T39] #0: ffff888019481138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 419.735967][ T39] #1: ffffc9000d577bc0 ((work_completion)(&rdev->wiphy_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 419.736029][ T39] #2: ffff88802ffa0898 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: cfg80211_wiphy_work+0xc4/0x470 [ 419.736095][ T39] #3: ffffffff8d24a6a0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 419.736155][ T39] #4: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 419.736217][ T39] 4 locks held by kworker/u9:1/5134: [ 419.736230][ T39] #0: ffff8880607d6938 ((wq_completion)hci0){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 419.736291][ T39] #1: ffffc9000f9c7bc0 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 419.736353][ T39] #2: ffff888033048e80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_cmd_sync_work+0x1d4/0x3a0 [ 419.736413][ T39] #3: ffff8880330480a8 (&hdev->lock){+.+.}-{4:4}, at: hci_abort_conn_sync+0x242/0xe30 [ 419.736466][ T39] 1 lock held by jbd2/sda1-8/5147: [ 419.736480][ T39] 2 locks held by dhcpcd/5480: [ 419.736492][ T39] #0: ffff88803b0d4910 (nlk_cb_mutex-ROUTE){+.+.}-{4:4}, at: __netlink_dump_start+0xfe/0x7e0 [ 419.736556][ T39] #1: ffffffff8e6662f8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_dumpit+0x92/0x200 [ 419.736620][ T39] 2 locks held by crond/5559: [ 419.736633][ T39] 2 locks held by getty/5575: [ 419.736645][ T39] #0: ffff88823bf7e8a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 419.736707][ T39] #1: ffffc90003e832e0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x444/0x1410 [ 419.736771][ T39] 3 locks held by syz-executor/5803: [ 419.736783][ T39] #0: ffff88803a921290 (sk_lock-AF_INET){+.+.}-{0:0}, at: tcp_recvmsg+0xd3/0x560 [ 419.736845][ T39] #1: ffffffff8d24a6a0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 419.736906][ T39] #2: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 419.736968][ T39] 4 locks held by kworker/1:3/5824: [ 419.736981][ T39] #0: ffff88805b746538 ((wq_completion)wg-kex-wg1#10){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 419.737047][ T39] #1: ffffc90004bd7bc0 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __ptr = (unsigned long) ((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker)))); (typeof((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker))))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 419.737129][ T39] #2: ffffffff8d24a6a0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 419.737190][ T39] #3: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 419.737251][ T39] 4 locks held by kworker/u9:3/5825: [ 419.737264][ T39] #0: ffff88805effb138 ((wq_completion)hci7#2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 419.737329][ T39] #1: ffffc90004be7bc0 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 419.737391][ T39] #2: ffff88807cb200a8 (&hdev->lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x9b/0x8e0 [ 419.737452][ T39] #3: ffffffff8e7cdd98 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x516/0x8e0 [ 419.737515][ T39] 4 locks held by kworker/u9:4/5827: [ 419.737527][ T39] #0: ffff88805d373138 ((wq_completion)hci6#3){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 419.737594][ T39] #1: ffffc90004c27bc0 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 419.737662][ T39] #2: ffff88808450c0a8 (&hdev->lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x9b/0x8e0 [ 419.737723][ T39] #3: ffffffff8e7cdd98 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x516/0x8e0 [ 419.737784][ T39] 4 locks held by kworker/u9:5/5831: [ 419.737797][ T39] #0: ffff888035dac138 ((wq_completion)hci8#2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 419.737863][ T39] #1: ffffc90004c57bc0 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 419.737924][ T39] #2: ffff8880844e80a8 (&hdev->lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x9b/0x8e0 [ 419.737986][ T39] #3: ffffffff8e7cdd98 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x516/0x8e0 [ 419.738048][ T39] 4 locks held by kworker/u9:6/5832: [ 419.738061][ T39] #0: ffff888033159938 ((wq_completion)hci5#2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 419.738127][ T39] #1: ffffc90004c67bc0 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 419.738188][ T39] #2: ffff8880326ac0a8 (&hdev->lock){+.+.}-{4:4}, at: le_conn_complete_evt+0xb1/0x1500 [ 419.738255][ T39] #3: ffffffff8e7cdd98 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_connect_cfm+0x2c/0x140 [ 419.738322][ T39] 5 locks held by kworker/0:4/5895: [ 419.738336][ T39] #0: ffff88805b746538 ((wq_completion)wg-kex-wg1#10){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 419.738402][ T39] #1: ffffc900050a7bc0 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __ptr = (unsigned long) ((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker)))); (typeof((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker))))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 419.738484][ T39] #2: ffff88805bd4d5f8 (&wg->static_identity.lock){++++}-{4:4}, at: wg_noise_handshake_consume_initiation+0x150/0x900 [ 419.738548][ T39] #3: ffffffff8d24a6a0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 419.738607][ T39] #4: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 419.738683][ T39] 4 locks held by kworker/1:5/5903: [ 419.738696][ T39] #0: ffff88805be5b538 ((wq_completion)wg-kex-wg0#8){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 419.738763][ T39] #1: ffffc90005127bc0 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __ptr = (unsigned long) ((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker)))); (typeof((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker))))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 419.738844][ T39] #2: ffffffff8d24a6a0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 419.738904][ T39] #3: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 419.738965][ T39] 3 locks held by kworker/0:5/5905: [ 419.738978][ T39] 3 locks held by kworker/0:6/5926: [ 419.738992][ T39] 4 locks held by syz.4.130/6242: [ 419.739004][ T39] #0: ffff888038c90e80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_unregister_dev+0x212/0x510 [ 419.739066][ T39] #1: ffff888038c900a8 (&hdev->lock){+.+.}-{4:4}, at: hci_dev_close_sync+0x66a/0x1330 [ 419.739132][ T39] #2: ffffffff8e7cdd98 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_hash_flush+0xa1/0x230 [ 419.739188][ T39] #3: ffff888026827358 (&conn->lock#2){+.+.}-{4:4}, at: l2cap_conn_del+0x70/0x680 [ 419.739252][ T39] 1 lock held by syz.3.716/7777: [ 419.739265][ T39] #0: ffffffff8e6662f8 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x41/0x1c0 [ 419.739317][ T39] 4 locks held by kworker/0:8/7774: [ 419.739330][ T39] #0: ffff888019499938 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 419.739393][ T39] #1: ffffc9000457fbc0 ((work_completion)(&(&tbl->gc_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 419.739455][ T39] #2: ffffffff8d24a6a0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 419.739515][ T39] #3: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 419.739577][ T39] 4 locks held by kworker/0:10/7779: [ 419.739590][ T39] #0: ffff888019499938 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 419.739651][ T39] #1: ffffc9000158fbc0 ((reg_check_chans).work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 419.739718][ T39] #2: ffffffff8e6662f8 (rtnl_mutex){+.+.}-{4:4}, at: reg_check_chans_work+0x95/0xf30 [ 419.739772][ T39] #3: ffff88805f140898 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: reg_check_chans_work+0x164/0xf30 [ 419.739826][ T39] 4 locks held by kworker/0:12/7781: [ 419.739840][ T39] 7 locks held by kworker/u8:16/7784: [ 419.739853][ T39] #0: ffff888019481138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 419.739914][ T39] #1: ffffc9000156fbc0 ((work_completion)(&(&nsim_dev->trap_data->trap_report_dw)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 419.739979][ T39] #2: ffff88802a131300 (&devlink->lock_key#7){+.+.}-{4:4}, at: nsim_dev_trap_report_work+0x57/0xbc0 [ 419.740038][ T39] #3: ffff88805e167120 (&nsim_trap_data->trap_lock){+.+.}-{3:3}, at: nsim_dev_trap_report_work+0x1ad/0xbc0 [ 419.740092][ T39] #4: ffffffff8d3a9d40 (rcu_read_lock){....}-{1:3}, at: rt_spin_lock+0x1bb/0x2c0 [ 419.740149][ T39] #5: ffffffff8d24a6a0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 419.740209][ T39] #6: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 419.740271][ T39] 1 lock held by syz.1.718/7786: [ 419.740283][ T39] #0: ffffffff8e6662f8 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x41/0x1c0 [ 419.740336][ T39] 7 locks held by kworker/u8:17/7791: [ 419.740349][ T39] #0: ffff888019481138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 419.740411][ T39] #1: ffffc900045efbc0 ((work_completion)(&(&nsim_dev->trap_data->trap_report_dw)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 419.740474][ T39] #2: ffff88805dea8300 (&devlink->lock_key#5){+.+.}-{4:4}, at: nsim_dev_trap_report_work+0x57/0xbc0 [ 419.740534][ T39] #3: ffff88805de25920 (&nsim_trap_data->trap_lock){+.+.}-{3:3}, at: nsim_dev_trap_report_work+0x1ad/0xbc0 [ 419.740587][ T39] #4: ffffffff8d3a9d40 (rcu_read_lock){....}-{1:3}, at: rt_spin_lock+0x1bb/0x2c0 [ 419.740647][ T39] #5: ffffffff8d24a6a0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 419.740717][ T39] #6: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 419.740778][ T39] 4 locks held by kworker/1:11/7794: [ 419.740792][ T39] 4 locks held by kworker/1:13/7796: [ 419.740805][ T39] #0: ffff8880345e6538 ((wq_completion)wg-kex-wg2#10){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 419.740866][ T39] #1: ffffc900047f7bc0 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __ptr = (unsigned long) ((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker)))); (typeof((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker))))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 419.740941][ T39] #2: ffffffff8d24a6a0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 419.741001][ T39] #3: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 419.741062][ T39] 3 locks held by kworker/1:14/7797: [ 419.741075][ T39] #0: ffff888019498538 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 419.741135][ T39] #1: ffffc90004807bc0 (deferred_process_work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 419.741196][ T39] #2: ffffffff8e6662f8 (rtnl_mutex){+.+.}-{4:4}, at: switchdev_deferred_process_work+0xe/0x20 [ 419.741256][ T39] 1 lock held by syz-executor/7802: [ 419.741269][ T39] #0: ffffffff8e6662f8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 419.741328][ T39] 5 locks held by kworker/0:14/7804: [ 419.741341][ T39] #0: ffff8880345e6538 ((wq_completion)wg-kex-wg2#10){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 419.741408][ T39] #1: ffffc90006217bc0 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __ptr = (unsigned long) ((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker)))); (typeof((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker))))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 419.741492][ T39] #2: ffff8880217683f8 (&handshake->lock){++++}-{4:4}, at: wg_noise_handshake_begin_session+0x38/0xbe0 [ 419.741553][ T39] #3: ffffffff8d24a6a0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 419.741613][ T39] #4: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 419.741681][ T39] 5 locks held by kworker/u9:7/7808: [ 419.741694][ T39] #0: ffff888060f09138 ((wq_completion)hci4){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 419.741755][ T39] #1: ffffc9000153fbc0 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 419.741816][ T39] #2: ffff888030dd4e80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_cmd_sync_work+0x1d4/0x3a0 [ 419.741874][ T39] #3: ffff888030dd40a8 (&hdev->lock){+.+.}-{4:4}, at: hci_abort_conn_sync+0x242/0xe30 [ 419.741926][ T39] #4: ffffffff8e7cdd98 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_failed+0x165/0x310 [ 419.741979][ T39] 1 lock held by syz-executor/7811: [ 419.741992][ T39] #0: ffffffff8e6662f8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 419.742050][ T39] 7 locks held by kworker/u8:19/7813: [ 419.742063][ T39] #0: ffff888019481138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 419.742123][ T39] #1: ffffc900047d7bc0 ((work_completion)(&(&nsim_dev->trap_data->trap_report_dw)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 419.742187][ T39] #2: ffff888039879300 (&devlink->lock_key#2){+.+.}-{4:4}, at: nsim_dev_trap_report_work+0x57/0xbc0 [ 419.742246][ T39] #3: ffff88805de24520 (&nsim_trap_data->trap_lock){+.+.}-{3:3}, at: nsim_dev_trap_report_work+0x1ad/0xbc0 [ 419.742299][ T39] #4: ffffffff8d3a9d40 (rcu_read_lock){....}-{1:3}, at: rt_spin_lock+0x1bb/0x2c0 [ 419.742358][ T39] #5: ffffffff8d24a6a0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 419.742418][ T39] #6: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 419.742480][ T39] 1 lock held by syz-executor/7817: [ 419.742493][ T39] #0: ffffffff8e6662f8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 419.742551][ T39] 4 locks held by kworker/1:19/7818: [ 419.742564][ T39] #0: ffff888019499138 ((wq_completion)events_long){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 419.742625][ T39] #1: ffffc9000453fbc0 ((work_completion)(&(&ipvs->defense_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 420.242527][ T39] #2: ffffffff8d24a6a0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 420.242602][ T39] #3: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 420.242666][ T39] 4 locks held by kworker/u9:8/7821: [ 420.242681][ T39] #0: ffff88804c142938 ((wq_completion)hci10#2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 420.242748][ T39] #1: ffffc90005fe7bc0 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 420.242811][ T39] #2: ffff888090e140a8 (&hdev->lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x9b/0x8e0 [ 420.242874][ T39] #3: ffffffff8e7cdd98 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x516/0x8e0 [ 420.242937][ T39] 1 lock held by syz-executor/7824: [ 420.242950][ T39] #0: ffffffff8e6662f8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 420.243010][ T39] 1 lock held by syz-executor/7831: [ 420.243023][ T39] #0: ffffffff8e6662f8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 420.243081][ T39] 1 lock held by syz-executor/7833: [ 420.243094][ T39] 1 lock held by syz-executor/7835: [ 420.243108][ T39] 4 locks held by syz-executor/7838: [ 420.243123][ T39] [ 420.243130][ T39] ============================================= [ 420.243130][ T39] [ 420.243159][ T39] NMI backtrace for cpu 1 [ 420.243185][ T39] CPU: 1 UID: 0 PID: 39 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 420.243210][ T39] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 420.243224][ T39] Call Trace: [ 420.243233][ T39] [ 420.243243][ T39] dump_stack_lvl+0x189/0x250 [ 420.243285][ T39] ? __pfx_dump_stack_lvl+0x10/0x10 [ 420.243321][ T39] ? __pfx__printk+0x10/0x10 [ 420.243365][ T39] nmi_cpu_backtrace+0x39e/0x3d0 [ 420.243400][ T39] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 420.243435][ T39] ? __pfx__printk+0x10/0x10 [ 420.243469][ T39] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 420.243502][ T39] nmi_trigger_cpumask_backtrace+0x17a/0x300 [ 420.243537][ T39] watchdog+0xf93/0xfe0 [ 420.243582][ T39] ? watchdog+0x1de/0xfe0 [ 420.243621][ T39] kthread+0x711/0x8a0 [ 420.243646][ T39] ? __pfx_watchdog+0x10/0x10 [ 420.243676][ T39] ? __pfx_kthread+0x10/0x10 [ 420.243703][ T39] ? __pfx_kthread+0x10/0x10 [ 420.243725][ T39] ret_from_fork+0x436/0x7d0 [ 420.243759][ T39] ? __pfx_ret_from_fork+0x10/0x10 [ 420.243798][ T39] ? __switch_to_asm+0x39/0x70 [ 420.243821][ T39] ? __switch_to_asm+0x33/0x70 [ 420.243842][ T39] ? __pfx_kthread+0x10/0x10 [ 420.243865][ T39] ret_from_fork_asm+0x1a/0x30 [ 420.243906][ T39] [ 420.243915][ T39] Sending NMI from CPU 1 to CPUs 0: [ 420.243943][ C0] NMI backtrace for cpu 0 [ 420.243959][ C0] CPU: 0 UID: 0 PID: 16 Comm: ktimers/0 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 420.243992][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 420.244009][ C0] RIP: 0010:unwind_next_frame+0x12fc/0x2390 [ 420.244045][ C0] Code: d5 48 89 d5 48 89 d8 48 29 e8 48 89 c1 48 c1 f9 02 48 c1 e8 3f 48 01 c8 48 83 e0 fe 4c 8d 3c 45 00 00 00 00 49 01 ef 4c 89 f8 <48> c1 e8 03 48 b9 00 00 00 00 00 fc ff df 0f b6 04 08 84 c0 75 27 [ 420.244060][ C0] RSP: 0018:ffffc900001569f8 EFLAGS: 00000286 [ 420.244076][ C0] RAX: ffffffff8f1efde4 RBX: ffffffff8f1efde8 RCX: 0000000000000002 [ 420.244089][ C0] RDX: ffffffff8f1efde0 RSI: ffffffff8fbe7fa2 RDI: ffffffff8b1d4880 [ 420.244104][ C0] RBP: ffffffff8f1efde0 R08: 0000000000000003 R09: ffffffff81721165 [ 420.244117][ C0] R10: ffffc90000156b18 R11: ffffffff81a94d40 R12: ffffffff88f6b1ac [ 420.244130][ C0] R13: ffffffff8f1efde0 R14: ffffc90000156ac8 R15: ffffffff8f1efde4 [ 420.244145][ C0] FS: 0000000000000000(0000) GS:ffff888127025000(0000) knlGS:0000000000000000 [ 420.244160][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 420.244172][ C0] CR2: 00007fa3f384ed00 CR3: 000000001c37c000 CR4: 00000000003526f0 [ 420.244188][ C0] Call Trace: [ 420.244195][ C0] [ 420.244206][ C0] ? unwind_next_frame+0xa5/0x2390 [ 420.244234][ C0] ? nft_do_chain_inet+0x25d/0x340 [ 420.244258][ C0] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 420.244281][ C0] arch_stack_walk+0x11c/0x150 [ 420.244307][ C0] ? nft_do_chain_inet+0x25d/0x340 [ 420.244331][ C0] stack_trace_save+0x9c/0xe0 [ 420.244351][ C0] ? __pfx_stack_trace_save+0x10/0x10 [ 420.244374][ C0] ? ip6_finish_output2+0x710/0x1720 [ 420.244404][ C0] ? __lock_acquire+0xab9/0xd20 [ 420.244430][ C0] kasan_save_track+0x3e/0x80 [ 420.244453][ C0] ? kasan_save_track+0x3e/0x80 [ 420.244475][ C0] ? kasan_save_free_info+0x46/0x50 [ 420.244493][ C0] ? __kasan_slab_free+0x5b/0x80 [ 420.244517][ C0] ? kmem_cache_free+0x195/0x510 [ 420.244543][ C0] ? skb_release_data+0x62d/0x7c0 [ 420.244563][ C0] ? consume_skb+0x9e/0xf0 [ 420.244580][ C0] ? nft_synproxy_eval_v6+0x376/0x560 [ 420.244601][ C0] ? nft_synproxy_do_eval+0x3d7/0x570 [ 420.244622][ C0] ? nft_do_chain+0x409/0x1920 [ 420.244641][ C0] ? nft_do_chain_inet+0x25d/0x340 [ 420.244688][ C0] kasan_save_free_info+0x46/0x50 [ 420.244707][ C0] __kasan_slab_free+0x5b/0x80 [ 420.244730][ C0] ? skb_release_data+0x62d/0x7c0 [ 420.244748][ C0] kmem_cache_free+0x195/0x510 [ 420.244778][ C0] skb_release_data+0x62d/0x7c0 [ 420.244803][ C0] consume_skb+0x9e/0xf0 [ 420.244820][ C0] nft_synproxy_eval_v6+0x376/0x560 [ 420.244845][ C0] ? __pfx_nft_synproxy_eval_v6+0x10/0x10 [ 420.244869][ C0] ? nf_ip_checksum+0x13c/0x510 [ 420.244893][ C0] nft_synproxy_do_eval+0x3d7/0x570 [ 420.244918][ C0] ? __pfx_nft_synproxy_do_eval+0x10/0x10 [ 420.244939][ C0] ? __local_bh_enable_ip+0x1b2/0x270 [ 420.244963][ C0] ? lockdep_hardirqs_on+0x9c/0x150 [ 420.244989][ C0] nft_do_chain+0x409/0x1920 [ 420.245018][ C0] ? __pfx_nft_do_chain+0x10/0x10 [ 420.245037][ C0] ? ipv6_find_hdr+0xc78/0x1050 [ 420.245087][ C0] nft_do_chain_inet+0x25d/0x340 [ 420.245107][ C0] ? __pfx_nft_do_chain_inet+0x10/0x10 [ 420.245128][ C0] ? __lock_acquire+0xab9/0xd20 [ 420.245160][ C0] ? NF_HOOK+0x9a/0x3a0 [ 420.245186][ C0] ? __pfx_nft_do_chain_inet+0x10/0x10 [ 420.245208][ C0] nf_hook_slow+0xc2/0x220 [ 420.245239][ C0] NF_HOOK+0x206/0x3a0 [ 420.245266][ C0] ? __pfx_ip6_input_finish+0x10/0x10 [ 420.245294][ C0] ? NF_HOOK+0x9a/0x3a0 [ 420.245325][ C0] ? __pfx_NF_HOOK+0x10/0x10 [ 420.245353][ C0] ? __pfx_ip6_input_finish+0x10/0x10 [ 420.245388][ C0] ip6_input+0x16a/0x270 [ 420.245415][ C0] ? ip6_input+0x23/0x270 [ 420.245443][ C0] NF_HOOK+0x30c/0x3a0 [ 420.245470][ C0] ? skb_orphan+0xaf/0xd0 [ 420.245497][ C0] ? __pfx_ip6_rcv_finish+0x10/0x10 [ 420.245523][ C0] ? NF_HOOK+0x9a/0x3a0 [ 420.245549][ C0] ? __pfx_NF_HOOK+0x10/0x10 [ 420.245578][ C0] ? __pfx_ip6_rcv_finish+0x10/0x10 [ 420.245611][ C0] __netif_receive_skb+0xd3/0x380 [ 420.245636][ C0] ? rt_spin_unlock+0x65/0x80 [ 420.245663][ C0] ? process_backlog+0x27b/0x900 [ 420.245690][ C0] process_backlog+0x31e/0x900 [ 420.245725][ C0] __napi_poll+0xb6/0x540 [ 420.245752][ C0] net_rx_action+0x707/0xe00 [ 420.245790][ C0] ? __pfx_net_rx_action+0x10/0x10 [ 420.245838][ C0] handle_softirqs+0x22f/0x710 [ 420.245867][ C0] ? __pfx_handle_softirqs+0x10/0x10 [ 420.245899][ C0] run_ktimerd+0xcf/0x190 [ 420.245925][ C0] ? __pfx_run_ktimerd+0x10/0x10 [ 420.245952][ C0] ? schedule+0x91/0x360 [ 420.245983][ C0] ? smpboot_thread_fn+0x4d/0xa60 [ 420.246008][ C0] smpboot_thread_fn+0x542/0xa60 [ 420.246034][ C0] ? smpboot_thread_fn+0x4d/0xa60 [ 420.246064][ C0] kthread+0x711/0x8a0 [ 420.246082][ C0] ? __pfx_smpboot_thread_fn+0x10/0x10 [ 420.246107][ C0] ? __pfx_kthread+0x10/0x10 [ 420.246127][ C0] ? __pfx_kthread+0x10/0x10 [ 420.246144][ C0] ret_from_fork+0x436/0x7d0 [ 420.246171][ C0] ? __pfx_ret_from_fork+0x10/0x10 [ 420.246200][ C0] ? __switch_to_asm+0x39/0x70 [ 420.246219][ C0] ? __switch_to_asm+0x33/0x70 [ 420.246237][ C0] ? __pfx_kthread+0x10/0x10 [ 420.246254][ C0] ret_from_fork_asm+0x1a/0x30 [ 420.246282][ C0] [ 420.246945][ T39] Kernel panic - not syncing: hung_task: blocked tasks [ 420.246967][ T39] CPU: 1 UID: 0 PID: 39 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 420.246993][ T39] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 420.247006][ T39] Call Trace: [ 420.247015][ T39] [ 420.247024][ T39] dump_stack_lvl+0x99/0x250 [ 420.247061][ T39] ? __asan_memcpy+0x40/0x70 [ 420.247088][ T39] ? __pfx_dump_stack_lvl+0x10/0x10 [ 420.247125][ T39] ? __pfx__printk+0x10/0x10 [ 420.247167][ T39] vpanic+0x281/0x750 [ 420.247194][ T39] ? __pfx_vpanic+0x10/0x10 [ 420.247214][ T39] ? __x2apic_send_IPI_mask+0x1e4/0x260 [ 420.247241][ T39] ? lockdep_hardirqs_on+0x9c/0x150 [ 420.247274][ T39] panic+0xb9/0xc0 [ 420.247296][ T39] ? __pfx_panic+0x10/0x10 [ 420.247322][ T39] ? irq_work_queue+0xc3/0x140 [ 420.247358][ T39] ? nmi_trigger_cpumask_backtrace+0x234/0x300 [ 420.247394][ T39] watchdog+0xfd2/0xfe0 [ 420.247431][ T39] ? watchdog+0x1de/0xfe0 [ 420.247470][ T39] kthread+0x711/0x8a0 [ 420.247494][ T39] ? __pfx_watchdog+0x10/0x10 [ 420.247526][ T39] ? __pfx_kthread+0x10/0x10 [ 420.247560][ T39] ? __pfx_kthread+0x10/0x10 [ 420.247583][ T39] ret_from_fork+0x436/0x7d0 [ 420.247617][ T39] ? __pfx_ret_from_fork+0x10/0x10 [ 420.247656][ T39] ? __switch_to_asm+0x39/0x70 [ 420.247678][ T39] ? __switch_to_asm+0x33/0x70 [ 420.247700][ T39] ? __pfx_kthread+0x10/0x10 [ 420.247719][ T39] ret_from_fork_asm+0x1a/0x30 [ 420.247757][ T39] [ 420.248110][ T39] Kernel Offset: disabled