last executing test programs: 5m2.208531237s ago: executing program 0 (id=1): mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) mbind(&(0x7f0000400000/0xc00000)=nil, 0xc01100, 0x0, 0x0, 0x0, 0x2) munlockall() madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x66) 4m55.834166578s ago: executing program 0 (id=21): r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100), 0x801, 0x0) write$rfkill(r0, &(0x7f00000000c0)={0x0, 0x1, 0x3, 0x6}, 0x8) r1 = socket$kcm(0x10, 0x2, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) open(&(0x7f0000000280)='.\x00', 0x111080, 0x10a) sendmsg$kcm(r1, &(0x7f0000000600)={0x0, 0xc, &(0x7f0000000000)=[{&(0x7f0000000080)="2e00000010008188e6b62aa73772cc9f1ba1f848480000005e140602000000000e000a000f000000028000001294", 0x2e}], 0x1}, 0x0) 4m40.633072889s ago: executing program 32 (id=21): r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100), 0x801, 0x0) write$rfkill(r0, &(0x7f00000000c0)={0x0, 0x1, 0x3, 0x6}, 0x8) r1 = socket$kcm(0x10, 0x2, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) open(&(0x7f0000000280)='.\x00', 0x111080, 0x10a) sendmsg$kcm(r1, &(0x7f0000000600)={0x0, 0xc, &(0x7f0000000000)=[{&(0x7f0000000080)="2e00000010008188e6b62aa73772cc9f1ba1f848480000005e140602000000000e000a000f000000028000001294", 0x2e}], 0x1}, 0x0) 31.165261034s ago: executing program 3 (id=584): sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x4000850) bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000640)=ANY=[@ANYBLOB="1ba963e886ce68"], 0x50) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000780)=@raw={'raw\x00', 0x3c1, 0x3, 0x368, 0x180, 0x940c, 0x3002, 0x180, 0x2c0, 0x298, 0x3d8, 0x3d8, 0x298, 0x3d8, 0x3, 0x0, {[{{@ipv6={@rand_addr=' \x01\x00', @private1, [0xffffff00, 0xffffff00, 0xffffffff, 0xffffff00], [0xffffffff, 0xffffffff, 0xff000000, 0xff], 'geneve0\x00', 'veth1_to_bridge\x00', {}, {0xff}, 0x84, 0x81, 0x2, 0x1d}, 0x0, 0x120, 0x180, 0x0, {}, [@common=@hl={{0x28}, {0x1, 0x7}}, @common=@inet=@multiport={{0x50}, {0x1, 0xb, [0x4e24, 0x4e22, 0x4e23, 0x4e22, 0x4e24, 0x4e24, 0x4e21, 0x4e22, 0x4e20, 0x4e20, 0x4e23, 0x4e24, 0x4e22, 0x4e22, 0x4e21], [0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x10]}}]}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv4=@broadcast, [0x0, 0xff000000, 0xffffffff, 0xff], 0x4e24, 0x4e21, 0x4e22, 0x4e21, 0xf, 0x21e8, 0x9, 0x1, 0x1}}}, {{@uncond, 0x0, 0xd0, 0x118, 0x0, {}, [@inet=@rpfilter={{0x28}, {0xe}}]}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv4=@multicast1, 'veth1_to_team\x00', {0x12}}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3c8) ioctl$BTRFS_IOC_DEFRAG(0xffffffffffffffff, 0x50009402, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$MAP_GET_NEXT_KEY(0x2, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x200000000000008b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x8) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, 0x0, 0x0, 0x2, 0x0) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB="05000000040000000800000005"], 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r4}, &(0x7f0000000000), &(0x7f0000000040)=r3}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x10, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000380)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socketpair(0x22, 0x2, 0x3, &(0x7f0000000240)) 28.784325629s ago: executing program 3 (id=587): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x13, &(0x7f0000000080)=@framed={{0x18, 0x8, 0x0, 0x0, 0xffd0, 0x0, 0x0, 0x0, 0x3}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0}, @generic={0x66, 0x8}, @initr0, @exit, @alu={0x6, 0x0, 0x3, 0xa, 0x0, 0x2, 0xffffffffffffffff}, @printk={@x, {}, {}, {}, {}, {0x5, 0x0, 0xb, 0xa}}]}, &(0x7f0000000000)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x8}, 0x94) 23.614679641s ago: executing program 3 (id=598): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, 0x0, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) bpf$MAP_GET_NEXT_KEY(0x2, 0x0, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10) r4 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0300000004000000040000000a"], 0x48) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000009c0)={0x3, 0x8, &(0x7f0000000940)=ANY=[@ANYBLOB="1809000000000000000000000000000018120000", @ANYRES32=r4, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000100000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000005c0)={{r4}, &(0x7f0000000540), &(0x7f0000000580)=r5}, 0x20) bpf$MAP_DELETE_ELEM(0x3, &(0x7f00000007c0)={r4, &(0x7f0000000780)}, 0x20) 22.115799877s ago: executing program 3 (id=600): r0 = socket$inet_smc(0x2b, 0x1, 0x0) listen(0xffffffffffffffff, 0x0) sendto$inet(r0, 0x0, 0x0, 0x200047ee, 0x0, 0x0) r1 = socket$inet_smc(0x2b, 0x1, 0x0) connect$inet(r1, 0x0, 0x0) r2 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r2, 0x6, 0x13, &(0x7f0000000040)=0x1, 0x4) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r2, 0x6, 0x14, &(0x7f0000000200)=0x1, 0x4) connect$inet(r2, 0x0, 0x0) 21.574894807s ago: executing program 3 (id=603): setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, 0x0, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010600000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240"], 0x7c}}, 0x0) socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x4e22, 0x9, @ipv4={'\x00', '\xff\xff', @remote}, 0x6}, 0x1c) connect$inet6(r1, &(0x7f0000000080)={0xa, 0x4e22, 0x7, @ipv4={'\x00', '\xff\xff', @empty}, 0x106}, 0x1c) syz_emit_ethernet(0x3a, &(0x7f0000000280)={@local, @empty, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x2, 0x3, 0x2c, 0x64, 0x0, 0x7, 0x6, 0x0, @remote, @remote}, {{0x4e22, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x6, 0x4, 0x6071, 0x0, 0xe7, {[@generic={0x8, 0x2}]}}}}}}}, 0x0) 21.229729866s ago: executing program 3 (id=604): r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x7}, 0x1c) socket$inet_mptcp(0x2, 0x1, 0x106) listen(r0, 0xfffffffc) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x24040084) r3 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r3, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000009c0)=@newlink={0x28, 0x10, 0xc362e63b3f31ba5f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x100, 0x80e1}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0) sendmsg$MPTCP_PM_CMD_DEL_ADDR(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x28, r2, 0x7, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x14, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @local}]}]}, 0x28}}, 0x0) 10.824004003s ago: executing program 4 (id=620): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, 0x0) r1 = syz_io_uring_setup(0xec5, &(0x7f00000008c0), &(0x7f0000000080)=0x0, &(0x7f0000000340)) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) io_uring_enter(r1, 0x95d, 0xfa39, 0xc1, 0x0, 0x0) io_uring_enter(r1, 0xedd, 0x8acb, 0x41, 0x0, 0x0) io_uring_enter(r1, 0x47fa, 0x0, 0x0, 0x0, 0x0) 10.602960176s ago: executing program 2 (id=621): r0 = socket$packet(0x11, 0x2, 0x300) ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f0000000540), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) r2 = socket$inet_mptcp(0x2, 0x1, 0x106) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x5) setsockopt$inet_tcp_int(r2, 0x6, 0x19, &(0x7f00000001c0)=0x1, 0x4) open$dir(&(0x7f0000000480)='./file0\x00', 0x103680, 0x20) open$dir(&(0x7f0000000140)='./file0\x00', 0x1, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0) inotify_add_watch(0xffffffffffffffff, &(0x7f00000000c0)='.\x00', 0x4000000e) ftruncate(r3, 0x2000009) mknod(&(0x7f0000000080)='./bus\x00', 0x1000, 0x0) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) tee(0xffffffffffffffff, r4, 0x3, 0x0) sendmmsg$inet(r2, &(0x7f0000004980)=[{{&(0x7f0000000000)={0x2, 0x4e24, @loopback}, 0x10, &(0x7f0000000040)=[{&(0x7f0000000340)="b9cd14c222ee3c0cb001829a8681ed391da1a71d8d", 0x63}], 0x1}}], 0x1, 0x20008000) setsockopt$inet_tcp_TLS_TX(r2, 0x6, 0x1, &(0x7f0000000080)=@ccm_128={{0x303}, "f1a0f9fff9e440b4", "881aae83544dfa6412f91b9057e3f415", "9dca43b6", "9ecb592c6ee49fbd"}, 0x28) setsockopt$packet_fanout_data(r0, 0x107, 0x16, &(0x7f0000000100)={0x0, &(0x7f0000000080)}, 0x10) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)) syz_usb_connect(0x0, 0x0, 0x0, 0x0) 9.326093333s ago: executing program 4 (id=624): setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, 0x0, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010600000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff1b0000000200000009000100"], 0x7c}}, 0x0) socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x4e22, 0x9, @ipv4={'\x00', '\xff\xff', @remote}, 0x6}, 0x1c) connect$inet6(r1, &(0x7f0000000080)={0xa, 0x4e22, 0x7, @ipv4={'\x00', '\xff\xff', @empty}, 0x106}, 0x1c) syz_emit_ethernet(0x3a, &(0x7f0000000280)={@local, @empty, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x2, 0x3, 0x2c, 0x64, 0x0, 0x7, 0x6, 0x0, @remote, @remote}, {{0x4e22, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x6, 0x4, 0x6071, 0x0, 0xe7, {[@generic={0x8, 0x2}]}}}}}}}, 0x0) 8.917952088s ago: executing program 4 (id=626): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0xfffffffc}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x64}, 0x1, 0x0, 0x0, 0x4000850}, 0x24000000) sendmsg$NFT_BATCH(r0, 0x0, 0x40) 8.366452507s ago: executing program 4 (id=627): socket$netlink(0x10, 0x3, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000001000)=ANY=[@ANYBLOB="bf16000000000000b70700000100f0ff5070000000000000300000000000c00095000000000000002ba728041598d6fbd30cb599e83d24bd8137a3aa81e0ed139a85d36bb3019d13bd2321af3c2bd67ce68f15c0ec71d0e6adfefcf1d8f7faf75e0f226bd917060000007142fa9ea4318123751c0a0e168c1886d0d4d35379bd223ec839bc16ee988e6e0dc8cedf3ceb9fbfbf9b0a49ef23d430f6296b32a83438810720a159cda90363db3d221e152dfca64057ff3c4744aeaccd3641110bec4e9027a0c8055bbfc3a96d2e8910c2c39e4babe802f5ab3e89cf6c662ed4048d3b3e22278d00031e5388ee5c867ddd58211d6ece1ccb0cd2b6d3cffd962867a3a2f624f992daa94a0c556f3218ce740068725c37074e468ee207d2f73902ebcfcf49822775985bf31b715f5888b24efa190000000000000000000000000000ddffffff730d00000000000000ddffffff0000b27cf3d1848a54d7132be1bfb0adf9deab3323aa9fdfb52faf9cb09c3bfd09000000b91ab219ef00bb7b3de8f67ffcad3f6c3c2b1f03550000000000001cf41ab11f12fb1e0a494034007de7c6592df1a6c64d8f20a67745409eaa988dbc2fee9d313d34889f40159e800ea2474b540500a30b23bcee46762e2093bcc9eae5ee3e980026c96f80ee1a00000000740750fa4d9aaa705989b8e673e3296e52d337c56abf112874ec51d6fe048ba6866adebab53168770a71ad901ace383e41d277b103923a9d961f7a2591dbe4a912ffaf6f658f3f9cd16286744f83a83f138f8f92efd92239eafcc5c1b3f97a297c9e49a0c3300ef7b7fb5f09e0c8a868a353409e34d3e82279637599f35ad3f7ffffff3cac394c7bbdcd0e0eb52162e0c410ade7a36b26a4e70f03cc4146a77af02c1d4cefd4a2b94c0aed8477dfa8ceefb467f05c6977c78cdbf37704ec73754910fe050038ec9e47de89298b7bf4d769ccc18eede0068ca1457870eb30d211e23ccc8e06dddeb61799257ab5000013c86ba9affb12ec757c7234c270246c878d01160e6c07bf6cf8809c3a0d062357ba2515567230a6f0b2ad1eb9769d74e4f1feff374211663f6b63b1dd044dd0a2768e825972fc4300001467c89fa0f82e8440105051e5510a33dcda5e4e202bd622549c4cffffff501d3a5dd7143fbf221fff161c12ca389cbe0000000000000fff75067d2a214f8c9d9b2ecf631c6c5fd9c26a54d43fa050b88d1d43a8645bd9109b7e07869bba7131421c0f397073943330baafd243c0c6ffe673bab4113be7664e08bdd7115c61afcb718cf3c4680b2f6c7a8400e378a9b15bc20f49e298727340e87cdefb40e56e9cfad9931b8c552b2c7c503f3d0e7ab0e958adb862822e40009995ae166deb9856291a43a6f7eb2e32cefbf463789eaf79b8d4c22be89f44b032dad13007b82e6044f643fc8cd07ae636a5dbe9864a117d27326850a7c3b570863f532c218b10af13d7be94987005088a83880ccab9c9920c2d2af8c5e13d52c83ac3fa7c3ae6c08384865b66d2204c2e4f3ae20bf279b512b4dcb5dd9cba16b62040bf8702ae12c77e6e34991af603e3856a346cf708feeb708ab22b560cf8a4a6f31ba6d9b8cb0908000000000000001a342c010000000000e667a7592b33406f1f71c739b55db91d2309dc7ae401005f52053a39e7307c09ff3ac3e820b01c57dd74d4aafc4c383a17bc1de5347bb71ca16dcbbbaa2935ae662082b56cf666e63a759e0ef3ea7af6881513be94b362e15ffca8ec453b3a2a67be70c17b0f9c2eac765816c30c2e7133dca1c7669522f7dff8bc57"], &(0x7f0000000140)='GPL\x00'}, 0x94) r0 = socket$kcm(0x2, 0x1, 0x0) sendmsg$inet(r0, 0x0, 0x20000811) r1 = socket$nl_route(0x10, 0x3, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r2 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r2, 0x1, 0x0, &(0x7f0000000180)='400:\x00\x8e\xf7\xd4\t\xe1\xae\x19\xe5\xf7c\x84\x9c\x06\x00\x00\x00\x11\x01\xf2 \xec\xbe#\'S\xc4\xbd\xb5\x1e\x98MM\x06\x1a\x7f5U\x18\x90\x99\xb2\xfa\')Z\x9ew\xae\xe8\xdd\b\t\xf0\xc4\xbfj\xb6\x88/)~\x93E\x1d4\xa7\xcb\xeb\x0f\xd4(\xb6>\x87\xc3\t\xb0\x80\xf7\xe6\x8b?\xa4\xb3\b\x00\x81\xbe\xea\x1f\xfe\xed\x9d\x1a\x8aQ\xafQ\x06\x0fJ\xc0\xc0=}\x7f\xaeB\xb1\xed\xa4\xf3c#\xbe\b\x1f\xa4L[\xfa\x01Uu\xe0\x8b\x94E\xda\xd9j\x93\xc8~\xd9\x82\x8f\xcam\x17\xa2\xed\xf3\xc3_h\xfc6\t\x96@\xaf\xe6\xd0!)\xc3\xcfe\xe1g\xe7\xe5F\xbdC\xd9$\x9b@\xaf\xc2j1p\xa9\xb2d\x92\x8fo\xcbg\x9fZ\xd7\xef\xb2z\xf5\x0fq\x7f\b\xc2\xa7\x90\xc5\xf5Y\xbc\xf1s\x93X\xb6\xeb\x86&\xa7\x14%B', 0x0) write$binfmt_aout(0xffffffffffffffff, 0x0, 0xfffffeb7) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r6 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) write$RDMA_USER_CM_CMD_RESOLVE_IP(r6, &(0x7f0000000180)={0x3, 0x40, 0xfa02, {{0x6000000, 0x4e23, 0x800000, @mcast1, 0xc22}, {0xa, 0x4e21, 0x7, @remote}}}, 0x48) write$RDMA_USER_CM_CMD_BIND_IP(r6, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x4, 0x16, &(0x7f0000000140)=ANY=[@ANYBLOB="61124c00000000006113500000000000bf2000000000000007000000080000002d0301000000000095000000000000006926000000000000bf67000000000000150600000fff070067060000200000006a0200000ee60000bf050000000000004e350000000000006507000002000000070700004a0000000f75000000000000bf54000000000000070400000400f9ff3d53010000000000840400000000000073720000000000009500000000000000db13d5d8b741f2cdaabc8383caf56b8c2b84a8d09535a157f9005bd38addaa65b925f1ffed25b8b9e2a095d2c51ef45c5588ec78c7f32946b17cecfe54c53ab530c58b67851b7e0e82452a083b98a6aa766401047d150203b0417edef332233b081df18961d6822d133bf72a4de1c2ea17f04537fc211576846ac629d1d93265ba4580047a9dc88de358ce795731891a2031de4e09740c64e5506f991ed4785a9773a433e0db9c1a7d4ab9d658ce9cfdb4db3bed62bcb2bc91ddcdfadfe6d4421c49fb6641cbf56914e76702f673b586c767562a90a3967093b000e3806f825f1d0da2a304e06543b56d35235d78b7a7fe912971aab876022e96f5143b6234f5a6b701690b07fb664a44e22b72e843e7cf55f394cf75d1cd3ee79a25fb98cc45b3fde43e42e150d4a2fddd9a97677400ef0bd697d135324ce480c2960344de346bd511dea4ff7a07400b2d12dd1a8c4c300aee5f948777085ca142b79dfc3aca5fadaa0532ab0572169f68584ff2ee063bc7e75ecd5cc8973464629ba236e3ff97f6033d0800000000000000cef54a60aff12590a50ef147e3e640193d00263003a4ef412420a070dd0327e47c8c7abb77b4b53874788d7e2e5d554de4713db957afb56d4673f1b904c5a317d3670003000000183fb7d36e173044f4ab34"], &(0x7f0000000100)='GPL\x00'}, 0x48) sendmsg$nl_route_sched(r1, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000480)=[{&(0x7f00000001c0)}], 0x1) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, &(0x7f0000000340)={r0}) socket$nl_generic(0x10, 0x3, 0x10) syz_open_dev$vim2m(&(0x7f0000000000), 0x7, 0x2) 8.346452575s ago: executing program 1 (id=628): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socket$nl_route(0x10, 0x3, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48) r3 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x2d) socket$inet6_tcp(0xa, 0x1, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r4, 0x0) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000048c0)={0xffffffffffffffff, &(0x7f00000047c0), &(0x7f0000004880)=@udp=r4}, 0x20) recvfrom$inet6(r4, 0x0, 0x0, 0xf2ff, 0x0, 0x0) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2d, 0x0, 0x0, 0x0}, 0x94) r6 = socket$inet6(0xa, 0x3, 0x8000000003c) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB='\v\x00\x00\x00\a\x00\x00\x00\b\x00\x00\x00\b\x00\x00\x00'], 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0}, 0x18) write$binfmt_script(r6, 0x0, 0x0) sendmsg(r6, &(0x7f00000000c0)={0x0, 0x9504, &(0x7f0000000100)=[{&(0x7f0000000000)="2b10", 0xffbd}], 0x1, 0x0, 0x0, 0x2c}, 0x4) 6.560468032s ago: executing program 4 (id=629): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, 0x0, 0x0) io_uring_enter(0xffffffffffffffff, 0x47f9, 0x0, 0x0, 0x0, 0x0) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(0xffffffffffffffff, 0x3ba0, 0x0) ioctl$IOMMU_IOAS_MAP$PAGES(0xffffffffffffffff, 0x3b85, 0x0) r2 = openat$random(0xffffffffffffff9c, &(0x7f00000003c0), 0x40202, 0x0) sendfile(r2, r2, 0x0, 0x4800000009) 5.270182995s ago: executing program 1 (id=630): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000500)={0x6, 0x0, 0x0, 0x0, 0x8000}, 0x94) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000380)={0xffffffffffffffff, 0xe0, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, &(0x7f0000000180)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0x6e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5c, 0x8, 0x0, 0x0}}, 0x10) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000480)=ANY=[@ANYBLOB="fc0000001900674c0000000000000000e0000001000000000000000000000000e000000200000000000000000000000000000000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB], 0xfc}}, 0x0) r1 = socket$kcm(0xa, 0x5, 0x0) sendmsg$kcm(r1, &(0x7f0000002dc0)={&(0x7f0000001640)=@l2tp6={0xa, 0x0, 0x2, @local, 0x3, 0x1}, 0x80, &(0x7f00000029c0)=[{&(0x7f00000016c0)="83", 0x1}], 0x65}, 0x41) 4.689944839s ago: executing program 2 (id=631): r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1ff, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r0, 0xc02064b2, &(0x7f0000000200)={0x8000, 0x2, 0x4}) r1 = syz_open_dev$dri(&(0x7f0000000000), 0x1ff, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r1, 0xc04064a0, &(0x7f0000000700)={0x0, 0x0, 0x0, 0x0}) ioctl$DRM_IOCTL_MODE_CURSOR(r0, 0xc01c64a3, &(0x7f0000000040)={0x3, 0x0, 0x10000000, 0x80000001, 0xb, 0x1fd, 0x1}) close_range(r0, 0xffffffffffffffff, 0x0) 4.617019437s ago: executing program 33 (id=604): r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x7}, 0x1c) socket$inet_mptcp(0x2, 0x1, 0x106) listen(r0, 0xfffffffc) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x24040084) r3 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r3, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000009c0)=@newlink={0x28, 0x10, 0xc362e63b3f31ba5f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x100, 0x80e1}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0) sendmsg$MPTCP_PM_CMD_DEL_ADDR(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x28, r2, 0x7, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x14, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @local}]}]}, 0x28}}, 0x0) 4.590426514s ago: executing program 1 (id=633): socket$packet(0x11, 0x2, 0x300) ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f0000000540), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = socket$inet_mptcp(0x2, 0x1, 0x106) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x5) setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f00000001c0)=0x1, 0x4) open$dir(&(0x7f0000000480)='./file0\x00', 0x103680, 0x20) open$dir(&(0x7f0000000140)='./file0\x00', 0x1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0) inotify_add_watch(0xffffffffffffffff, &(0x7f00000000c0)='.\x00', 0x4000000e) ftruncate(r2, 0x2000009) mknod(&(0x7f0000000080)='./bus\x00', 0x1000, 0x0) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x0) tee(0xffffffffffffffff, r3, 0x3, 0x0) bind$inet(r1, &(0x7f0000000100)={0x2, 0x4e24, @loopback}, 0x10) sendmmsg$inet(r1, &(0x7f0000004980)=[{{&(0x7f0000000000)={0x2, 0x4e24, @loopback}, 0x10, &(0x7f0000000040)=[{&(0x7f0000000340)="b9cd14c222ee3c0cb001829a8681ed391da1a71d8d", 0x63}], 0x1}}], 0x1, 0x20008000) 4.287391645s ago: executing program 2 (id=634): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, 0x0) r1 = syz_io_uring_setup(0xec5, &(0x7f00000008c0), &(0x7f0000000080)=0x0, &(0x7f0000000340)) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) io_uring_enter(r1, 0x95d, 0xfa39, 0xc1, 0x0, 0x0) io_uring_enter(r1, 0xedd, 0x8acb, 0x41, 0x0, 0x0) io_uring_enter(r1, 0x47fa, 0x0, 0x0, 0x0, 0x0) 2.36780189s ago: executing program 2 (id=635): setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, 0x0, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010600000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff1b0000000200000009000100"], 0x7c}}, 0x0) socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x4e22, 0x9, @ipv4={'\x00', '\xff\xff', @remote}, 0x6}, 0x1c) connect$inet6(r1, &(0x7f0000000080)={0xa, 0x4e22, 0x7, @ipv4={'\x00', '\xff\xff', @empty}, 0x106}, 0x1c) syz_emit_ethernet(0x3a, &(0x7f0000000280)={@local, @empty, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x2, 0x3, 0x2c, 0x64, 0x0, 0x7, 0x6, 0x0, @remote, @remote}, {{0x4e22, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x6, 0x4, 0x6071, 0x0, 0xe7, {[@generic={0x8, 0x2}]}}}}}}}, 0x0) 2.08876804s ago: executing program 1 (id=636): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0xfffffffc}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x64}, 0x1, 0x0, 0x0, 0x4000850}, 0x24000000) sendmsg$NFT_BATCH(r0, 0x0, 0x40) 1.871522091s ago: executing program 2 (id=637): sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f00000005c0)=ANY=[@ANYBLOB="14000000100001ff00000000000000000000000a2c000000050a01020000000000000000020000000900030073797a32000000000900010073797a300000000014000000020a031747d2140000000000000000"], 0x68}, 0x1, 0x0, 0x0, 0x4006000}, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000540)=ANY=[@ANYBLOB="14000000100001000b000000000000000000000a20000000000a0300000000f5ffffff00010000000900010073797a300000000044000000090a010400000000000000000100000008000a40000000000900020073797a32000000000900010073797a3000000000080005400000001f08000340000000045c0000000c0a01020000000000000000010000000900020073797a32000000000900010073797a3000000000300003802c000080280001802300"], 0xe8}}, 0x0) sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000600)={0x18, 0x0, 0x1, 0x401, 0x0, 0x0, {0xa}, [@CTA_TUPLE_ORIG={0x4}]}, 0x18}}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000540)=ANY=[], 0xe8}}, 0x8040) 1.55868894s ago: executing program 4 (id=638): socket$packet(0x11, 0x3, 0x300) socket(0x400000000010, 0x3, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) ioctl$VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, 0x0) r2 = io_uring_setup(0x54a0, &(0x7f0000000000)={0x0, 0x70e6, 0x2, 0x2, 0xf2}) io_uring_register$IORING_UNREGISTER_IOWQ_AFF(r2, 0x12, 0x0, 0x0) io_uring_register$IORING_REGISTER_IOWQ_MAX_WORKERS(r2, 0x13, &(0x7f0000000400)=[0xe758, 0x8], 0x2) r3 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_TIMER_IOCTL_NEXT_DEVICE(r3, 0xc0145401, &(0x7f0000000040)={0x3, 0x0, 0xfffffffc, 0x0, 0x7ffffefe}) 1.454107594s ago: executing program 1 (id=639): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socket$nl_route(0x10, 0x3, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48) r3 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x2d) socket$inet6_tcp(0xa, 0x1, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="12000000040000000400000012"], 0x48) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000048c0)={r5, &(0x7f00000047c0), &(0x7f0000004880)=@udp=r4}, 0x20) recvfrom$inet6(r4, 0x0, 0x0, 0xf2ff, 0x0, 0x0) r6 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2d, 0x0, 0x0, 0x0}, 0x94) r7 = socket$inet6(0xa, 0x3, 0x8000000003c) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB='\v\x00\x00\x00\a\x00\x00\x00\b\x00\x00\x00\b\x00\x00\x00'], 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0}, 0x18) write$binfmt_script(r7, 0x0, 0x0) sendmsg(r7, &(0x7f00000000c0)={0x0, 0x9504, &(0x7f0000000100)=[{&(0x7f0000000000)="2b10", 0xffbd}], 0x1, 0x0, 0x0, 0x2c}, 0x4) 688.781104ms ago: executing program 2 (id=640): r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x7}, 0x1c) socket$inet_mptcp(0x2, 0x1, 0x106) listen(r0, 0xfffffffc) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x24040084) r3 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r3, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) socket$nl_route(0x10, 0x3, 0x0) sendmsg$MPTCP_PM_CMD_DEL_ADDR(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x28, r2, 0x7, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x14, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @local}]}]}, 0x28}}, 0x0) 0s ago: executing program 1 (id=641): socket$packet(0x11, 0x3, 0x300) socket(0x400000000010, 0x3, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) ioctl$VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, 0x0) r2 = io_uring_setup(0x54a0, &(0x7f0000000000)={0x0, 0x70e6, 0x2, 0x2, 0xf2}) io_uring_register$IORING_UNREGISTER_IOWQ_AFF(r2, 0x12, 0x0, 0x0) io_uring_register$IORING_REGISTER_IOWQ_MAX_WORKERS(r2, 0x13, &(0x7f0000000400)=[0xe758, 0x8], 0x2) r3 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_TIMER_IOCTL_NEXT_DEVICE(r3, 0xc0145401, &(0x7f0000000040)={0x3, 0x0, 0xfffffffc, 0x0, 0x7ffffefe}) kernel console output (not intermixed with test programs): [ 93.102481][ T31] cfg80211: failed to load regulatory.db Warning: Permanently added '10.128.0.2' (ED25519) to the list of known hosts. [ 96.284094][ T5826] cgroup: Unknown subsys name 'net' [ 96.564827][ T5826] cgroup: Unknown subsys name 'cpuset' [ 96.608405][ T5826] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 98.751144][ T5826] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 102.044898][ T5854] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 102.046873][ T5856] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 102.049701][ T5854] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 102.050979][ T5854] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 102.055284][ T5854] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 102.059626][ T5854] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 102.060896][ T5854] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 102.063983][ T5854] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 102.071585][ T5854] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 102.073245][ T5856] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 102.078295][ T5854] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 102.081911][ T5856] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 102.084370][ T5858] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 102.085483][ T5858] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 102.128291][ T5858] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 102.142484][ T5854] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 102.144456][ T5854] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 102.152270][ T5847] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 102.152984][ T5858] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 102.159218][ T5856] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 102.166644][ T5854] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 102.176579][ T5847] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 102.198050][ T5847] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 102.270374][ T5847] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 102.294946][ T59] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 103.161764][ T5844] chnl_net:caif_netlink_parms(): no params data found [ 103.234778][ T5842] chnl_net:caif_netlink_parms(): no params data found [ 103.692492][ T5843] chnl_net:caif_netlink_parms(): no params data found [ 103.710521][ T5841] chnl_net:caif_netlink_parms(): no params data found [ 104.219679][ T5847] Bluetooth: hci3: command tx timeout [ 104.229560][ T5847] Bluetooth: hci1: command tx timeout [ 104.279754][ T5844] bridge0: port 1(bridge_slave_0) entered blocking state [ 104.281344][ T5844] bridge0: port 1(bridge_slave_0) entered disabled state [ 104.281821][ T5844] bridge_slave_0: entered allmulticast mode [ 104.283922][ T5844] bridge_slave_0: entered promiscuous mode [ 104.294061][ T5845] chnl_net:caif_netlink_parms(): no params data found [ 104.377865][ T5847] Bluetooth: hci4: command tx timeout [ 104.379167][ T5853] Bluetooth: hci0: command tx timeout [ 104.390659][ T5853] Bluetooth: hci2: command tx timeout [ 104.433263][ T5844] bridge0: port 2(bridge_slave_1) entered blocking state [ 104.433406][ T5844] bridge0: port 2(bridge_slave_1) entered disabled state [ 104.433602][ T5844] bridge_slave_1: entered allmulticast mode [ 104.435395][ T5844] bridge_slave_1: entered promiscuous mode [ 104.454552][ T5842] bridge0: port 1(bridge_slave_0) entered blocking state [ 104.454798][ T5842] bridge0: port 1(bridge_slave_0) entered disabled state [ 104.455406][ T5842] bridge_slave_0: entered allmulticast mode [ 104.459936][ T5842] bridge_slave_0: entered promiscuous mode [ 104.595700][ T5842] bridge0: port 2(bridge_slave_1) entered blocking state [ 104.595793][ T5842] bridge0: port 2(bridge_slave_1) entered disabled state [ 104.595915][ T5842] bridge_slave_1: entered allmulticast mode [ 104.598895][ T5842] bridge_slave_1: entered promiscuous mode [ 104.963679][ T5844] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 105.194502][ T5844] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 105.218301][ T5842] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 105.220053][ T5843] bridge0: port 1(bridge_slave_0) entered blocking state [ 105.220217][ T5843] bridge0: port 1(bridge_slave_0) entered disabled state [ 105.220435][ T5843] bridge_slave_0: entered allmulticast mode [ 105.223631][ T5843] bridge_slave_0: entered promiscuous mode [ 105.233613][ T5841] bridge0: port 1(bridge_slave_0) entered blocking state [ 105.233768][ T5841] bridge0: port 1(bridge_slave_0) entered disabled state [ 105.236333][ T5841] bridge_slave_0: entered allmulticast mode [ 105.246891][ T5841] bridge_slave_0: entered promiscuous mode [ 105.393583][ T5842] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 105.395460][ T5843] bridge0: port 2(bridge_slave_1) entered blocking state [ 105.395658][ T5843] bridge0: port 2(bridge_slave_1) entered disabled state [ 105.395888][ T5843] bridge_slave_1: entered allmulticast mode [ 105.403577][ T5843] bridge_slave_1: entered promiscuous mode [ 105.406895][ T5841] bridge0: port 2(bridge_slave_1) entered blocking state [ 105.407035][ T5841] bridge0: port 2(bridge_slave_1) entered disabled state [ 105.407844][ T5841] bridge_slave_1: entered allmulticast mode [ 105.411087][ T5841] bridge_slave_1: entered promiscuous mode [ 105.982626][ T5844] team0: Port device team_slave_0 added [ 106.263603][ T5844] team0: Port device team_slave_1 added [ 106.273446][ T5845] bridge0: port 1(bridge_slave_0) entered blocking state [ 106.273558][ T5845] bridge0: port 1(bridge_slave_0) entered disabled state [ 106.273757][ T5845] bridge_slave_0: entered allmulticast mode [ 106.275622][ T5845] bridge_slave_0: entered promiscuous mode [ 106.296193][ T5842] team0: Port device team_slave_0 added [ 106.297605][ T5853] Bluetooth: hci3: command tx timeout [ 106.297643][ T5853] Bluetooth: hci1: command tx timeout [ 106.301986][ T5843] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 106.320671][ T5841] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 106.420976][ T5845] bridge0: port 2(bridge_slave_1) entered blocking state [ 106.421128][ T5845] bridge0: port 2(bridge_slave_1) entered disabled state [ 106.421290][ T5845] bridge_slave_1: entered allmulticast mode [ 106.423097][ T5845] bridge_slave_1: entered promiscuous mode [ 106.426519][ T5843] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 106.429841][ T5842] team0: Port device team_slave_1 added [ 106.433706][ T5841] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 106.457610][ T5847] Bluetooth: hci2: command tx timeout [ 106.457649][ T5847] Bluetooth: hci4: command tx timeout [ 106.467581][ T5853] Bluetooth: hci0: command tx timeout [ 107.038220][ T5844] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 107.038235][ T5844] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 107.038250][ T5844] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 107.374534][ T5844] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 107.374556][ T5844] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 107.374583][ T5844] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 107.397291][ T5845] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 107.407125][ T5843] team0: Port device team_slave_0 added [ 107.421448][ T5842] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 107.421468][ T5842] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 107.421491][ T5842] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 107.430313][ T5841] team0: Port device team_slave_0 added [ 107.471135][ T5845] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 107.477165][ T5843] team0: Port device team_slave_1 added [ 107.483261][ T5842] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 107.483279][ T5842] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 107.483302][ T5842] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 107.486188][ T5841] team0: Port device team_slave_1 added [ 108.086635][ T5845] team0: Port device team_slave_0 added [ 108.190033][ T5843] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 108.190055][ T5843] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 108.190081][ T5843] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 108.292069][ T5841] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 108.292091][ T5841] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 108.292119][ T5841] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 108.303673][ T5845] team0: Port device team_slave_1 added [ 108.306270][ T5843] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 108.306286][ T5843] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 108.306311][ T5843] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 108.322339][ T5844] hsr_slave_0: entered promiscuous mode [ 108.326116][ T5844] hsr_slave_1: entered promiscuous mode [ 108.377589][ T5853] Bluetooth: hci1: command tx timeout [ 108.377635][ T5853] Bluetooth: hci3: command tx timeout [ 108.415655][ T5841] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 108.415676][ T5841] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 108.415701][ T5841] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 108.539114][ T5847] Bluetooth: hci0: command tx timeout [ 108.539161][ T5847] Bluetooth: hci4: command tx timeout [ 108.539187][ T5847] Bluetooth: hci2: command tx timeout [ 108.727141][ T5842] hsr_slave_0: entered promiscuous mode [ 108.729287][ T5842] hsr_slave_1: entered promiscuous mode [ 108.730410][ T5842] debugfs: 'hsr0' already exists in 'hsr' [ 108.730518][ T5842] Cannot create hsr debugfs directory [ 108.739230][ T5845] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 108.739249][ T5845] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 108.739273][ T5845] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 108.874995][ T5845] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 108.875018][ T5845] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 108.875046][ T5845] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 109.424237][ T5843] hsr_slave_0: entered promiscuous mode [ 109.425246][ T5843] hsr_slave_1: entered promiscuous mode [ 109.425901][ T5843] debugfs: 'hsr0' already exists in 'hsr' [ 109.425926][ T5843] Cannot create hsr debugfs directory [ 109.485289][ T5841] hsr_slave_0: entered promiscuous mode [ 109.486224][ T5841] hsr_slave_1: entered promiscuous mode [ 109.486876][ T5841] debugfs: 'hsr0' already exists in 'hsr' [ 109.486902][ T5841] Cannot create hsr debugfs directory [ 109.892405][ T5845] hsr_slave_0: entered promiscuous mode [ 109.894142][ T5845] hsr_slave_1: entered promiscuous mode [ 109.895287][ T5845] debugfs: 'hsr0' already exists in 'hsr' [ 109.895316][ T5845] Cannot create hsr debugfs directory [ 110.460299][ T5853] Bluetooth: hci3: command tx timeout [ 110.460342][ T5853] Bluetooth: hci1: command tx timeout [ 110.617903][ T5847] Bluetooth: hci2: command tx timeout [ 110.617948][ T5847] Bluetooth: hci4: command tx timeout [ 110.617974][ T5847] Bluetooth: hci0: command tx timeout [ 111.409956][ T5844] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 111.488396][ T5844] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 111.536600][ T5844] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 111.586442][ T5844] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 111.731373][ T5843] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 111.771578][ T5843] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 111.815517][ T5843] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 111.876246][ T5843] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 112.055219][ T5841] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 112.121402][ T5841] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 112.158585][ T5841] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 112.214366][ T5841] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 112.430735][ T5842] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 112.490812][ T5842] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 112.548743][ T5842] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 112.622505][ T5842] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 112.774788][ T5844] 8021q: adding VLAN 0 to HW filter on device bond0 [ 112.869809][ T5845] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 112.926765][ T5845] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 112.981977][ T5845] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 113.043747][ T5845] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 113.134216][ T5844] 8021q: adding VLAN 0 to HW filter on device team0 [ 113.205636][ T69] bridge0: port 1(bridge_slave_0) entered blocking state [ 113.206261][ T69] bridge0: port 1(bridge_slave_0) entered forwarding state [ 113.262838][ T67] bridge0: port 2(bridge_slave_1) entered blocking state [ 113.263020][ T67] bridge0: port 2(bridge_slave_1) entered forwarding state [ 113.308471][ T5843] 8021q: adding VLAN 0 to HW filter on device bond0 [ 113.475635][ T5843] 8021q: adding VLAN 0 to HW filter on device team0 [ 113.532743][ T5841] 8021q: adding VLAN 0 to HW filter on device bond0 [ 113.576326][ T67] bridge0: port 1(bridge_slave_0) entered blocking state [ 113.576533][ T67] bridge0: port 1(bridge_slave_0) entered forwarding state [ 113.655623][ T67] bridge0: port 2(bridge_slave_1) entered blocking state [ 113.655753][ T67] bridge0: port 2(bridge_slave_1) entered forwarding state [ 113.712944][ T5841] 8021q: adding VLAN 0 to HW filter on device team0 [ 113.804442][ T69] bridge0: port 1(bridge_slave_0) entered blocking state [ 113.804619][ T69] bridge0: port 1(bridge_slave_0) entered forwarding state [ 113.816826][ T5842] 8021q: adding VLAN 0 to HW filter on device bond0 [ 113.912920][ T57] bridge0: port 2(bridge_slave_1) entered blocking state [ 113.913272][ T57] bridge0: port 2(bridge_slave_1) entered forwarding state [ 114.100731][ T5842] 8021q: adding VLAN 0 to HW filter on device team0 [ 114.123896][ T5845] 8021q: adding VLAN 0 to HW filter on device bond0 [ 114.183981][ T1119] bridge0: port 1(bridge_slave_0) entered blocking state [ 114.184353][ T1119] bridge0: port 1(bridge_slave_0) entered forwarding state [ 114.270570][ T1183] bridge0: port 2(bridge_slave_1) entered blocking state [ 114.270830][ T1183] bridge0: port 2(bridge_slave_1) entered forwarding state [ 114.357215][ T5845] 8021q: adding VLAN 0 to HW filter on device team0 [ 114.416790][ T5844] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 114.456392][ T57] bridge0: port 1(bridge_slave_0) entered blocking state [ 114.456740][ T57] bridge0: port 1(bridge_slave_0) entered forwarding state [ 114.541754][ T57] bridge0: port 2(bridge_slave_1) entered blocking state [ 114.542411][ T57] bridge0: port 2(bridge_slave_1) entered forwarding state [ 115.009681][ T5844] veth0_vlan: entered promiscuous mode [ 115.058066][ T5843] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 115.112631][ T5844] veth1_vlan: entered promiscuous mode [ 115.332922][ T5841] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 115.474864][ T5844] veth0_macvtap: entered promiscuous mode [ 115.562185][ T5844] veth1_macvtap: entered promiscuous mode [ 115.605717][ T5843] veth0_vlan: entered promiscuous mode [ 115.637138][ T5842] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 115.733585][ T5844] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 115.742703][ T5843] veth1_vlan: entered promiscuous mode [ 115.791352][ T5845] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 115.800013][ T5844] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 115.875316][ T69] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 115.901991][ T69] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 115.907615][ T69] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 115.917359][ T5841] veth0_vlan: entered promiscuous mode [ 115.923861][ T69] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 116.109277][ T5841] veth1_vlan: entered promiscuous mode [ 116.322817][ T5843] veth0_macvtap: entered promiscuous mode [ 116.391761][ T5843] veth1_macvtap: entered promiscuous mode [ 116.496722][ T5845] veth0_vlan: entered promiscuous mode [ 116.545392][ T69] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 116.545420][ T69] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 116.599477][ T5843] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 116.603543][ T5841] veth0_macvtap: entered promiscuous mode [ 116.636422][ T5845] veth1_vlan: entered promiscuous mode [ 116.680695][ T5843] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 116.707334][ T5841] veth1_macvtap: entered promiscuous mode [ 116.732955][ T3643] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 116.732983][ T3643] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 116.768801][ T67] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 116.777207][ T67] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 116.817675][ T67] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 116.860319][ T67] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 116.885958][ T5842] veth0_vlan: entered promiscuous mode [ 116.964211][ T5841] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 117.086678][ T5841] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 117.090936][ T5842] veth1_vlan: entered promiscuous mode [ 117.216091][ T5845] veth0_macvtap: entered promiscuous mode [ 117.286016][ T69] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 117.312283][ T69] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 117.313194][ T5845] veth1_macvtap: entered promiscuous mode [ 117.338960][ T69] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 117.389622][ T69] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 118.608968][ T37] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 118.608997][ T37] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 118.799939][ T5845] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 118.923909][ T3605] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 118.923938][ T3605] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 118.931106][ T5845] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 118.951146][ T5842] veth0_macvtap: entered promiscuous mode [ 119.045345][ T1183] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 119.050391][ T5842] veth1_macvtap: entered promiscuous mode [ 119.052486][ T1183] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 119.054449][ T1183] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 119.059846][ T1183] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 119.115384][ T1183] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 119.115411][ T1183] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 119.436372][ T5842] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 119.527610][ T3605] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 119.527641][ T3605] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 119.624270][ T5842] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 119.732723][ T1183] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 119.761199][ T1183] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 119.805166][ T67] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 119.815377][ T67] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 119.972805][ T5930] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 120.046913][ T88] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 120.046943][ T88] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 120.168080][ T5930] usb 2-1: Using ep0 maxpacket: 16 [ 120.267415][ T5930] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 120.267457][ T5930] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 120.267483][ T5930] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 120.267537][ T5930] usb 2-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 120.267573][ T5930] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 120.396763][ T5930] usb 2-1: config 0 descriptor?? [ 122.076500][ T1119] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 122.076528][ T1119] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 122.142306][ T5930] microsoft 0003:045E:07DA.0001: unknown main item tag 0x0 [ 122.142363][ T5930] microsoft 0003:045E:07DA.0001: unknown main item tag 0x0 [ 122.142390][ T5930] microsoft 0003:045E:07DA.0001: unknown main item tag 0x0 [ 122.142417][ T5930] microsoft 0003:045E:07DA.0001: unknown main item tag 0x0 [ 122.142444][ T5930] microsoft 0003:045E:07DA.0001: unknown main item tag 0x0 [ 122.142470][ T5930] microsoft 0003:045E:07DA.0001: unknown main item tag 0x0 [ 122.142496][ T5930] microsoft 0003:045E:07DA.0001: unknown main item tag 0x0 [ 122.142533][ T5930] microsoft 0003:045E:07DA.0001: unknown main item tag 0x0 [ 122.142558][ T5930] microsoft 0003:045E:07DA.0001: unknown main item tag 0x0 [ 122.142583][ T5930] microsoft 0003:045E:07DA.0001: unknown main item tag 0x0 [ 122.492483][ T5930] input: HID 045e:07da as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:045E:07DA.0001/input/input5 [ 123.791988][ T3605] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 123.792019][ T3605] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 123.988037][ T5930] microsoft 0003:045E:07DA.0001: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.1-1/input0 [ 124.204582][ T5984] netlink: 56 bytes leftover after parsing attributes in process `syz.3.9'. [ 124.229887][ T5930] usb 2-1: USB disconnect, device number 2 [ 124.230835][ T88] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 124.230857][ T88] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 124.303831][ T5984] netlink: 56 bytes leftover after parsing attributes in process `syz.3.9'. [ 124.350294][ T5984] netlink: 56 bytes leftover after parsing attributes in process `syz.3.9'. [ 124.981143][ T5989] fido_id[5989]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/2-1/report_descriptor': No such file or directory [ 125.867626][ T5221] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 126.990910][ T6006] syz.1.14 (6006) used greatest stack depth: 17800 bytes left [ 127.276774][ T5221] usb 4-1: Using ep0 maxpacket: 16 [ 127.290661][ T5221] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 127.290701][ T5221] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 127.290724][ T5221] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 127.290770][ T5221] usb 4-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 127.290792][ T5221] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 127.777042][ T5221] usb 4-1: config 0 descriptor?? [ 128.857207][ T5221] usbhid 4-1:0.0: can't add hid device: -71 [ 128.857786][ T5221] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 129.057231][ T5221] usb 4-1: USB disconnect, device number 2 [ 129.178702][ T38] audit: type=1326 audit(1756108652.778:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6020 comm="syz.3.19" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe0b3f6ebe9 code=0x7ffc0000 [ 129.178770][ T38] audit: type=1326 audit(1756108652.798:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6020 comm="syz.3.19" exe="/root/syz-executor" sig=0 arch=c000003e syscall=109 compat=0 ip=0x7fe0b3f6ebe9 code=0x7ffc0000 [ 129.178811][ T38] audit: type=1326 audit(1756108652.798:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6020 comm="syz.3.19" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe0b3f6ebe9 code=0x7ffc0000 [ 129.178850][ T38] audit: type=1326 audit(1756108652.798:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6020 comm="syz.3.19" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe0b3f6ebe9 code=0x7ffc0000 [ 129.178888][ T38] audit: type=1326 audit(1756108652.798:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6020 comm="syz.3.19" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe0b3f6ebe9 code=0x7ffc0000 [ 129.223097][ T38] audit: type=1326 audit(1756108652.828:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6020 comm="syz.3.19" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe0b3f6ebe9 code=0x7ffc0000 [ 129.411078][ T38] audit: type=1326 audit(1756108652.868:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6020 comm="syz.3.19" exe="/root/syz-executor" sig=0 arch=c000003e syscall=302 compat=0 ip=0x7fe0b3f6ebe9 code=0x7ffc0000 [ 129.411152][ T38] audit: type=1326 audit(1756108652.868:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6020 comm="syz.3.19" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe0b3f6ebe9 code=0x7ffc0000 [ 129.411199][ T38] audit: type=1326 audit(1756108652.868:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6020 comm="syz.3.19" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe0b3f6ebe9 code=0x7ffc0000 [ 129.411245][ T38] audit: type=1326 audit(1756108652.868:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6020 comm="syz.3.19" exe="/root/syz-executor" sig=0 arch=c000003e syscall=144 compat=0 ip=0x7fe0b3f6ebe9 code=0x7ffc0000 [ 131.301485][ T6038] netlink: 'syz.0.21': attribute type 10 has an invalid length. [ 132.697736][ T991] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 132.884460][ T991] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 132.884497][ T991] usb 5-1: config 0 has no interfaces? [ 132.888177][ T991] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 132.888204][ T991] usb 5-1: config 0 has no interfaces? [ 132.941040][ T991] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 132.941075][ T991] usb 5-1: config 0 has no interfaces? [ 132.999431][ T991] usb 5-1: New USB device found, idVendor=0fe9, idProduct=db55, bcdDevice=69.fb [ 132.999469][ T991] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=201 [ 132.999492][ T991] usb 5-1: Product: syz [ 132.999508][ T991] usb 5-1: Manufacturer: syz [ 132.999523][ T991] usb 5-1: SerialNumber: syz [ 133.164542][ T991] usb 5-1: config 0 descriptor?? [ 135.025439][ T6038] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 135.031660][ T6055] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -12 [ 135.031711][ T6055] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -12 [ 135.031732][ T6055] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db [ 135.069068][ T6060] netlink: 'syz.3.26': attribute type 20 has an invalid length. [ 135.069101][ T6060] IPv6: NLM_F_CREATE should be specified when creating new route [ 135.069876][ T6060] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 135.069894][ T6060] IPv6: NLM_F_CREATE should be set when creating new route [ 135.156765][ T6038] syz.0.21 (6038) used greatest stack depth: 16440 bytes left [ 135.418939][ T5221] usb 5-1: USB disconnect, device number 2 [ 135.966670][ T6079] netlink: 'syz.2.30': attribute type 10 has an invalid length. [ 136.400447][ T5930] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 136.604273][ T6088] netlink: 4 bytes leftover after parsing attributes in process `syz.4.33'. [ 136.619008][ T5930] usb 4-1: Using ep0 maxpacket: 16 [ 136.659576][ T5930] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 136.659619][ T5930] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 136.659645][ T5930] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 136.659701][ T5930] usb 4-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 136.659725][ T5930] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 136.759024][ T5930] usb 4-1: config 0 descriptor?? [ 136.961422][ T6079] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 137.237675][ T5930] hid_parser_main: 5 callbacks suppressed [ 137.237706][ T5930] microsoft 0003:045E:07DA.0002: unknown main item tag 0x0 [ 137.237734][ T5930] microsoft 0003:045E:07DA.0002: unknown main item tag 0x0 [ 137.237756][ T5930] microsoft 0003:045E:07DA.0002: unknown main item tag 0x0 [ 137.237780][ T5930] microsoft 0003:045E:07DA.0002: unknown main item tag 0x0 [ 137.237803][ T5930] microsoft 0003:045E:07DA.0002: unknown main item tag 0x0 [ 137.237825][ T5930] microsoft 0003:045E:07DA.0002: unknown main item tag 0x0 [ 137.237848][ T5930] microsoft 0003:045E:07DA.0002: unknown main item tag 0x0 [ 137.237870][ T5930] microsoft 0003:045E:07DA.0002: unknown main item tag 0x0 [ 137.237893][ T5930] microsoft 0003:045E:07DA.0002: unknown main item tag 0x0 [ 137.237917][ T5930] microsoft 0003:045E:07DA.0002: unknown main item tag 0x0 [ 137.325353][ T6092] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 137.543544][ T5930] input: HID 045e:07da as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:045E:07DA.0002/input/input6 [ 137.553762][ T5930] microsoft 0003:045E:07DA.0002: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.3-1/input0 [ 137.626972][ T5930] usb 4-1: USB disconnect, device number 3 [ 138.003164][ T6098] fido_id[6098]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/4-1/report_descriptor': No such file or directory [ 139.315395][ T1323] ieee802154 phy0 wpan0: encryption failed: -22 [ 139.315523][ T1323] ieee802154 phy1 wpan1: encryption failed: -22 [ 140.628330][ T6130] program syz.4.44 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 140.970053][ T6136] netlink: 'syz.3.46': attribute type 10 has an invalid length. [ 143.847354][ T6136] bond0: (slave wlan1): Opening slave failed [ 150.174409][ C1] vkms_vblank_simulate: vblank timer overrun [ 150.711225][ C1] vkms_vblank_simulate: vblank timer overrun [ 151.100209][ C1] vkms_vblank_simulate: vblank timer overrun [ 151.531200][ C1] vkms_vblank_simulate: vblank timer overrun [ 151.732456][ C1] vkms_vblank_simulate: vblank timer overrun [ 152.551116][ C1] vkms_vblank_simulate: vblank timer overrun [ 152.665129][ T5847] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 152.977322][ C1] vkms_vblank_simulate: vblank timer overrun [ 152.991848][ T5847] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 153.021054][ T5847] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 153.130375][ C1] vkms_vblank_simulate: vblank timer overrun [ 153.583733][ C1] vkms_vblank_simulate: vblank timer overrun [ 153.808589][ C1] vkms_vblank_simulate: vblank timer overrun [ 153.868823][ T5847] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 153.873458][ T5847] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 155.990850][ T5847] Bluetooth: hci5: command tx timeout [ 158.062398][ T5847] Bluetooth: hci5: command tx timeout [ 158.628038][ C0] vkms_vblank_simulate: vblank timer overrun [ 159.190939][ C0] vkms_vblank_simulate: vblank timer overrun [ 160.148690][ T5847] Bluetooth: hci5: command tx timeout [ 160.290097][ C0] vkms_vblank_simulate: vblank timer overrun [ 160.427191][ C0] vkms_vblank_simulate: vblank timer overrun [ 160.508237][ C0] vkms_vblank_simulate: vblank timer overrun [ 160.529423][ C0] vkms_vblank_simulate: vblank timer overrun [ 160.729628][ C0] vkms_vblank_simulate: vblank timer overrun [ 161.381481][ C0] vkms_vblank_simulate: vblank timer overrun [ 162.474765][ T5847] Bluetooth: hci5: command tx timeout [ 163.459986][ T6297] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -12 [ 163.460040][ T6297] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -12 [ 163.460062][ T6297] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db [ 164.416295][ T3643] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 165.350411][ T3643] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 165.586515][ T6190] chnl_net:caif_netlink_parms(): no params data found [ 166.204849][ T3643] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 166.397455][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 167.750361][ T3643] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 169.764671][ C0] vkms_vblank_simulate: vblank timer overrun [ 170.268596][ T6190] bridge0: port 1(bridge_slave_0) entered blocking state [ 170.268766][ T6190] bridge0: port 1(bridge_slave_0) entered disabled state [ 170.269096][ T6190] bridge_slave_0: entered allmulticast mode [ 170.344133][ T6190] bridge_slave_0: entered promiscuous mode [ 170.374319][ T6190] bridge0: port 2(bridge_slave_1) entered blocking state [ 170.374514][ T6190] bridge0: port 2(bridge_slave_1) entered disabled state [ 170.374845][ T6190] bridge_slave_1: entered allmulticast mode [ 170.419184][ T6190] bridge_slave_1: entered promiscuous mode [ 170.767458][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 170.985037][ C0] vkms_vblank_simulate: vblank timer overrun [ 171.563852][ C0] vkms_vblank_simulate: vblank timer overrun [ 172.145265][ C0] vkms_vblank_simulate: vblank timer overrun [ 172.381169][ T6401] program syz.4.108 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 172.711617][ T6190] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 172.762538][ T6190] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 173.069331][ T6409] (unnamed net_device) (uninitialized): up delay (2890) is not a multiple of miimon (100), value rounded to 2800 ms [ 173.343101][ T6415] netlink: 4 bytes leftover after parsing attributes in process `syz.4.114'. [ 173.765569][ C0] vkms_vblank_simulate: vblank timer overrun [ 174.372130][ C0] vkms_vblank_simulate: vblank timer overrun [ 174.553164][ T6190] team0: Port device team_slave_0 added [ 174.592359][ T6190] team0: Port device team_slave_1 added [ 174.946541][ C0] vkms_vblank_simulate: vblank timer overrun [ 175.970677][ C0] vkms_vblank_simulate: vblank timer overrun [ 176.186938][ T3643] bridge_slave_1: left allmulticast mode [ 176.211783][ T3643] bridge_slave_1: left promiscuous mode [ 176.220473][ T3643] bridge0: port 2(bridge_slave_1) entered disabled state [ 176.370946][ T6434] program syz.4.120 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 176.477109][ T3643] bridge_slave_0: left allmulticast mode [ 176.477153][ T3643] bridge_slave_0: left promiscuous mode [ 176.487802][ T3643] bridge0: port 1(bridge_slave_0) entered disabled state [ 177.471934][ C0] vkms_vblank_simulate: vblank timer overrun [ 178.663084][ C0] vkms_vblank_simulate: vblank timer overrun [ 179.454344][ T6452] netlink: 28 bytes leftover after parsing attributes in process `syz.1.128'. [ 179.484566][ T6452] netlink: 28 bytes leftover after parsing attributes in process `syz.1.128'. [ 179.728979][ C0] vkms_vblank_simulate: vblank timer overrun [ 179.809771][ T5908] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 179.977583][ T5908] usb 4-1: Using ep0 maxpacket: 16 [ 180.013295][ T5908] usb 4-1: New USB device found, idVendor=061d, idProduct=c020, bcdDevice=9c.15 [ 180.013333][ T5908] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 180.013355][ T5908] usb 4-1: Product: syz [ 180.013374][ T5908] usb 4-1: Manufacturer: syz [ 180.013389][ T5908] usb 4-1: SerialNumber: syz [ 180.059547][ T5908] usb 4-1: config 0 descriptor?? [ 180.092902][ T5908] ssu100 4-1:0.0: Quatech SSU-100 USB to Serial Driver converter detected [ 180.300267][ T5908] ssu100 4-1:0.0: probe with driver ssu100 failed with error -71 [ 180.333731][ T5908] usb 4-1: USB disconnect, device number 4 [ 181.074123][ T6468] program syz.3.132 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 181.829420][ C0] vkms_vblank_simulate: vblank timer overrun [ 182.062049][ T5922] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 182.267762][ T5922] usb 4-1: Using ep0 maxpacket: 16 [ 182.299298][ T5922] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 182.299340][ T5922] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 182.299364][ T5922] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 182.299413][ T5922] usb 4-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 182.299439][ T5922] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 182.325418][ T5922] usb 4-1: config 0 descriptor?? [ 182.510874][ T3643] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 182.591713][ T3643] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 182.690205][ T3643] bond0 (unregistering): (slave wlan1): Releasing backup interface [ 182.722072][ T3643] bond0 (unregistering): Released all slaves [ 182.812523][ T5922] hid_parser_main: 5 callbacks suppressed [ 182.812564][ T5922] microsoft 0003:045E:07DA.0003: unknown main item tag 0x0 [ 182.812594][ T5922] microsoft 0003:045E:07DA.0003: unknown main item tag 0x0 [ 182.812615][ T5922] microsoft 0003:045E:07DA.0003: unknown main item tag 0x0 [ 182.812640][ T5922] microsoft 0003:045E:07DA.0003: unknown main item tag 0x0 [ 182.812664][ T5922] microsoft 0003:045E:07DA.0003: unknown main item tag 0x0 [ 182.812686][ T5922] microsoft 0003:045E:07DA.0003: unknown main item tag 0x0 [ 182.812709][ T5922] microsoft 0003:045E:07DA.0003: unknown main item tag 0x0 [ 182.812732][ T5922] microsoft 0003:045E:07DA.0003: unknown main item tag 0x0 [ 182.812754][ T5922] microsoft 0003:045E:07DA.0003: unknown main item tag 0x0 [ 182.812776][ T5922] microsoft 0003:045E:07DA.0003: unknown main item tag 0x0 [ 182.991876][ T6442] (unnamed net_device) (uninitialized): up delay (2890) is not a multiple of miimon (100), value rounded to 2800 ms [ 182.992458][ T6442] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR [ 182.996169][ T5922] input: HID 045e:07da as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:045E:07DA.0003/input/input7 [ 183.238150][ T5922] microsoft 0003:045E:07DA.0003: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.3-1/input0 [ 183.273951][ T5922] usb 4-1: USB disconnect, device number 5 [ 183.335622][ T6190] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 183.335644][ T6190] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 183.335672][ T6190] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 183.391233][ T6484] netlink: 12 bytes leftover after parsing attributes in process `syz.4.137'. [ 183.529876][ T6190] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 183.529902][ T6190] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 183.529933][ T6190] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 183.599758][ T6485] fido_id[6485]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/4-1/report_descriptor': No such file or directory [ 184.071648][ T38] kauditd_printk_skb: 20 callbacks suppressed [ 184.071672][ T38] audit: type=1326 audit(1756108707.698:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6496 comm="syz.2.143" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe39f56ebe9 code=0x7ffc0000 [ 184.072345][ T38] audit: type=1326 audit(1756108707.698:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6496 comm="syz.2.143" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe39f56ebe9 code=0x7ffc0000 [ 184.073107][ T38] audit: type=1326 audit(1756108707.698:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6496 comm="syz.2.143" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe39f56ebe9 code=0x7ffc0000 [ 184.073785][ T38] audit: type=1326 audit(1756108707.698:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6496 comm="syz.2.143" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe39f56ebe9 code=0x7ffc0000 [ 184.074098][ T38] audit: type=1326 audit(1756108707.698:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6496 comm="syz.2.143" exe="/root/syz-executor" sig=0 arch=c000003e syscall=302 compat=0 ip=0x7fe39f56ebe9 code=0x7ffc0000 [ 184.074392][ T38] audit: type=1326 audit(1756108707.698:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6496 comm="syz.2.143" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe39f56ebe9 code=0x7ffc0000 [ 184.074965][ T38] audit: type=1326 audit(1756108707.698:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6496 comm="syz.2.143" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe39f56ebe9 code=0x7ffc0000 [ 184.075244][ T38] audit: type=1326 audit(1756108707.698:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6496 comm="syz.2.143" exe="/root/syz-executor" sig=0 arch=c000003e syscall=144 compat=0 ip=0x7fe39f56ebe9 code=0x7ffc0000 [ 184.075727][ T38] audit: type=1326 audit(1756108707.698:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6496 comm="syz.2.143" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe39f56ebe9 code=0x7ffc0000 [ 184.075774][ T38] audit: type=1326 audit(1756108707.698:41): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6496 comm="syz.2.143" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe39f56ebe9 code=0x7ffc0000 [ 186.422806][ T5853] Bluetooth: hci0: command tx timeout [ 186.948028][ T6508] (unnamed net_device) (uninitialized): up delay (2890) is not a multiple of miimon (100), value rounded to 2800 ms [ 187.206992][ T6519] netlink: 12 bytes leftover after parsing attributes in process `syz.4.149'. [ 187.578418][ T6525] program syz.4.151 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 189.712188][ T6190] hsr_slave_0: entered promiscuous mode [ 189.713908][ T6190] hsr_slave_1: entered promiscuous mode [ 189.715019][ T6190] debugfs: 'hsr0' already exists in 'hsr' [ 189.715048][ T6190] Cannot create hsr debugfs directory [ 190.820554][ T5853] Bluetooth: hci1: command tx timeout [ 192.358247][ T3643] hsr_slave_0: left promiscuous mode [ 192.423318][ T3643] hsr_slave_1: left promiscuous mode [ 192.426281][ T3643] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 192.426388][ T3643] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 192.572494][ T3643] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 192.572522][ T3643] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 193.059391][ T3643] veth1_macvtap: left promiscuous mode [ 193.070119][ T3643] veth0_macvtap: left promiscuous mode [ 193.070494][ T3643] veth1_vlan: left promiscuous mode [ 193.074021][ T3643] veth0_vlan: left promiscuous mode [ 196.662692][ T3643] team0 (unregistering): Port device team_slave_1 removed [ 196.928632][ T3643] team0 (unregistering): Port device team_slave_0 removed [ 199.774610][ T6565] (unnamed net_device) (uninitialized): up delay (2890) is not a multiple of miimon (100), value rounded to 2800 ms [ 199.775349][ T6565] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR [ 200.210333][ T6595] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 200.250048][ T6595] Zero length message leads to an empty skb [ 201.671823][ T1323] ieee802154 phy0 wpan0: encryption failed: -22 [ 201.671945][ T1323] ieee802154 phy1 wpan1: encryption failed: -22 [ 201.738763][ T6599] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -12 [ 201.738819][ T6599] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -12 [ 201.738841][ T6599] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db [ 202.336821][ T38] kauditd_printk_skb: 17 callbacks suppressed [ 202.336851][ T38] audit: type=1326 audit(1756108725.928:59): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6611 comm="syz.1.176" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fa6e7edebe9 code=0x0 [ 202.676145][ T6620] (unnamed net_device) (uninitialized): up delay (2890) is not a multiple of miimon (100), value rounded to 2800 ms [ 203.740543][ T6190] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 203.764206][ T38] audit: type=1326 audit(1756108727.388:60): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6645 comm="syz.3.183" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe0b3f6ebe9 code=0x7ffc0000 [ 203.764590][ T38] audit: type=1326 audit(1756108727.388:61): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6645 comm="syz.3.183" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe0b3f6ebe9 code=0x7ffc0000 [ 203.766882][ T38] audit: type=1326 audit(1756108727.388:62): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6645 comm="syz.3.183" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe0b3f6ebe9 code=0x7ffc0000 [ 203.855039][ T38] audit: type=1326 audit(1756108727.468:63): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6645 comm="syz.3.183" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe0b3f6ebe9 code=0x7ffc0000 [ 203.855108][ T38] audit: type=1326 audit(1756108727.478:64): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6645 comm="syz.3.183" exe="/root/syz-executor" sig=0 arch=c000003e syscall=302 compat=0 ip=0x7fe0b3f6ebe9 code=0x7ffc0000 [ 203.855156][ T38] audit: type=1326 audit(1756108727.478:65): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6645 comm="syz.3.183" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe0b3f6ebe9 code=0x7ffc0000 [ 203.855767][ T38] audit: type=1326 audit(1756108727.478:66): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6645 comm="syz.3.183" exe="/root/syz-executor" sig=0 arch=c000003e syscall=144 compat=0 ip=0x7fe0b3f6ebe9 code=0x7ffc0000 [ 203.855817][ T38] audit: type=1326 audit(1756108727.478:67): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6645 comm="syz.3.183" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe0b3f6ebe9 code=0x7ffc0000 [ 203.855864][ T38] audit: type=1326 audit(1756108727.478:68): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6645 comm="syz.3.183" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe0b3f6ebe9 code=0x7ffc0000 [ 205.015442][ T6190] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 207.916618][ T38] kauditd_printk_skb: 16 callbacks suppressed [ 207.916640][ T38] audit: type=1326 audit(1756108731.528:85): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6645 comm="syz.3.183" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe0b3f6ebe9 code=0x7ffc0000 [ 207.916690][ T38] audit: type=1326 audit(1756108731.528:86): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6645 comm="syz.3.183" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe0b3f6ebe9 code=0x7ffc0000 [ 208.328379][ T6190] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 209.297995][ T6670] bond1: up delay (2890) is not a multiple of miimon (100), value rounded to 2800 ms [ 209.324197][ T38] audit: type=1326 audit(1756108732.928:87): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6667 comm="syz.4.190" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7ff5f105ebe9 code=0x0 [ 211.527602][ T991] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 212.787503][ T991] usb 5-1: Using ep0 maxpacket: 16 [ 212.827558][ T5908] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 212.897581][ T991] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 212.897620][ T991] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 212.897667][ T991] usb 5-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 212.897690][ T991] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 212.997526][ T5908] usb 4-1: Using ep0 maxpacket: 16 [ 213.035195][ T5908] usb 4-1: New USB device found, idVendor=061d, idProduct=c020, bcdDevice=9c.15 [ 213.035233][ T5908] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 213.035256][ T5908] usb 4-1: Product: syz [ 213.035271][ T5908] usb 4-1: Manufacturer: syz [ 213.035286][ T5908] usb 4-1: SerialNumber: syz [ 213.071083][ T991] usb 5-1: config 0 descriptor?? [ 213.119206][ T991] usbhid 5-1:0.0: couldn't find an input interrupt endpoint [ 213.159844][ T5908] usb 4-1: config 0 descriptor?? [ 213.182681][ T5908] ssu100 4-1:0.0: Quatech SSU-100 USB to Serial Driver converter detected [ 213.802227][ T6688] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 214.444811][ T6688] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 214.536370][ T6019] usb 5-1: USB disconnect, device number 3 [ 214.567824][ T5908] ssu100 4-1:0.0: probe with driver ssu100 failed with error -71 [ 214.587847][ T5908] usb 4-1: USB disconnect, device number 6 [ 215.171805][ T5847] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 215.189450][ T5847] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 215.192702][ T5847] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 215.195501][ T5847] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 215.196413][ T5847] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 215.566577][ T38] audit: type=1326 audit(1756108739.168:88): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6711 comm="syz.1.203" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fa6e7edebe9 code=0x0 [ 216.940419][ T5847] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci3/hci3:201' [ 216.940454][ T5847] CPU: 0 UID: 0 PID: 5847 Comm: kworker/u9:2 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 216.940481][ T5847] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 216.940496][ T5847] Workqueue: hci3 hci_rx_work [ 216.940529][ T5847] Call Trace: [ 216.940539][ T5847] [ 216.940578][ T5847] dump_stack_lvl+0x189/0x250 [ 216.940621][ T5847] ? __pfx_dump_stack_lvl+0x10/0x10 [ 216.940655][ T5847] ? __pfx__printk+0x10/0x10 [ 216.940687][ T5847] ? kernfs_path_from_node+0x2c/0x280 [ 216.940709][ T5847] ? kernfs_path_from_node+0x243/0x280 [ 216.940729][ T5847] ? kernfs_path_from_node+0x2c/0x280 [ 216.940754][ T5847] sysfs_create_dir_ns+0x259/0x280 [ 216.940787][ T5847] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 216.940812][ T5847] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 216.940857][ T5847] ? rt_spin_unlock+0x65/0x80 [ 216.940885][ T5847] kobject_add_internal+0x5a5/0xb50 [ 216.940927][ T5847] kobject_add+0x155/0x220 [ 216.940964][ T5847] ? __pfx_kobject_add+0x10/0x10 [ 216.941003][ T5847] ? get_device_parent+0x370/0x3a0 [ 216.941040][ T5847] device_add+0x408/0xb50 [ 216.941076][ T5847] hci_conn_add_sysfs+0xd5/0x1e0 [ 216.941113][ T5847] le_conn_complete_evt+0xc3a/0x1220 [ 216.941156][ T5847] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 216.941184][ T5847] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 216.941212][ T5847] ? lockdep_hardirqs_on+0x9c/0x150 [ 216.941244][ T5847] ? skb_pull_data+0xfb/0x200 [ 216.941270][ T5847] hci_le_conn_complete_evt+0x187/0x450 [ 216.941306][ T5847] hci_event_packet+0x78f/0x1200 [ 216.941345][ T5847] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 216.941437][ T5847] ? __pfx_hci_event_packet+0x10/0x10 [ 216.941475][ T5847] ? __pfx_migrate_enable+0x10/0x10 [ 216.941516][ T5847] ? hci_send_to_monitor+0xe2/0x570 [ 216.941549][ T5847] hci_rx_work+0x46a/0xe80 [ 216.941580][ T5847] ? process_scheduled_works+0x9ef/0x17b0 [ 216.941612][ T5847] process_scheduled_works+0xade/0x17b0 [ 216.941676][ T5847] ? __pfx_process_scheduled_works+0x10/0x10 [ 216.941724][ T5847] worker_thread+0x8a0/0xda0 [ 216.941784][ T5847] kthread+0x711/0x8a0 [ 216.941831][ T5847] ? __pfx_worker_thread+0x10/0x10 [ 216.941858][ T5847] ? __pfx_kthread+0x10/0x10 [ 216.941897][ T5847] ? __pfx_kthread+0x10/0x10 [ 216.941930][ T5847] ret_from_fork+0x3fc/0x770 [ 216.941962][ T5847] ? __pfx_ret_from_fork+0x10/0x10 [ 216.942000][ T5847] ? __switch_to_asm+0x39/0x70 [ 216.942021][ T5847] ? __switch_to_asm+0x33/0x70 [ 216.942041][ T5847] ? __pfx_kthread+0x10/0x10 [ 216.942074][ T5847] ret_from_fork_asm+0x1a/0x30 [ 216.942116][ T5847] [ 216.942152][ T5847] kobject: kobject_add_internal failed for hci3:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 216.942195][ T5847] Bluetooth: hci3: failed to register connection device [ 217.119151][ T5853] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci2/hci2:201' [ 217.119183][ T5853] CPU: 1 UID: 0 PID: 5853 Comm: kworker/u9:4 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 217.119211][ T5853] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 217.119225][ T5853] Workqueue: hci2 hci_rx_work [ 217.119253][ T5853] Call Trace: [ 217.119262][ T5853] [ 217.119271][ T5853] dump_stack_lvl+0x189/0x250 [ 217.119309][ T5853] ? __pfx_dump_stack_lvl+0x10/0x10 [ 217.119341][ T5853] ? __pfx__printk+0x10/0x10 [ 217.119372][ T5853] ? kernfs_path_from_node+0x2c/0x280 [ 217.119393][ T5853] ? kernfs_path_from_node+0x243/0x280 [ 217.119410][ T5853] ? kernfs_path_from_node+0x2c/0x280 [ 217.119436][ T5853] sysfs_create_dir_ns+0x259/0x280 [ 217.119470][ T5853] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 217.119492][ T5853] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 217.119518][ T5853] ? rt_spin_unlock+0x65/0x80 [ 217.119543][ T5853] kobject_add_internal+0x5a5/0xb50 [ 217.119600][ T5853] kobject_add+0x155/0x220 [ 217.119634][ T5853] ? __pfx_kobject_add+0x10/0x10 [ 217.119672][ T5853] ? get_device_parent+0x370/0x3a0 [ 217.119706][ T5853] device_add+0x408/0xb50 [ 217.119739][ T5853] hci_conn_add_sysfs+0xd5/0x1e0 [ 217.119774][ T5853] le_conn_complete_evt+0xc3a/0x1220 [ 217.119818][ T5853] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 217.119840][ T5853] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 217.119867][ T5853] ? lockdep_hardirqs_on+0x9c/0x150 [ 217.119894][ T5853] ? skb_pull_data+0xfb/0x200 [ 217.119916][ T5853] hci_le_conn_complete_evt+0x187/0x450 [ 217.119949][ T5853] hci_event_packet+0x78f/0x1200 [ 217.119985][ T5853] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 217.120011][ T5853] ? __pfx_hci_event_packet+0x10/0x10 [ 217.120042][ T5853] ? __pfx_migrate_enable+0x10/0x10 [ 217.120074][ T5853] ? hci_send_to_monitor+0xe2/0x570 [ 217.120101][ T5853] hci_rx_work+0x46a/0xe80 [ 217.120128][ T5853] ? process_scheduled_works+0x9ef/0x17b0 [ 217.120153][ T5853] process_scheduled_works+0xade/0x17b0 [ 217.120207][ T5853] ? __pfx_process_scheduled_works+0x10/0x10 [ 217.120249][ T5853] worker_thread+0x8a0/0xda0 [ 217.120300][ T5853] kthread+0x711/0x8a0 [ 217.120331][ T5853] ? __pfx_worker_thread+0x10/0x10 [ 217.120353][ T5853] ? __pfx_kthread+0x10/0x10 [ 217.120385][ T5853] ? __pfx_kthread+0x10/0x10 [ 217.120412][ T5853] ret_from_fork+0x3fc/0x770 [ 217.120439][ T5853] ? __pfx_ret_from_fork+0x10/0x10 [ 217.120469][ T5853] ? __switch_to_asm+0x39/0x70 [ 217.120485][ T5853] ? __switch_to_asm+0x33/0x70 [ 217.120501][ T5853] ? __pfx_kthread+0x10/0x10 [ 217.120528][ T5853] ret_from_fork_asm+0x1a/0x30 [ 217.120594][ T5853] [ 217.120628][ T5853] kobject: kobject_add_internal failed for hci2:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 217.120680][ T5853] Bluetooth: hci2: failed to register connection device [ 217.337552][ T5847] Bluetooth: hci4: command tx timeout [ 219.827511][ T5847] Bluetooth: hci4: command tx timeout [ 220.900989][ T38] audit: type=1326 audit(1756108744.528:89): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6762 comm="syz.4.216" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7ff5f105ebe9 code=0x0 [ 222.527623][ T5847] Bluetooth: hci4: command tx timeout [ 225.043170][ T5853] Bluetooth: hci4: command tx timeout [ 226.507514][ T5154] Bluetooth: hci2: command 0x0406 tx timeout [ 226.647501][ T5908] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 227.794034][ T5908] usb 5-1: Using ep0 maxpacket: 16 [ 227.926817][ T5908] usb 5-1: device descriptor read/all, error -71 [ 228.539548][ T5853] Bluetooth: hci2: command 0x0406 tx timeout [ 228.539593][ T5853] Bluetooth: hci3: command 0x0406 tx timeout [ 228.540455][ T5853] Bluetooth: hci1: command 0x0406 tx timeout [ 228.757487][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 228.779334][ T5847] Bluetooth: hci0: command 0x0406 tx timeout [ 228.973216][ T38] audit: type=1326 audit(1756108752.588:90): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6814 comm="syz.2.229" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fe39f56ebe9 code=0x0 [ 229.197781][ T0] NOHZ tick-stop error: local softirq work is pending, handler #41!!! [ 229.198603][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 230.360380][ T5908] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 230.547413][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 230.777678][ T5908] usb 5-1: Using ep0 maxpacket: 16 [ 230.782523][ T5908] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 230.782561][ T5908] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 230.782586][ T5908] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 230.782633][ T5908] usb 5-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 230.782654][ T5908] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 230.877705][ T5908] usb 5-1: config 0 descriptor?? [ 232.184445][ T6705] chnl_net:caif_netlink_parms(): no params data found [ 233.524401][ T5908] usbhid 5-1:0.0: can't add hid device: -71 [ 233.535312][ T5908] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 233.578242][ T5908] usb 5-1: USB disconnect, device number 6 [ 233.801705][ T38] audit: type=1326 audit(1756108757.418:91): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6837 comm="syz.2.234" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe39f56ebe9 code=0x7ffc0000 [ 233.802299][ T38] audit: type=1326 audit(1756108757.428:92): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6837 comm="syz.2.234" exe="/root/syz-executor" sig=0 arch=c000003e syscall=109 compat=0 ip=0x7fe39f56ebe9 code=0x7ffc0000 [ 233.802600][ T38] audit: type=1326 audit(1756108757.428:93): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6837 comm="syz.2.234" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe39f56ebe9 code=0x7ffc0000 [ 233.806775][ T38] audit: type=1326 audit(1756108757.428:94): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6837 comm="syz.2.234" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe39f56ebe9 code=0x7ffc0000 [ 233.806833][ T38] audit: type=1326 audit(1756108757.428:95): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6837 comm="syz.2.234" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe39f56ebe9 code=0x7ffc0000 [ 233.934112][ T38] audit: type=1326 audit(1756108757.428:96): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6837 comm="syz.2.234" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe39f56ebe9 code=0x7ffc0000 [ 233.934180][ T38] audit: type=1326 audit(1756108757.558:97): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6837 comm="syz.2.234" exe="/root/syz-executor" sig=0 arch=c000003e syscall=302 compat=0 ip=0x7fe39f56ebe9 code=0x7ffc0000 [ 233.934230][ T38] audit: type=1326 audit(1756108757.558:98): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6837 comm="syz.2.234" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe39f56ebe9 code=0x7ffc0000 [ 233.934279][ T38] audit: type=1326 audit(1756108757.558:99): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6837 comm="syz.2.234" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe39f56ebe9 code=0x7ffc0000 [ 234.229995][ T38] audit: type=1326 audit(1756108757.858:100): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6837 comm="syz.2.234" exe="/root/syz-executor" sig=0 arch=c000003e syscall=53 compat=0 ip=0x7fe39f56ebe9 code=0x7ffc0000 [ 234.230065][ T38] audit: type=1326 audit(1756108757.858:101): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6837 comm="syz.2.234" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe39f56ebe9 code=0x7ffc0000 [ 234.232683][ T38] audit: type=1326 audit(1756108757.858:102): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6837 comm="syz.2.234" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe39f56ebe9 code=0x7ffc0000 [ 235.277403][ T38] audit: type=1326 audit(1756108758.898:103): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6837 comm="syz.2.234" exe="/root/syz-executor" sig=0 arch=c000003e syscall=42 compat=0 ip=0x7fe39f56ebe9 code=0x7ffc0000 [ 235.277474][ T38] audit: type=1326 audit(1756108758.898:104): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6837 comm="syz.2.234" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe39f56ebe9 code=0x7ffc0000 [ 235.277519][ T38] audit: type=1326 audit(1756108758.898:105): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6837 comm="syz.2.234" exe="/root/syz-executor" sig=0 arch=c000003e syscall=307 compat=0 ip=0x7fe39f56ebe9 code=0x7ffc0000 [ 239.725082][ T991] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 240.187570][ T991] usb 4-1: Using ep0 maxpacket: 16 [ 240.190325][ T991] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 240.190364][ T991] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 240.190389][ T991] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 240.190436][ T991] usb 4-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 240.190462][ T991] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 240.281438][ T991] usb 4-1: config 0 descriptor?? [ 240.756799][ T991] hid_parser_main: 5 callbacks suppressed [ 240.756831][ T991] microsoft 0003:045E:07DA.0004: unknown main item tag 0x0 [ 240.756860][ T991] microsoft 0003:045E:07DA.0004: unknown main item tag 0x0 [ 240.756886][ T991] microsoft 0003:045E:07DA.0004: unknown main item tag 0x0 [ 240.756911][ T991] microsoft 0003:045E:07DA.0004: unknown main item tag 0x0 [ 240.756936][ T991] microsoft 0003:045E:07DA.0004: unknown main item tag 0x0 [ 240.756961][ T991] microsoft 0003:045E:07DA.0004: unknown main item tag 0x0 [ 240.756987][ T991] microsoft 0003:045E:07DA.0004: unknown main item tag 0x0 [ 240.757012][ T991] microsoft 0003:045E:07DA.0004: unknown main item tag 0x0 [ 240.757038][ T991] microsoft 0003:045E:07DA.0004: unknown main item tag 0x0 [ 240.757063][ T991] microsoft 0003:045E:07DA.0004: unknown main item tag 0x0 [ 240.906231][ T991] input: HID 045e:07da as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:045E:07DA.0004/input/input8 [ 240.936541][ T991] microsoft 0003:045E:07DA.0004: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.3-1/input0 [ 240.993866][ T991] usb 4-1: USB disconnect, device number 7 [ 241.401183][ T6901] fido_id[6901]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/report_descriptor': No such file or directory [ 241.671186][ T6705] bridge0: port 1(bridge_slave_0) entered blocking state [ 241.671786][ T6705] bridge0: port 1(bridge_slave_0) entered disabled state [ 241.672105][ T6705] bridge_slave_0: entered allmulticast mode [ 241.717658][ T6705] bridge_slave_0: entered promiscuous mode [ 241.804787][ T6705] bridge0: port 2(bridge_slave_1) entered blocking state [ 241.804965][ T6705] bridge0: port 2(bridge_slave_1) entered disabled state [ 241.805276][ T6705] bridge_slave_1: entered allmulticast mode [ 241.834693][ T6705] bridge_slave_1: entered promiscuous mode [ 243.374964][ T6705] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 243.483386][ T6919] tipc: Started in network mode [ 243.483418][ T6919] tipc: Node identity be1ab641cdf5, cluster identity 4711 [ 243.512539][ T6919] tipc: Enabled bearer , priority 0 [ 243.528626][ T6705] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 243.558459][ T6919] tipc: Resetting bearer [ 243.582182][ T6921] tipc: Started in network mode [ 243.582226][ T6921] tipc: Node identity 9ee8672b44e5, cluster identity 4711 [ 243.582544][ T6921] tipc: Enabled bearer , priority 0 [ 243.749940][ T6921] syzkaller0: entered promiscuous mode [ 243.749982][ T6921] syzkaller0: entered allmulticast mode [ 243.789401][ T67] bridge_slave_1: left allmulticast mode [ 243.789462][ T67] bridge_slave_1: left promiscuous mode [ 243.790712][ T67] bridge0: port 2(bridge_slave_1) entered disabled state [ 243.889328][ T67] bridge_slave_0: left allmulticast mode [ 243.889369][ T67] bridge_slave_0: left promiscuous mode [ 243.889757][ T67] bridge0: port 1(bridge_slave_0) entered disabled state [ 245.082096][ T44] tipc: Node number set to 3658311467 [ 245.331155][ T44] tipc: Node number set to 1945089601 [ 246.436144][ T67] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 246.980391][ T67] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 247.093285][ T67] bond0 (unregistering): Released all slaves [ 247.198495][ T6926] tipc: Resetting bearer [ 248.633316][ T6916] tipc: Disabling bearer [ 248.925907][ T6920] tipc: Resetting bearer [ 249.141605][ T6920] tipc: Disabling bearer [ 249.301381][ T6963] program syz.1.268 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 249.323557][ T6705] team0: Port device team_slave_0 added [ 249.351271][ T6705] team0: Port device team_slave_1 added [ 249.974007][ T67] hsr_slave_0: left promiscuous mode [ 251.289568][ T67] hsr_slave_1: left promiscuous mode [ 251.290749][ T67] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 251.349595][ T67] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 251.722505][ T6991] program syz.3.279 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 255.305385][ T7012] 9pnet_fd: Insufficient options for proto=fd [ 258.676576][ T67] team0 (unregistering): Port device team_slave_1 removed [ 258.950752][ T5858] Bluetooth: hci1: Ignoring HCI_Connection_Complete for existing connection [ 259.021433][ T67] team0 (unregistering): Port device team_slave_0 removed [ 259.963388][ T7048] 9pnet_fd: Insufficient options for proto=fd [ 260.609159][ T7057] netlink: 4 bytes leftover after parsing attributes in process `syz.4.300'. [ 261.237682][ T6965] (unnamed net_device) (uninitialized): up delay (2890) is not a multiple of miimon (100), value rounded to 2800 ms [ 261.238327][ T6965] workqueue: Failed to create a rescuer kthread for wq "bond2": -EINTR [ 261.276161][ T6967] bond_slave_0: entered promiscuous mode [ 261.276305][ T6967] bond_slave_1: entered promiscuous mode [ 261.278365][ T6967] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 261.306865][ T6967] bond1: (slave macvlan2): Enslaving as an active interface with an up link [ 261.508659][ T6705] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 261.508681][ T6705] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 261.508710][ T6705] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 261.549886][ T6705] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 261.549932][ T6705] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 261.549955][ T6705] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 262.118607][ T1323] ieee802154 phy0 wpan0: encryption failed: -22 [ 262.118707][ T1323] ieee802154 phy1 wpan1: encryption failed: -22 [ 265.098942][ T6705] hsr_slave_0: entered promiscuous mode [ 265.100630][ T6705] hsr_slave_1: entered promiscuous mode [ 265.288556][ T6705] debugfs: 'hsr0' already exists in 'hsr' [ 265.288595][ T6705] Cannot create hsr debugfs directory [ 265.570333][ T7088] 9pnet_fd: Insufficient options for proto=fd [ 267.974782][ T5908] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 269.287459][ T5908] usb 5-1: Using ep0 maxpacket: 16 [ 269.406682][ T5908] usb 5-1: device descriptor read/all, error -71 [ 272.053206][ T7159] usb usb7: usbfs: process 7159 (syz.4.329) did not claim interface 0 before use [ 274.175745][ T5221] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 274.181069][ T7163] gretap0: entered promiscuous mode [ 274.200905][ T7163] vlan2: entered promiscuous mode [ 274.688634][ T5154] Bluetooth: hci3: Ignoring HCI_Connection_Complete for existing connection [ 275.252134][ T5154] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 275.266432][ T5154] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 275.268452][ T5154] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 275.269795][ T5154] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 275.271225][ T5154] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 277.960753][ T5154] Bluetooth: hci5: command tx timeout [ 280.067626][ T5908] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 280.247677][ T5154] Bluetooth: hci5: command tx timeout [ 280.564741][ T6016] bridge_slave_1: left allmulticast mode [ 280.564783][ T6016] bridge_slave_1: left promiscuous mode [ 280.565094][ T6016] bridge0: port 2(bridge_slave_1) entered disabled state [ 280.567610][ T5908] usb 5-1: Using ep0 maxpacket: 16 [ 280.570263][ T5908] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 280.570295][ T5908] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 280.570316][ T5908] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 280.570358][ T5908] usb 5-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 280.570379][ T5908] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 280.575814][ T5908] usb 5-1: config 0 descriptor?? [ 280.841376][ T6016] bridge_slave_0: left allmulticast mode [ 280.841424][ T6016] bridge_slave_0: left promiscuous mode [ 280.842959][ T6016] bridge0: port 1(bridge_slave_0) entered disabled state [ 281.075802][ T5908] hid_parser_main: 5 callbacks suppressed [ 281.075834][ T5908] microsoft 0003:045E:07DA.0005: unknown main item tag 0x0 [ 281.075863][ T5908] microsoft 0003:045E:07DA.0005: unknown main item tag 0x0 [ 281.075887][ T5908] microsoft 0003:045E:07DA.0005: unknown main item tag 0x0 [ 281.075914][ T5908] microsoft 0003:045E:07DA.0005: unknown main item tag 0x0 [ 281.075940][ T5908] microsoft 0003:045E:07DA.0005: unknown main item tag 0x0 [ 281.075966][ T5908] microsoft 0003:045E:07DA.0005: unknown main item tag 0x0 [ 281.075991][ T5908] microsoft 0003:045E:07DA.0005: unknown main item tag 0x0 [ 281.076016][ T5908] microsoft 0003:045E:07DA.0005: unknown main item tag 0x0 [ 281.076041][ T5908] microsoft 0003:045E:07DA.0005: unknown main item tag 0x0 [ 281.076065][ T5908] microsoft 0003:045E:07DA.0005: unknown main item tag 0x0 [ 281.339430][ T5908] input: HID 045e:07da as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:045E:07DA.0005/input/input9 [ 281.367068][ T5908] microsoft 0003:045E:07DA.0005: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.4-1/input0 [ 281.412036][ T5908] usb 5-1: USB disconnect, device number 9 [ 282.115078][ T7243] fido_id[7243]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/report_descriptor': No such file or directory [ 282.366194][ T5154] Bluetooth: hci5: command tx timeout [ 283.291552][ T6016] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 283.425971][ T6016] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 283.514941][ T6016] bond0 (unregistering): Released all slaves [ 283.873299][ T38] audit: type=1326 audit(1756108807.498:106): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7263 comm="syz.2.364" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe39f56ebe9 code=0x7ffc0000 [ 283.873899][ T38] audit: type=1326 audit(1756108807.498:107): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7263 comm="syz.2.364" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe39f56ebe9 code=0x7ffc0000 [ 283.874197][ T38] audit: type=1326 audit(1756108807.498:108): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7263 comm="syz.2.364" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe39f56ebe9 code=0x7ffc0000 [ 283.903120][ T38] audit: type=1326 audit(1756108807.518:109): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7263 comm="syz.2.364" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe39f56ebe9 code=0x7ffc0000 [ 283.904916][ T38] audit: type=1326 audit(1756108807.528:110): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7263 comm="syz.2.364" exe="/root/syz-executor" sig=0 arch=c000003e syscall=302 compat=0 ip=0x7fe39f56ebe9 code=0x7ffc0000 [ 283.904966][ T38] audit: type=1326 audit(1756108807.528:111): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7263 comm="syz.2.364" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe39f56ebe9 code=0x7ffc0000 [ 283.905005][ T38] audit: type=1326 audit(1756108807.528:112): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7263 comm="syz.2.364" exe="/root/syz-executor" sig=0 arch=c000003e syscall=144 compat=0 ip=0x7fe39f56ebe9 code=0x7ffc0000 [ 283.905043][ T38] audit: type=1326 audit(1756108807.528:113): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7263 comm="syz.2.364" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe39f56ebe9 code=0x7ffc0000 [ 283.905082][ T38] audit: type=1326 audit(1756108807.528:114): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7263 comm="syz.2.364" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe39f56ebe9 code=0x7ffc0000 [ 283.905706][ T38] audit: type=1326 audit(1756108807.528:115): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7263 comm="syz.2.364" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fe39f56ebe9 code=0x7ffc0000 [ 284.380708][ T5154] Bluetooth: hci5: command tx timeout [ 284.409109][ T6016] hsr_slave_0: left promiscuous mode [ 284.542102][ T6016] hsr_slave_1: left promiscuous mode [ 284.543387][ T6016] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 284.610651][ T6016] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 284.907060][ T7287] program syz.4.370 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 285.250077][ T7293] netlink: 4 bytes leftover after parsing attributes in process `syz.4.372'. [ 285.802848][ C1] vkms_vblank_simulate: vblank timer overrun [ 286.368874][ C1] vkms_vblank_simulate: vblank timer overrun [ 286.633480][ C1] vkms_vblank_simulate: vblank timer overrun [ 287.433249][ C1] vkms_vblank_simulate: vblank timer overrun [ 287.678126][ C1] vkms_vblank_simulate: vblank timer overrun [ 287.774175][ C1] vkms_vblank_simulate: vblank timer overrun [ 288.073514][ C1] vkms_vblank_simulate: vblank timer overrun [ 288.176388][ C1] vkms_vblank_simulate: vblank timer overrun [ 288.364799][ C1] vkms_vblank_simulate: vblank timer overrun [ 289.129726][ C1] vkms_vblank_simulate: vblank timer overrun [ 289.371136][ C1] vkms_vblank_simulate: vblank timer overrun [ 289.385081][ T6016] team0 (unregistering): Port device team_slave_1 removed [ 289.720264][ T7321] netlink: 4 bytes leftover after parsing attributes in process `syz.3.378'. [ 289.720372][ T6016] team0 (unregistering): Port device team_slave_0 removed [ 290.087055][ T7327] program syz.2.381 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 292.449584][ T7293] hsr_slave_1 (unregistering): left promiscuous mode [ 292.769640][ C1] vkms_vblank_simulate: vblank timer overrun [ 292.887938][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 292.956264][ C1] vkms_vblank_simulate: vblank timer overrun [ 293.164168][ C1] vkms_vblank_simulate: vblank timer overrun [ 293.296613][ T7321] hsr_slave_1 (unregistering): left promiscuous mode [ 293.350863][ T7355] program syz.4.391 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 294.136207][ C1] vkms_vblank_simulate: vblank timer overrun [ 294.254955][ T7368] binder_alloc: 7362: binder_alloc_buf, no vma [ 296.927188][ C1] vkms_vblank_simulate: vblank timer overrun [ 297.092511][ C1] vkms_vblank_simulate: vblank timer overrun [ 297.352766][ C1] vkms_vblank_simulate: vblank timer overrun [ 297.506760][ T7168] chnl_net:caif_netlink_parms(): no params data found [ 297.601264][ C1] vkms_vblank_simulate: vblank timer overrun [ 297.999677][ C1] vkms_vblank_simulate: vblank timer overrun [ 298.077143][ C1] vkms_vblank_simulate: vblank timer overrun [ 298.567369][ C1] vkms_vblank_simulate: vblank timer overrun [ 300.096717][ C1] vkms_vblank_simulate: vblank timer overrun [ 300.947473][ C1] vkms_vblank_simulate: vblank timer overrun [ 301.128571][ T7389] program syz.2.401 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 302.558741][ C1] vkms_vblank_simulate: vblank timer overrun [ 302.630249][ T7168] bridge0: port 1(bridge_slave_0) entered blocking state [ 302.630499][ T7168] bridge0: port 1(bridge_slave_0) entered disabled state [ 302.630807][ T7168] bridge_slave_0: entered allmulticast mode [ 302.695835][ T7168] bridge_slave_0: entered promiscuous mode [ 302.718206][ T7168] bridge0: port 2(bridge_slave_1) entered blocking state [ 302.718412][ T7168] bridge0: port 2(bridge_slave_1) entered disabled state [ 302.718695][ T7168] bridge_slave_1: entered allmulticast mode [ 302.752453][ T7168] bridge_slave_1: entered promiscuous mode [ 303.497375][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 304.182942][ T7426] binder_alloc: 7422: binder_alloc_buf, no vma [ 305.381310][ T7168] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 305.615284][ T7168] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 305.980440][ T7427] block nbd3: shutting down sockets [ 306.235814][ T7168] team0: Port device team_slave_0 added [ 306.279515][ T7168] team0: Port device team_slave_1 added [ 306.827352][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 306.827677][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 307.157066][ T7168] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 307.157083][ T7168] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 307.157100][ T7168] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 307.188281][ T7432] ALSA: mixer_oss: invalid OSS volume '' [ 307.226301][ T7168] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 307.226323][ T7168] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 307.226351][ T7168] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 307.899371][ T7168] hsr_slave_0: entered promiscuous mode [ 307.901069][ T7168] hsr_slave_1: entered promiscuous mode [ 307.902123][ T7168] debugfs: 'hsr0' already exists in 'hsr' [ 307.902149][ T7168] Cannot create hsr debugfs directory [ 308.347437][ C1] vkms_vblank_simulate: vblank timer overrun [ 308.981429][ C1] vkms_vblank_simulate: vblank timer overrun [ 309.228898][ C1] vkms_vblank_simulate: vblank timer overrun [ 309.264913][ C1] vkms_vblank_simulate: vblank timer overrun [ 310.037552][ C1] vkms_vblank_simulate: vblank timer overrun [ 310.570660][ C1] vkms_vblank_simulate: vblank timer overrun [ 310.746777][ C1] vkms_vblank_simulate: vblank timer overrun [ 311.309484][ C1] vkms_vblank_simulate: vblank timer overrun [ 311.871474][ C1] vkms_vblank_simulate: vblank timer overrun [ 312.320087][ C1] vkms_vblank_simulate: vblank timer overrun [ 312.577179][ T7472] binder_alloc: 7467: binder_alloc_buf, no vma [ 312.616042][ C1] vkms_vblank_simulate: vblank timer overrun [ 314.281328][ T38] kauditd_printk_skb: 18 callbacks suppressed [ 314.281352][ T38] audit: type=1326 audit(1756108837.908:134): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7478 comm="syz.2.421" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe39f56ebe9 code=0x7ffc0000 [ 314.292494][ T38] audit: type=1326 audit(1756108837.908:135): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7478 comm="syz.2.421" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe39f56ebe9 code=0x7ffc0000 [ 314.292551][ T38] audit: type=1326 audit(1756108837.918:136): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7478 comm="syz.2.421" exe="/root/syz-executor" sig=0 arch=c000003e syscall=109 compat=0 ip=0x7fe39f56ebe9 code=0x7ffc0000 [ 314.292592][ T38] audit: type=1326 audit(1756108837.918:137): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7478 comm="syz.2.421" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe39f56ebe9 code=0x7ffc0000 [ 314.292632][ T38] audit: type=1326 audit(1756108837.918:138): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7478 comm="syz.2.421" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe39f56ebe9 code=0x7ffc0000 [ 314.292671][ T38] audit: type=1326 audit(1756108837.918:139): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7478 comm="syz.2.421" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe39f56ebe9 code=0x7ffc0000 [ 314.292711][ T38] audit: type=1326 audit(1756108837.918:140): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7478 comm="syz.2.421" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe39f56ebe9 code=0x7ffc0000 [ 314.335949][ T38] audit: type=1326 audit(1756108837.958:141): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7478 comm="syz.2.421" exe="/root/syz-executor" sig=0 arch=c000003e syscall=302 compat=0 ip=0x7fe39f56ebe9 code=0x7ffc0000 [ 314.370517][ T38] audit: type=1326 audit(1756108837.958:142): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7478 comm="syz.2.421" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe39f56ebe9 code=0x7ffc0000 [ 314.370576][ T38] audit: type=1326 audit(1756108837.998:143): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7478 comm="syz.2.421" exe="/root/syz-executor" sig=0 arch=c000003e syscall=144 compat=0 ip=0x7fe39f56ebe9 code=0x7ffc0000 [ 318.147785][ T7497] 9pnet_fd: Insufficient options for proto=fd [ 320.506891][ T7513] 9pnet_fd: Insufficient options for proto=fd [ 323.085559][ T7552] netdevsim netdevsim2 netdevsim3: entered promiscuous mode [ 323.085909][ T7552] vlan2: entered promiscuous mode [ 323.537538][ T1323] ieee802154 phy0 wpan0: encryption failed: -22 [ 323.542566][ T1323] ieee802154 phy1 wpan1: encryption failed: -22 [ 324.000655][ T7562] 9pnet_fd: Insufficient options for proto=fd [ 324.026958][ T7168] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 324.112762][ T7168] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 324.239214][ T7168] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 324.350906][ T7168] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 324.923555][ T7168] 8021q: adding VLAN 0 to HW filter on device bond0 [ 325.030353][ T7168] 8021q: adding VLAN 0 to HW filter on device team0 [ 325.900250][ T3519] bridge0: port 1(bridge_slave_0) entered blocking state [ 325.902778][ T3519] bridge0: port 1(bridge_slave_0) entered forwarding state [ 326.130693][ T1183] bridge0: port 2(bridge_slave_1) entered blocking state [ 326.130964][ T1183] bridge0: port 2(bridge_slave_1) entered forwarding state [ 326.924274][ T5929] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 327.154872][ T5929] usb 4-1: language id specifier not provided by device, defaulting to English [ 327.173369][ T5929] usb 4-1: New USB device found, idVendor=2013, idProduct=0251, bcdDevice=e8.6e [ 327.173409][ T5929] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 327.173431][ T5929] usb 4-1: Manufacturer: ‰ [ 327.173447][ T5929] usb 4-1: SerialNumber: syz [ 327.214459][ T5929] usb 4-1: config 0 descriptor?? [ 327.506043][ T5929] usb 4-1: USB disconnect, device number 8 [ 327.557729][ T7609] 9pnet_fd: Insufficient options for proto=fd [ 329.241257][ T7168] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 332.597709][ T7645] netlink: 12 bytes leftover after parsing attributes in process `syz.4.465'. [ 333.136699][ T7658] 9pnet_fd: Insufficient options for proto=fd [ 334.161376][ T5858] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 334.192542][ T5858] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 334.222380][ T5858] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 334.228626][ T5858] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 334.235232][ T5858] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 334.985702][ T7677] mmap: syz.4.472 (7677) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 334.989652][ T7677] netlink: 24 bytes leftover after parsing attributes in process `syz.4.472'. [ 335.882882][ C1] vkms_vblank_simulate: vblank timer overrun [ 336.482224][ T5858] Bluetooth: hci4: command tx timeout [ 336.613957][ C1] vkms_vblank_simulate: vblank timer overrun [ 336.862650][ C1] vkms_vblank_simulate: vblank timer overrun [ 337.698161][ C1] vkms_vblank_simulate: vblank timer overrun [ 337.894194][ C1] vkms_vblank_simulate: vblank timer overrun [ 338.057107][ C1] vkms_vblank_simulate: vblank timer overrun [ 338.703829][ T5154] Bluetooth: hci4: command tx timeout [ 338.816756][ T7705] netlink: 12 bytes leftover after parsing attributes in process `syz.2.479'. [ 339.662242][ C1] vkms_vblank_simulate: vblank timer overrun [ 339.887368][ C1] vkms_vblank_simulate: vblank timer overrun [ 340.511864][ C1] vkms_vblank_simulate: vblank timer overrun [ 341.029332][ T5154] Bluetooth: hci4: command tx timeout [ 341.167843][ T7702] netlink: 24 bytes leftover after parsing attributes in process `syz.1.477'. [ 341.227152][ T7729] netlink: 72 bytes leftover after parsing attributes in process `syz.3.485'. [ 341.466407][ T7730] netlink: 72 bytes leftover after parsing attributes in process `syz.3.485'. [ 343.363857][ T5154] Bluetooth: hci4: command tx timeout [ 344.268905][ T7739] netlink: 24 bytes leftover after parsing attributes in process `syz.4.487'. [ 345.202133][ T7760] netlink: 12 bytes leftover after parsing attributes in process `syz.3.492'. [ 347.260844][ T7674] chnl_net:caif_netlink_parms(): no params data found [ 347.861587][ T7795] binder_alloc: 7786: binder_alloc_buf, no vma [ 349.800529][ T7781] netlink: 24 bytes leftover after parsing attributes in process `syz.2.496'. [ 349.836659][ T7790] netlink: 24 bytes leftover after parsing attributes in process `syz.3.497'. [ 351.421202][ T7674] bridge0: port 1(bridge_slave_0) entered blocking state [ 351.421924][ T7674] bridge0: port 1(bridge_slave_0) entered disabled state [ 351.422142][ T7674] bridge_slave_0: entered allmulticast mode [ 351.458150][ T7674] bridge_slave_0: entered promiscuous mode [ 351.601393][ T7674] bridge0: port 2(bridge_slave_1) entered blocking state [ 351.601488][ T7674] bridge0: port 2(bridge_slave_1) entered disabled state [ 351.601701][ T7674] bridge_slave_1: entered allmulticast mode [ 351.631387][ T7674] bridge_slave_1: entered promiscuous mode [ 351.661091][ T7814] netlink: 48 bytes leftover after parsing attributes in process `syz.4.503'. [ 351.753576][ T7817] netlink: 48 bytes leftover after parsing attributes in process `syz.4.503'. [ 353.308496][ T38] kauditd_printk_skb: 20 callbacks suppressed [ 353.308521][ T38] audit: type=1326 audit(1756108875.668:164): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7825 comm="syz.2.506" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe39f56ebe9 code=0x7ffc0000 [ 353.308573][ T38] audit: type=1326 audit(1756108875.668:165): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7825 comm="syz.2.506" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe39f56ebe9 code=0x7ffc0000 [ 353.312507][ T38] audit: type=1326 audit(1756108875.668:166): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7825 comm="syz.2.506" exe="/root/syz-executor" sig=0 arch=c000003e syscall=109 compat=0 ip=0x7fe39f56ebe9 code=0x7ffc0000 [ 353.312568][ T38] audit: type=1326 audit(1756108875.668:167): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7825 comm="syz.2.506" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe39f56ebe9 code=0x7ffc0000 [ 353.312613][ T38] audit: type=1326 audit(1756108875.668:168): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7825 comm="syz.2.506" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe39f56ebe9 code=0x7ffc0000 [ 353.329692][ T38] audit: type=1326 audit(1756108875.687:169): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7825 comm="syz.2.506" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe39f56ebe9 code=0x7ffc0000 [ 353.329752][ T38] audit: type=1326 audit(1756108875.687:170): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7825 comm="syz.2.506" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe39f56ebe9 code=0x7ffc0000 [ 353.329793][ T38] audit: type=1326 audit(1756108875.687:171): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7825 comm="syz.2.506" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe39f56ebe9 code=0x7ffc0000 [ 353.360951][ T38] audit: type=1326 audit(1756108875.706:172): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7825 comm="syz.2.506" exe="/root/syz-executor" sig=0 arch=c000003e syscall=302 compat=0 ip=0x7fe39f56ebe9 code=0x7ffc0000 [ 353.361016][ T38] audit: type=1326 audit(1756108875.706:173): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7825 comm="syz.2.506" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe39f56ebe9 code=0x7ffc0000 [ 355.318708][ T6017] bridge_slave_1: left allmulticast mode [ 355.318750][ T6017] bridge_slave_1: left promiscuous mode [ 355.319061][ T6017] bridge0: port 2(bridge_slave_1) entered disabled state [ 355.532062][ T6017] bridge_slave_0: left allmulticast mode [ 355.532104][ T6017] bridge_slave_0: left promiscuous mode [ 355.532439][ T6017] bridge0: port 1(bridge_slave_0) entered disabled state [ 356.894412][ T7854] netlink: 24 bytes leftover after parsing attributes in process `syz.1.514'. [ 357.335860][ T7866] netlink: 48 bytes leftover after parsing attributes in process `syz.4.517'. [ 357.376689][ T7866] netlink: 48 bytes leftover after parsing attributes in process `syz.4.517'. [ 360.224001][ T5166] usb 5-1: new full-speed USB device number 10 using dummy_hcd [ 360.387343][ T5166] usb 5-1: config 8 has an invalid interface number: 95 but max is 0 [ 360.387378][ T5166] usb 5-1: config 8 has no interface number 0 [ 360.391030][ T5166] usb 5-1: New USB device found, idVendor=05ac, idProduct=024a, bcdDevice=29.78 [ 360.391062][ T5166] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 360.391085][ T5166] usb 5-1: Product: syz [ 360.391100][ T5166] usb 5-1: Manufacturer: syz [ 360.391115][ T5166] usb 5-1: SerialNumber: syz [ 361.215072][ T7882] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 361.312184][ T7882] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 361.988858][ T5166] input: bcm5974 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:8.95/input/input10 [ 362.171731][ T5166] usb 5-1: USB disconnect, device number 10 [ 362.173927][ T5191] bcm5974 5-1:8.95: could not read from device [ 362.401601][ T7894] netlink: 48 bytes leftover after parsing attributes in process `syz.2.527'. [ 362.428813][ T7894] netlink: 48 bytes leftover after parsing attributes in process `syz.2.527'. [ 364.586899][ T6017] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 364.693371][ T6017] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 364.743196][ T6017] bond0 (unregistering): Released all slaves [ 365.081810][ T7674] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 365.128349][ T7874] netdevsim netdevsim3 netdevsim3: entered promiscuous mode [ 365.128435][ T7874] vlan2: entered promiscuous mode [ 365.686026][ T7674] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 366.228433][ T7924] netlink: 5 bytes leftover after parsing attributes in process `syz.1.537'. [ 366.228463][ T7924] netlink: 5 bytes leftover after parsing attributes in process `syz.1.537'. [ 366.228478][ T7924] netlink: 16 bytes leftover after parsing attributes in process `syz.1.537'. [ 366.228497][ T7924] netlink: 5 bytes leftover after parsing attributes in process `syz.1.537'. [ 366.296647][ T7925] netlink: 5 bytes leftover after parsing attributes in process `syz.1.537'. [ 366.296667][ T7925] netlink: 5 bytes leftover after parsing attributes in process `syz.1.537'. [ 366.296680][ T7925] netlink: 5 bytes leftover after parsing attributes in process `syz.1.537'. [ 366.425201][ T6017] hsr_slave_0: left promiscuous mode [ 366.799427][ T6017] hsr_slave_1: left promiscuous mode [ 366.800731][ T6017] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 366.979455][ C0] vkms_vblank_simulate: vblank timer overrun [ 367.493540][ C0] vkms_vblank_simulate: vblank timer overrun [ 367.796612][ C0] vkms_vblank_simulate: vblank timer overrun [ 367.865220][ C0] vkms_vblank_simulate: vblank timer overrun [ 367.975906][ T6017] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 367.979698][ C0] vkms_vblank_simulate: vblank timer overrun [ 368.156987][ C0] vkms_vblank_simulate: vblank timer overrun [ 368.993431][ T7938] netlink: 24 bytes leftover after parsing attributes in process `syz.2.541'. [ 370.040303][ C0] vkms_vblank_simulate: vblank timer overrun [ 370.298680][ C0] vkms_vblank_simulate: vblank timer overrun [ 370.430686][ C0] vkms_vblank_simulate: vblank timer overrun [ 370.510429][ C0] vkms_vblank_simulate: vblank timer overrun [ 370.570123][ C0] vkms_vblank_simulate: vblank timer overrun [ 370.918790][ C0] vkms_vblank_simulate: vblank timer overrun [ 371.238329][ C0] vkms_vblank_simulate: vblank timer overrun [ 371.992372][ T6017] team0 (unregistering): Port device team_slave_1 removed [ 372.062438][ C0] vkms_vblank_simulate: vblank timer overrun [ 372.191495][ T7959] netlink: 5 bytes leftover after parsing attributes in process `syz.4.548'. [ 372.191669][ T7959] netlink: 5 bytes leftover after parsing attributes in process `syz.4.548'. [ 372.191694][ T7959] netlink: 16 bytes leftover after parsing attributes in process `syz.4.548'. [ 372.191722][ T7959] netlink: 5 bytes leftover after parsing attributes in process `syz.4.548'. [ 372.242190][ T7959] netlink: 5 bytes leftover after parsing attributes in process `syz.4.548'. [ 372.242222][ T7959] netlink: 5 bytes leftover after parsing attributes in process `syz.4.548'. [ 372.242241][ T7959] netlink: 5 bytes leftover after parsing attributes in process `syz.4.548'. [ 372.280131][ C0] vkms_vblank_simulate: vblank timer overrun [ 372.381652][ T6017] team0 (unregistering): Port device team_slave_0 removed [ 378.773026][ T5908] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 378.932548][ T5908] usb 5-1: Using ep0 maxpacket: 16 [ 378.935366][ T5908] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 378.935448][ T5908] usb 5-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 9 [ 378.935500][ T5908] usb 5-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 378.935525][ T5908] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 378.993516][ T5908] usb 5-1: config 0 descriptor?? [ 379.046680][ T5908] usbhid 5-1:0.0: couldn't find an input interrupt endpoint [ 379.821749][ T10] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 380.001615][ T10] usb 2-1: Using ep0 maxpacket: 16 [ 380.036666][ T10] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 380.036708][ T10] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 380.036732][ T10] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 380.036785][ T10] usb 2-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 380.036810][ T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 380.110557][ T10] usb 2-1: config 0 descriptor?? [ 380.267063][ T7674] team0: Port device team_slave_0 added [ 380.322894][ T7921] vlan2: entered promiscuous mode [ 380.596787][ T10] usbhid 2-1:0.0: can't add hid device: -71 [ 380.596952][ T10] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 380.701633][ T7674] team0: Port device team_slave_1 added [ 380.707273][ T10] usb 2-1: USB disconnect, device number 4 [ 381.615200][ T44] usb 5-1: USB disconnect, device number 11 [ 382.995878][ T7674] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 382.995901][ T7674] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 382.995932][ T7674] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 384.201545][ T7674] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 384.201561][ T7674] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 384.201578][ T7674] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 386.714651][ T7674] hsr_slave_0: entered promiscuous mode [ 386.719253][ T7674] hsr_slave_1: entered promiscuous mode [ 386.720556][ T7674] debugfs: 'hsr0' already exists in 'hsr' [ 386.720586][ T7674] Cannot create hsr debugfs directory [ 388.674248][ T1323] ieee802154 phy0 wpan0: encryption failed: -22 [ 388.675504][ T1323] ieee802154 phy1 wpan1: encryption failed: -22 [ 395.640049][ T8090] netlink: 24 bytes leftover after parsing attributes in process `syz.1.581'. [ 398.926666][ T5858] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 398.953320][ T5858] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 399.152558][ T5858] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 399.157468][ T5858] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 399.158314][ T5858] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 400.787714][ C0] vkms_vblank_simulate: vblank timer overrun [ 400.960346][ C0] vkms_vblank_simulate: vblank timer overrun [ 401.479437][ T5154] Bluetooth: hci5: command tx timeout [ 401.570756][ T1119] bridge_slave_1: left allmulticast mode [ 401.570799][ T1119] bridge_slave_1: left promiscuous mode [ 401.571212][ T1119] bridge0: port 2(bridge_slave_1) entered disabled state [ 401.649359][ T1119] bridge_slave_0: left allmulticast mode [ 401.649387][ T1119] bridge_slave_0: left promiscuous mode [ 401.649661][ T1119] bridge0: port 1(bridge_slave_0) entered disabled state [ 402.076100][ C0] vkms_vblank_simulate: vblank timer overrun [ 402.687091][ T1119] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 402.881773][ T1119] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 403.143502][ T1119] bond0 (unregistering): Released all slaves [ 403.706625][ T5154] Bluetooth: hci5: command tx timeout [ 405.298389][ T1119] hsr_slave_0: left promiscuous mode [ 405.351538][ T1119] hsr_slave_1: left promiscuous mode [ 405.355693][ T1119] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 405.510727][ T1119] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 405.926485][ T5154] Bluetooth: hci5: command tx timeout [ 408.150098][ T5154] Bluetooth: hci5: command tx timeout [ 410.495243][ T1119] team0 (unregistering): Port device team_slave_1 removed [ 411.820475][ T1119] team0 (unregistering): Port device team_slave_0 removed [ 416.105321][ T8184] bridge0: port 2(bridge_slave_1) entered disabled state [ 416.106075][ T8184] bridge0: port 1(bridge_slave_0) entered disabled state [ 417.592546][ T8267] netlink: 12 bytes leftover after parsing attributes in process `syz.4.624'. [ 418.091505][ T8184] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 418.148398][ T8184] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 421.633658][ T8296] netlink: 68 bytes leftover after parsing attributes in process `syz.1.630'. [ 423.674993][ T88] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 423.682704][ T88] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 423.682768][ T88] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 423.682805][ T88] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 423.830776][ T5858] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 423.878360][ T5858] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 423.897924][ T5858] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 423.900085][ T5858] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 423.901270][ T5858] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 424.032283][ T8126] chnl_net:caif_netlink_parms(): no params data found [ 424.500200][ T8313] netlink: 12 bytes leftover after parsing attributes in process `syz.2.635'. [ 424.776406][ C1] vkms_vblank_simulate: vblank timer overrun [ 425.585573][ C1] vkms_vblank_simulate: vblank timer overrun [ 425.818239][ C1] vkms_vblank_simulate: vblank timer overrun [ 426.114334][ T5154] Bluetooth: hci4: command tx timeout [ 426.382043][ C1] vkms_vblank_simulate: vblank timer overrun [ 426.944637][ T8184] slab kmalloc-2k start ffff8880371c9000 pointer offset 1888 size 2048 [ 426.944689][ T8184] list_del corruption. prev->next should be ffff88803bc76760, but was 0000000000000000. (prev=ffff8880371c9760) [ 426.945358][ T8184] ------------[ cut here ]------------ [ 426.945366][ T8184] kernel BUG at lib/list_debug.c:64! [ 426.951613][ T8184] Oops: invalid opcode: 0000 [#1] SMP KASAN PTI [ 426.951646][ T8184] CPU: 1 UID: 0 PID: 8184 Comm: syz.3.604 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 426.951669][ T8184] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 426.951680][ T8184] RIP: 0010:__list_del_entry_valid_or_report+0x15a/0x190 [ 426.951715][ T8184] Code: e8 eb cb 3e fd 43 80 3c 2c 00 74 08 4c 89 ff e8 2c e9 5d fd 49 8b 17 48 c7 c7 20 11 62 8b 48 89 de 4c 89 f9 e8 87 a6 67 fc 90 <0f> 0b 4c 89 f7 e8 bc cb 3e fd 43 80 3c 2c 00 74 08 4c 89 ff e8 fd [ 426.951731][ T8184] RSP: 0018:ffffc900041a7680 EFLAGS: 00010246 [ 426.951751][ T8184] RAX: 000000000000006d RBX: ffff88803bc76760 RCX: 9c19a85fe011fd00 [ 426.951765][ T8184] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 426.951777][ T8184] RBP: ffff88803bc77010 R08: 0000000000000000 R09: 0000000000000000 [ 426.951790][ T8184] R10: dffffc0000000000 R11: ffffed1017124863 R12: 1ffff11006e392ec [ 426.951804][ T8184] R13: dffffc0000000000 R14: ffff8880371c9760 R15: ffff8880371c9760 [ 426.951819][ T8184] FS: 0000000000000000(0000) GS:ffff8881269c2000(0000) knlGS:0000000000000000 [ 426.951835][ T8184] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 426.951848][ T8184] CR2: 00007fa6e7e685c0 CR3: 000000003f800000 CR4: 00000000003526f0 [ 426.951867][ T8184] Call Trace: [ 426.951875][ T8184] [ 426.951885][ T8184] bt_accept_unlink+0x39/0x240 [ 426.951911][ T8184] l2cap_sock_teardown_cb+0x17e/0x460 [ 426.951942][ T8184] l2cap_chan_del+0xb5/0x5e0 [ 426.951969][ T8184] ? l2cap_conn_del+0x37c/0x680 [ 426.951995][ T8184] l2cap_conn_del+0x388/0x680 [ 426.952021][ T8184] ? __pfx_l2cap_disconn_cfm+0x10/0x10 [ 426.952046][ T8184] hci_conn_hash_flush+0x10a/0x230 [ 426.952093][ T8184] hci_dev_close_sync+0xaef/0x1330 [ 426.952117][ T8184] ? irqentry_exit+0x74/0x90 [ 426.952146][ T8184] ? __pfx_hci_dev_close_sync+0x10/0x10 [ 426.952174][ T8184] hci_unregister_dev+0x21a/0x510 [ 426.952195][ T8184] vhci_release+0x83/0xe0 [ 426.952217][ T8184] ? __pfx_vhci_release+0x10/0x10 [ 426.952237][ T8184] __fput+0x45b/0xa80 [ 426.952261][ T8184] task_work_run+0x1d4/0x260 [ 426.952282][ T8184] ? __pfx_task_work_run+0x10/0x10 [ 426.952302][ T8184] ? do_exit+0x6b0/0x2300 [ 426.952319][ T8184] ? kmem_cache_free+0x195/0x510 [ 426.952348][ T8184] do_exit+0x6b5/0x2300 [ 426.952365][ T8184] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 426.952393][ T8184] ? __lock_acquire+0xab9/0xd20 [ 426.952419][ T8184] ? __pfx_do_exit+0x10/0x10 [ 426.952435][ T8184] ? rt_mutex_slowunlock+0x493/0x8a0 [ 426.952456][ T8184] ? rt_spin_lock+0x1bb/0x2c0 [ 426.952478][ T8184] do_group_exit+0x21c/0x2d0 [ 426.952499][ T8184] get_signal+0x125e/0x1310 [ 426.952532][ T8184] arch_do_signal_or_restart+0x9a/0x750 [ 426.952560][ T8184] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 426.952590][ T8184] ? exit_to_user_mode_loop+0x40/0x110 [ 426.952618][ T8184] exit_to_user_mode_loop+0x75/0x110 [ 426.952644][ T8184] do_syscall_64+0x2bd/0x3b0 [ 426.952669][ T8184] ? lockdep_hardirqs_on+0x9c/0x150 [ 426.952692][ T8184] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 426.952713][ T8184] ? clear_bhb_loop+0x60/0xb0 [ 426.952734][ T8184] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 426.952753][ T8184] RIP: 0033:0x7fe0b3f6ebe9 [ 426.952770][ T8184] Code: Unable to access opcode bytes at 0x7fe0b3f6ebbf. [ 426.952780][ T8184] RSP: 002b:00007fe0b21ce038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 426.952801][ T8184] RAX: 0000000000000028 RBX: 00007fe0b4195fa0 RCX: 00007fe0b3f6ebe9 [ 426.952815][ T8184] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000007 [ 426.952828][ T8184] RBP: 00007fe0b3ff1e19 R08: 0000000000000000 R09: 0000000000000000 [ 426.952841][ T8184] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 426.952852][ T8184] R13: 00007fe0b4196038 R14: 00007fe0b4195fa0 R15: 00007ffd5b732198 [ 426.952873][ T8184] [ 426.952880][ T8184] Modules linked in: [ 426.952894][ T8184] ---[ end trace 0000000000000000 ]--- [ 426.952903][ T8184] RIP: 0010:__list_del_entry_valid_or_report+0x15a/0x190 [ 426.952927][ T8184] Code: e8 eb cb 3e fd 43 80 3c 2c 00 74 08 4c 89 ff e8 2c e9 5d fd 49 8b 17 48 c7 c7 20 11 62 8b 48 89 de 4c 89 f9 e8 87 a6 67 fc 90 <0f> 0b 4c 89 f7 e8 bc cb 3e fd 43 80 3c 2c 00 74 08 4c 89 ff e8 fd [ 426.952943][ T8184] RSP: 0018:ffffc900041a7680 EFLAGS: 00010246 [ 426.952958][ T8184] RAX: 000000000000006d RBX: ffff88803bc76760 RCX: 9c19a85fe011fd00 [ 426.952972][ T8184] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 426.952983][ T8184] RBP: ffff88803bc77010 R08: 0000000000000000 R09: 0000000000000000 [ 426.952995][ T8184] R10: dffffc0000000000 R11: ffffed1017124863 R12: 1ffff11006e392ec [ 426.953010][ T8184] R13: dffffc0000000000 R14: ffff8880371c9760 R15: ffff8880371c9760 [ 426.953025][ T8184] FS: 0000000000000000(0000) GS:ffff8881269c2000(0000) knlGS:0000000000000000 [ 426.953041][ T8184] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 426.953055][ T8184] CR2: 00007fa6e7e685c0 CR3: 000000003f800000 CR4: 00000000003526f0 [ 426.953091][ T8184] Kernel panic - not syncing: Fatal exception [ 426.953635][ T8184] Kernel Offset: disabled