last executing test programs: 1m30.865304976s ago: executing program 1 (id=71): r0 = syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x48100) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r0, 0x40045532, &(0x7f0000000000)=0x7) syz_open_dev$sndpcmp(&(0x7f0000000b00), 0x0, 0x0) syz_open_dev$sndpcmp(&(0x7f0000000440), 0x0, 0x1800) 1m30.531706191s ago: executing program 1 (id=74): r0 = socket$inet6(0xa, 0x1, 0x8010000000000084) sendmmsg$inet6(r0, &(0x7f0000004cc0)=[{{&(0x7f0000000040)={0xa, 0x4e22, 0x1ff, @private0, 0x401}, 0x1c, &(0x7f00000001c0)=[{&(0x7f00000003c0)="f5", 0x1}], 0x1}}, {{&(0x7f0000000480)={0xa, 0x4e24, 0x4, @private2={0xfc, 0x2, '\x00', 0x1}, 0x8e}, 0x1c, &(0x7f0000000d80)=[{&(0x7f0000000c40)="ea", 0x1}], 0x1}}], 0x2, 0x40) shutdown(r0, 0x1) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000300)={0x0, @in6={{0xa, 0x4e24, 0x0, @private2={0xfc, 0x2, '\x00', 0x1}, 0x7fffffff}}, 0x6, 0x1, 0x3bf8580d, 0x0, 0xb3550aa4ba878396, 0x2}, 0x9c) 1m30.017261124s ago: executing program 1 (id=77): r0 = socket(0x11, 0x800000003, 0x0) r1 = socket(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000600)={'team0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000740)=@newqdisc={0x88, 0x24, 0xf0b, 0x0, 0x25dfdbfd, {0x0, 0x0, 0x0, r2, {0x0, 0x4}, {0xffff, 0xffff}, {0x0, 0x2}}, [@qdisc_kind_options=@q_mqprio={{0xb}, {0x58, 0x2, {{0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x1], 0x0, [0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000], [0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x2]}}}}]}, 0x88}}, 0x0) 1m29.68003279s ago: executing program 1 (id=79): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/power/pm_async', 0x42, 0x0) io_setup(0x20, &(0x7f0000001140)=0x0) io_submit(r1, 0x1, &(0x7f0000000300)=[&(0x7f0000002040)={0xf, 0x400000000000, 0x0, 0x1, 0x0, r0, &(0x7f0000000a80)='71\a', 0x3, 0x20000000000000}]) 1m29.260594113s ago: executing program 1 (id=82): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x3a8bc000) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) map_shadow_stack(&(0x7f0000143000/0x4000)=nil, 0x4000, 0x1) 1m26.910935187s ago: executing program 1 (id=90): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) ioctl$PPPIOCNEWUNIT(r1, 0xc004743e, &(0x7f0000000000)=0x1) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="4c00000010003df600"/20, @ANYRES32=0x0, @ANYBLOB="00000000000000001400030064766d727009000000000000000000001800128008000100707070000c00028008000100", @ANYRES32=r1], 0x4c}}, 0x0) 1m25.048477165s ago: executing program 2 (id=95): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xc, 0x4008031, 0xffffffffffffffff, 0x1000) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) io_setup(0x7, 0x0) 1m21.23264042s ago: executing program 2 (id=99): mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040), 0x200002, 0x0) r1 = openat$cgroup_devices(r0, &(0x7f0000000000)='devices.deny\x00', 0x2, 0x0) write$cgroup_devices(r1, &(0x7f0000000280)=ANY=[@ANYBLOB='b *:4\trr\nD'], 0xa) 1m17.703917807s ago: executing program 2 (id=104): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000002480)=@deltfilter={0x2c, 0x2d, 0x1, 0x78bd2d, 0x25dfdbfd, {0x0, 0x0, 0x0, r2, {0xfff3, 0x3}, {0xffe0, 0xffff}, {0xffe0, 0xb}}, [@TCA_CHAIN={0x8, 0xb, 0x5}]}, 0x2c}}, 0x20044000) 1m16.956422003s ago: executing program 2 (id=107): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) r0 = inotify_init() r1 = inotify_add_watch(r0, &(0x7f0000000280)='.\x00', 0x25000001) inotify_rm_watch(r0, r1) 1m15.243249935s ago: executing program 2 (id=110): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000780)={'netdevsim0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000140)=@newqdisc={0x30, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_clsact={0xb}]}, 0x30}}, 0x0) 1m12.688877904s ago: executing program 4 (id=115): mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_ro(r0, &(0x7f0000000180)='cpuacct.stat\x00', 0x0, 0x0) read$FUSE(r1, &(0x7f0000005fc0)={0x2020}, 0x2020) 1m12.556647002s ago: executing program 3 (id=116): mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x2, &(0x7f0000000080)=0x9, 0x8, 0x0) mbind(&(0x7f00005f7000/0x2000)=nil, 0x2000, 0x0, 0x0, 0x0, 0x0) mbind(&(0x7f0000673000/0x1000)=nil, 0x1000, 0x3, &(0x7f00000009c0)=0x7, 0x3, 0x0) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x0) 1m12.104426231s ago: executing program 3 (id=117): socket$inet6(0xa, 0x80003, 0xff) r0 = socket$inet6(0xa, 0x80003, 0xff) setsockopt$inet6_int(r0, 0x29, 0x16, &(0x7f0000fcb000), 0x4) close(0x3) 1m12.090525072s ago: executing program 4 (id=118): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000240)={0x26, 'hash\x00', 0x0, 0x0, 'sm3\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x80000) sendmsg$kcm(r1, &(0x7f0000001880)={0x0, 0xf5, &(0x7f0000001600)=[{&(0x7f0000001a00)="e8a472", 0x3}, {&(0x7f00000000c0)="bcc9b1557de1fad1f955144629ed4dcf3c33679ea22502e3cff8923bf5d43921bc111a262f295a8eb540", 0x7fffeffd}, {&(0x7f0000001680)="094fb143daa9baa36aaa2cca06886c533118e056", 0x14}], 0x3}, 0x0) 1m11.567711005s ago: executing program 32 (id=90): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) ioctl$PPPIOCNEWUNIT(r1, 0xc004743e, &(0x7f0000000000)=0x1) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="4c00000010003df600"/20, @ANYRES32=0x0, @ANYBLOB="00000000000000001400030064766d727009000000000000000000001800128008000100707070000c00028008000100", @ANYRES32=r1], 0x4c}}, 0x0) 1m11.524286541s ago: executing program 3 (id=120): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="640000000001010400000000141a000002000000240001801400018008000100e000000108000200e00000010c00028005000100000000002400028014000180080001000000000008000200ac1e00010c00028005000100000000000800074000000001"], 0x64}}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=ANY=[@ANYBLOB="4c00000000010104000000000000000002000000240001801400018008000100e000000108000200e00000010c0002800500010000000000140016"], 0x4c}}, 0x0) 1m11.234578746s ago: executing program 3 (id=121): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000180), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f00000001c0)={'wpan0\x00', 0x0}) sendmsg$NL802154_CMD_NEW_SEC_KEY(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000000)=ANY=[@ANYBLOB='|\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="3f9d00000000000000001700000008000300", @ANYRES32=r2, @ANYBLOB="60003080050002000000000014000400403a050c5bae9c544ef2b6d713459a7a1c00018005000200000000000800040005000000080001000200"], 0x7c}}, 0x0) 1m10.870549318s ago: executing program 4 (id=122): r0 = socket$inet(0x2, 0x801, 0x0) listen(r0, 0x3) pipe2(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) splice(r0, 0x0, r1, 0x0, 0x7ffff000, 0x0) 1m7.644599003s ago: executing program 4 (id=123): r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00') r1 = socket(0x2, 0x80805, 0x0) sendmmsg$inet(r1, &(0x7f0000000440)=[{{&(0x7f0000000280)={0x2, 0x4e22, @private=0xa010101}, 0x10, &(0x7f0000000980)=[{&(0x7f0000000200)="9c", 0x1}], 0x1}}, {{&(0x7f0000000080)={0x2, 0x4e22, @rand_addr=0x64010101}, 0x10, &(0x7f0000000180)=[{&(0x7f00000000c0)="99", 0x1}], 0x1}}], 0x2, 0x48000) dup2(r0, r1) 1m7.387502349s ago: executing program 4 (id=124): r0 = socket(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x4e20, 0x0, @empty, 0x4000002}, 0x1c) setsockopt$inet6_int(r0, 0x29, 0x19, &(0x7f0000000100)=0x1, 0x4) syz_emit_ethernet(0x6e, &(0x7f0000000280)={@multicast, @broadcast, @void, {@ipv6={0x86dd, @icmpv6={0x9, 0x6, 'z&-', 0x38, 0x3a, 0xfe, @local, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x500, {0x2, 0x6, "081331", 0x3f6f, 0xff, 0x0, @mcast1, @loopback, [@fragment={0x84, 0x0, 0xa, 0x0, 0x0, 0x7, 0x65}]}}}}}}}, 0x0) 1m7.112212404s ago: executing program 4 (id=125): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x1, 0x8000000, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000500)={0x0, 0x1, 0x20000000000000, 0x2000, &(0x7f0000000000/0x2000)=nil}) 1m6.354215065s ago: executing program 2 (id=126): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f00000001c0)=ANY=[@ANYBLOB="01000000000000009200004000000000000000c3"]) 1m6.207659164s ago: executing program 3 (id=127): mkdir(&(0x7f0000000000)='./file0\x00', 0x18a) mkdirat(0xffffffffffffff9c, &(0x7f0000000440)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000000), 0x10000, &(0x7f00000002c0)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './bus'}}], [], 0x2c}) removexattr(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000240)=@known='trusted.overlay.impure\x00') 1m5.476531774s ago: executing program 3 (id=128): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x100, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f00000001c0)=ANY=[@ANYBLOB="01000000000000008202"]) 52.022763839s ago: executing program 33 (id=125): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x1, 0x8000000, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000500)={0x0, 0x1, 0x20000000000000, 0x2000, &(0x7f0000000000/0x2000)=nil}) 50.897629448s ago: executing program 34 (id=126): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f00000001c0)=ANY=[@ANYBLOB="01000000000000009200004000000000000000c3"]) 49.785713647s ago: executing program 35 (id=128): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x100, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f00000001c0)=ANY=[@ANYBLOB="01000000000000008202"]) 31.289055114s ago: executing program 0 (id=139): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000040)={'wlan1\x00', 0x0}) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000001440)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r2, @ANYBLOB="0100000000000000000092af000008000300", @ANYRES32=r1], 0x1c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) 22.674492019s ago: executing program 0 (id=140): r0 = openat$vicodec1(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.controllers\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xa, 0x28011, r1, 0x0) read(r0, &(0x7f0000000080)=""/152, 0x98) 22.415638659s ago: executing program 0 (id=141): pipe2(&(0x7f0000000000)={0x0, 0x0}, 0x0) close(r0) close(r1) 22.221227776s ago: executing program 0 (id=142): r0 = fsopen(&(0x7f0000000040)='sysfs\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x0, 0x5) mount_setattr(r1, &(0x7f0000000000)='.\x00', 0x0, &(0x7f0000000200)={0x5}, 0x20) 17.470815968s ago: executing program 0 (id=143): r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) setsockopt$SO_TIMESTAMP(r0, 0x1, 0x23, &(0x7f0000000040)=0x80, 0x4) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1c}, 0xd}, 0x1c) recvmmsg(r0, &(0x7f00000018c0)=[{{0x0, 0x0, &(0x7f0000000640)=[{&(0x7f0000000080)=""/55, 0x37}], 0x1}, 0x10000}], 0x1, 0x2, 0x0) 15.229778696s ago: executing program 0 (id=144): r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000240), 0xc0802, 0x0) ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f00000000c0)) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000240), 0xc0802, 0x0) ioctl$PPPIOCNEWUNIT(r1, 0xc004743e, &(0x7f00000000c0)) 0s ago: executing program 36 (id=144): r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000240), 0xc0802, 0x0) ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f00000000c0)) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000240), 0xc0802, 0x0) ioctl$PPPIOCNEWUNIT(r1, 0xc004743e, &(0x7f00000000c0)) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.71' (ED25519) to the list of known hosts. [ 91.214514][ T5800] cgroup: Unknown subsys name 'net' [ 91.471102][ T5800] cgroup: Unknown subsys name 'cpuset' [ 91.545962][ T5800] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 92.161384][ T31] cfg80211: failed to load regulatory.db [ 93.562264][ T5800] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 97.815899][ T5813] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 97.828312][ T5813] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 97.846704][ T5813] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 97.853286][ T5813] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 97.854168][ T5813] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 97.937604][ T5813] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 97.941396][ T5813] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 97.962161][ T5819] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 97.976084][ T5821] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 97.986761][ T5821] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 98.032680][ T59] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 98.039495][ T59] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 98.040718][ T59] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 98.043136][ T59] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 98.044215][ T59] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 98.125662][ T5823] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 98.129952][ T5823] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 98.132862][ T5823] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 98.162204][ T5823] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 98.163318][ T5823] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 98.179263][ T5823] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 98.187423][ T5823] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 98.188767][ T5823] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 98.192134][ T5823] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 98.202029][ T59] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 99.044352][ T5811] chnl_net:caif_netlink_parms(): no params data found [ 99.374462][ T5815] chnl_net:caif_netlink_parms(): no params data found [ 99.456499][ T5814] chnl_net:caif_netlink_parms(): no params data found [ 99.724863][ T5825] chnl_net:caif_netlink_parms(): no params data found [ 99.836725][ T5816] chnl_net:caif_netlink_parms(): no params data found [ 99.916922][ T5821] Bluetooth: hci0: command tx timeout [ 99.955860][ T5811] bridge0: port 1(bridge_slave_0) entered blocking state [ 99.957629][ T5811] bridge0: port 1(bridge_slave_0) entered disabled state [ 99.958161][ T5811] bridge_slave_0: entered allmulticast mode [ 99.960279][ T5811] bridge_slave_0: entered promiscuous mode [ 100.030081][ T5811] bridge0: port 2(bridge_slave_1) entered blocking state [ 100.030249][ T5811] bridge0: port 2(bridge_slave_1) entered disabled state [ 100.030451][ T5811] bridge_slave_1: entered allmulticast mode [ 100.033307][ T5811] bridge_slave_1: entered promiscuous mode [ 100.075372][ T5823] Bluetooth: hci2: command tx timeout [ 100.075607][ T5821] Bluetooth: hci1: command tx timeout [ 100.235669][ T5821] Bluetooth: hci3: command tx timeout [ 100.325306][ T5821] Bluetooth: hci4: command tx timeout [ 100.714315][ T5815] bridge0: port 1(bridge_slave_0) entered blocking state [ 100.714473][ T5815] bridge0: port 1(bridge_slave_0) entered disabled state [ 100.714839][ T5815] bridge_slave_0: entered allmulticast mode [ 100.728287][ T5815] bridge_slave_0: entered promiscuous mode [ 100.750315][ T5811] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 100.855358][ T5815] bridge0: port 2(bridge_slave_1) entered blocking state [ 100.855504][ T5815] bridge0: port 2(bridge_slave_1) entered disabled state [ 100.855791][ T5815] bridge_slave_1: entered allmulticast mode [ 100.858106][ T5815] bridge_slave_1: entered promiscuous mode [ 100.864091][ T5811] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 100.878269][ T5814] bridge0: port 1(bridge_slave_0) entered blocking state [ 100.878444][ T5814] bridge0: port 1(bridge_slave_0) entered disabled state [ 100.879204][ T5814] bridge_slave_0: entered allmulticast mode [ 100.882632][ T5814] bridge_slave_0: entered promiscuous mode [ 101.209688][ T5814] bridge0: port 2(bridge_slave_1) entered blocking state [ 101.209885][ T5814] bridge0: port 2(bridge_slave_1) entered disabled state [ 101.210212][ T5814] bridge_slave_1: entered allmulticast mode [ 101.212600][ T5814] bridge_slave_1: entered promiscuous mode [ 101.707678][ T5825] bridge0: port 1(bridge_slave_0) entered blocking state [ 101.707837][ T5825] bridge0: port 1(bridge_slave_0) entered disabled state [ 101.708055][ T5825] bridge_slave_0: entered allmulticast mode [ 101.711208][ T5825] bridge_slave_0: entered promiscuous mode [ 101.742295][ T5815] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 101.747428][ T5811] team0: Port device team_slave_0 added [ 101.752264][ T5816] bridge0: port 1(bridge_slave_0) entered blocking state [ 101.752425][ T5816] bridge0: port 1(bridge_slave_0) entered disabled state [ 101.752751][ T5816] bridge_slave_0: entered allmulticast mode [ 101.775769][ T5816] bridge_slave_0: entered promiscuous mode [ 101.848061][ T5825] bridge0: port 2(bridge_slave_1) entered blocking state [ 101.848205][ T5825] bridge0: port 2(bridge_slave_1) entered disabled state [ 101.848407][ T5825] bridge_slave_1: entered allmulticast mode [ 101.851346][ T5825] bridge_slave_1: entered promiscuous mode [ 101.858763][ T5815] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 101.862527][ T5811] team0: Port device team_slave_1 added [ 101.871462][ T5816] bridge0: port 2(bridge_slave_1) entered blocking state [ 101.871607][ T5816] bridge0: port 2(bridge_slave_1) entered disabled state [ 101.871872][ T5816] bridge_slave_1: entered allmulticast mode [ 101.885605][ T5816] bridge_slave_1: entered promiscuous mode [ 101.894116][ T5814] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 101.995717][ T5821] Bluetooth: hci0: command tx timeout [ 102.155751][ T5823] Bluetooth: hci2: command tx timeout [ 102.155845][ T5821] Bluetooth: hci1: command tx timeout [ 102.259597][ T5814] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 102.315406][ T5821] Bluetooth: hci3: command tx timeout [ 102.395413][ T5821] Bluetooth: hci4: command tx timeout [ 102.753312][ T5825] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 102.759347][ T5815] team0: Port device team_slave_0 added [ 102.761538][ T5811] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 102.761559][ T5811] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 102.761608][ T5811] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 102.772591][ T5816] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 102.851324][ T5825] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 102.853092][ T5815] team0: Port device team_slave_1 added [ 102.854107][ T5811] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 102.854118][ T5811] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 102.854139][ T5811] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 102.863937][ T5816] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 102.877739][ T5814] team0: Port device team_slave_0 added [ 103.148675][ T5814] team0: Port device team_slave_1 added [ 103.429624][ T5825] team0: Port device team_slave_0 added [ 103.431377][ T5815] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 103.431396][ T5815] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 103.431424][ T5815] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 103.447833][ T5816] team0: Port device team_slave_0 added [ 103.559051][ T5815] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 103.559075][ T5815] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 103.559111][ T5815] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 103.562729][ T5825] team0: Port device team_slave_1 added [ 103.668120][ T5816] team0: Port device team_slave_1 added [ 103.829108][ T5814] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 103.829127][ T5814] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 103.829157][ T5814] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 104.067732][ T5814] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 104.067751][ T5814] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 104.067782][ T5814] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 104.075333][ T5821] Bluetooth: hci0: command tx timeout [ 104.169151][ T5811] hsr_slave_0: entered promiscuous mode [ 104.170849][ T5811] hsr_slave_1: entered promiscuous mode [ 104.235540][ T5823] Bluetooth: hci2: command tx timeout [ 104.235647][ T5821] Bluetooth: hci1: command tx timeout [ 104.272553][ T5825] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 104.272570][ T5825] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 104.272591][ T5825] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 104.292454][ T5816] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 104.292486][ T5816] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 104.292521][ T5816] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 104.395568][ T5821] Bluetooth: hci3: command tx timeout [ 104.417807][ T5825] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 104.417826][ T5825] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 104.417857][ T5825] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 104.421944][ T5816] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 104.421962][ T5816] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 104.421992][ T5816] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 104.485368][ T5821] Bluetooth: hci4: command tx timeout [ 104.708542][ T5815] hsr_slave_0: entered promiscuous mode [ 104.710010][ T5815] hsr_slave_1: entered promiscuous mode [ 104.710952][ T5815] debugfs: 'hsr0' already exists in 'hsr' [ 104.711045][ T5815] Cannot create hsr debugfs directory [ 104.993164][ T5814] hsr_slave_0: entered promiscuous mode [ 104.994165][ T5814] hsr_slave_1: entered promiscuous mode [ 104.994799][ T5814] debugfs: 'hsr0' already exists in 'hsr' [ 104.994822][ T5814] Cannot create hsr debugfs directory [ 105.461489][ T5825] hsr_slave_0: entered promiscuous mode [ 105.462597][ T5825] hsr_slave_1: entered promiscuous mode [ 105.463269][ T5825] debugfs: 'hsr0' already exists in 'hsr' [ 105.463290][ T5825] Cannot create hsr debugfs directory [ 105.570718][ T5816] hsr_slave_0: entered promiscuous mode [ 105.572174][ T5816] hsr_slave_1: entered promiscuous mode [ 105.573647][ T5816] debugfs: 'hsr0' already exists in 'hsr' [ 105.573682][ T5816] Cannot create hsr debugfs directory [ 106.155487][ T5821] Bluetooth: hci0: command tx timeout [ 106.315682][ T5823] Bluetooth: hci2: command tx timeout [ 106.315742][ T5821] Bluetooth: hci1: command tx timeout [ 106.475396][ T5821] Bluetooth: hci3: command tx timeout [ 106.555500][ T5821] Bluetooth: hci4: command tx timeout [ 107.207887][ T5811] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 107.262524][ T5811] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 107.300752][ T5811] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 107.353042][ T5811] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 107.532198][ T5815] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 107.576066][ T5815] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 107.613068][ T5815] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 107.685623][ T5815] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 107.877106][ T5814] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 107.923285][ T5814] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 107.982350][ T5814] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 108.027264][ T5814] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 108.222567][ T5825] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 108.263798][ T5825] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 108.305508][ T5825] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 108.354893][ T5825] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 108.483830][ T5811] 8021q: adding VLAN 0 to HW filter on device bond0 [ 108.547013][ T5816] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 108.596934][ T5816] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 108.653816][ T5816] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 108.689101][ T5816] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 108.789333][ T5811] 8021q: adding VLAN 0 to HW filter on device team0 [ 108.846850][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 108.847277][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 108.891223][ T5815] 8021q: adding VLAN 0 to HW filter on device bond0 [ 108.932826][ T1376] bridge0: port 2(bridge_slave_1) entered blocking state [ 108.933065][ T1376] bridge0: port 2(bridge_slave_1) entered forwarding state [ 109.042652][ T5815] 8021q: adding VLAN 0 to HW filter on device team0 [ 109.118588][ T1376] bridge0: port 1(bridge_slave_0) entered blocking state [ 109.118816][ T1376] bridge0: port 1(bridge_slave_0) entered forwarding state [ 109.174145][ T5814] 8021q: adding VLAN 0 to HW filter on device bond0 [ 109.201773][ T1376] bridge0: port 2(bridge_slave_1) entered blocking state [ 109.202045][ T1376] bridge0: port 2(bridge_slave_1) entered forwarding state [ 109.334423][ T5814] 8021q: adding VLAN 0 to HW filter on device team0 [ 109.413681][ T5825] 8021q: adding VLAN 0 to HW filter on device bond0 [ 109.444715][ T67] bridge0: port 1(bridge_slave_0) entered blocking state [ 109.445079][ T67] bridge0: port 1(bridge_slave_0) entered forwarding state [ 109.519176][ T1149] bridge0: port 2(bridge_slave_1) entered blocking state [ 109.519369][ T1149] bridge0: port 2(bridge_slave_1) entered forwarding state [ 109.608949][ T5825] 8021q: adding VLAN 0 to HW filter on device team0 [ 109.641844][ T5816] 8021q: adding VLAN 0 to HW filter on device bond0 [ 109.672979][ T1376] bridge0: port 1(bridge_slave_0) entered blocking state [ 109.673904][ T1376] bridge0: port 1(bridge_slave_0) entered forwarding state [ 109.742454][ T1376] bridge0: port 2(bridge_slave_1) entered blocking state [ 109.745410][ T1376] bridge0: port 2(bridge_slave_1) entered forwarding state [ 109.870346][ T5816] 8021q: adding VLAN 0 to HW filter on device team0 [ 109.945885][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 109.946045][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 110.032421][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 110.032576][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 110.176567][ T5811] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 110.366101][ T5815] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 110.584594][ T5814] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 110.624858][ T5811] veth0_vlan: entered promiscuous mode [ 110.771370][ T5811] veth1_vlan: entered promiscuous mode [ 110.879683][ T5815] veth0_vlan: entered promiscuous mode [ 110.985949][ T5815] veth1_vlan: entered promiscuous mode [ 111.043116][ T5825] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 111.132419][ T5811] veth0_macvtap: entered promiscuous mode [ 111.193212][ T5814] veth0_vlan: entered promiscuous mode [ 111.201599][ T5811] veth1_macvtap: entered promiscuous mode [ 111.222917][ T5816] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 111.292352][ T5814] veth1_vlan: entered promiscuous mode [ 111.314295][ T5815] veth0_macvtap: entered promiscuous mode [ 111.373641][ T5811] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 111.381494][ T5815] veth1_macvtap: entered promiscuous mode [ 111.420363][ T5811] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 111.532048][ T57] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 111.548565][ T57] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 111.554527][ T57] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 111.592621][ T5815] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 111.592978][ T57] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 111.646291][ T5815] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 111.714288][ T5814] veth0_macvtap: entered promiscuous mode [ 111.764041][ T57] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 111.778205][ T5816] veth0_vlan: entered promiscuous mode [ 111.799700][ T57] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 111.815510][ T57] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 111.820950][ T5814] veth1_macvtap: entered promiscuous mode [ 111.840834][ T57] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 112.046739][ T5816] veth1_vlan: entered promiscuous mode [ 112.179137][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 112.179172][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 112.249110][ T5814] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 112.308917][ T5825] veth0_vlan: entered promiscuous mode [ 112.392177][ T5814] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 112.444485][ T67] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 112.444509][ T67] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 112.501858][ T5825] veth1_vlan: entered promiscuous mode [ 112.517574][ T4578] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 112.521663][ T4578] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 112.521816][ T4578] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 112.521833][ T4578] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 112.537583][ T4578] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 112.621405][ T13] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 112.674232][ T5816] veth0_macvtap: entered promiscuous mode [ 112.792690][ T5816] veth1_macvtap: entered promiscuous mode [ 112.843104][ T5929] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 112.916203][ T1149] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 112.916227][ T1149] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 113.239831][ T5825] veth0_macvtap: entered promiscuous mode [ 113.247283][ T5816] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 113.345588][ T4578] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 113.345610][ T4578] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 113.361527][ T5825] veth1_macvtap: entered promiscuous mode [ 113.397318][ T5816] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 113.524957][ T4578] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 113.604224][ T4578] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 113.637953][ T4578] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 113.720082][ T4578] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 113.796308][ T1376] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 113.796331][ T1376] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 113.887132][ T5825] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 114.001632][ T5825] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 114.084572][ T1376] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 114.156899][ T1376] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 114.160008][ T1376] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 114.160440][ T1376] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 114.467622][ T5944] netlink: 'syz.2.11': attribute type 1 has an invalid length. [ 114.467711][ T5944] netlink: 144 bytes leftover after parsing attributes in process `syz.2.11'. [ 114.467747][ T5944] netlink: 28 bytes leftover after parsing attributes in process `syz.2.11'. [ 114.567062][ T1349] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 114.567090][ T1349] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 114.970120][ T1149] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 114.970143][ T1149] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 115.287050][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 115.287075][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 115.942324][ T1376] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 115.942347][ T1376] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 115.991957][ T5971] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 116.055610][ T10] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 116.228066][ T10] usb 1-1: Using ep0 maxpacket: 16 [ 116.270849][ T5976] netlink: 148 bytes leftover after parsing attributes in process `syz.1.22'. [ 116.308393][ T10] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 116.308462][ T10] usb 1-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 116.308488][ T10] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 116.359942][ T10] usb 1-1: config 0 descriptor?? [ 116.876063][ T2041] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 116.960991][ T10] mcp2221 0003:04D8:00DD.0001: USB HID v0.05 Device [HID 04d8:00dd] on usb-dummy_hcd.0-1/input0 [ 117.032004][ T2041] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0 [ 117.032038][ T2041] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x7 has invalid maxpacket 0 [ 117.032065][ T2041] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0 [ 117.032089][ T2041] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x89 has invalid maxpacket 0 [ 117.032135][ T2041] usb 3-1: New USB device found, idVendor=2040, idProduct=4900, bcdDevice=4d.8b [ 117.032160][ T2041] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 117.269399][ T2041] usb 3-1: config 0 descriptor?? [ 117.502978][ T2041] hdpvr 3-1:0.0: firmware version 0x0 dated [ 117.502999][ T2041] hdpvr 3-1:0.0: untested firmware, the driver might not work. [ 117.616255][ T10] usb 1-1: USB disconnect, device number 2 [ 118.152281][ T2041] hdpvr 3-1:0.0: Could not setup controls [ 118.153008][ T2041] hdpvr 3-1:0.0: registering videodev failed [ 118.281027][ T2041] hdpvr 3-1:0.0: probe with driver hdpvr failed with error -71 [ 118.378747][ T2041] usb 3-1: USB disconnect, device number 2 [ 118.529305][ T5997] netlink: 64 bytes leftover after parsing attributes in process `syz.0.29'. [ 119.154994][ T38] audit: type=1326 audit(1759200199.314:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6007 comm="syz.3.33" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4dd4fbeec9 code=0x7ffc0000 [ 119.155057][ T38] audit: type=1326 audit(1759200199.324:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6007 comm="syz.3.33" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4dd4fbeec9 code=0x7ffc0000 [ 119.180769][ T38] audit: type=1326 audit(1759200199.344:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6007 comm="syz.3.33" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f4dd4fbeec9 code=0x7ffc0000 [ 119.218949][ T38] audit: type=1326 audit(1759200199.384:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6007 comm="syz.3.33" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4dd4fbeec9 code=0x7ffc0000 [ 119.233707][ T38] audit: type=1326 audit(1759200199.394:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6007 comm="syz.3.33" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f4dd4fb5d67 code=0x7ffc0000 [ 119.233785][ T38] audit: type=1326 audit(1759200199.394:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6007 comm="syz.3.33" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f4dd4f5af79 code=0x7ffc0000 [ 119.241006][ T38] audit: type=1326 audit(1759200199.394:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6007 comm="syz.3.33" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4dd4fbeec9 code=0x7ffc0000 [ 119.242944][ T38] audit: type=1326 audit(1759200199.414:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6007 comm="syz.3.33" exe="/root/syz-executor" sig=0 arch=c000003e syscall=10 compat=0 ip=0x7f4dd4fbeec9 code=0x7ffc0000 [ 119.254634][ T38] audit: type=1326 audit(1759200199.424:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6007 comm="syz.3.33" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f4dd4fb5d67 code=0x7ffc0000 [ 119.254703][ T38] audit: type=1326 audit(1759200199.424:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6007 comm="syz.3.33" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f4dd4f5af79 code=0x7ffc0000 [ 119.423302][ T5181] udevd[5181]: worker [5885] terminated by signal 33 (Unknown signal 33) [ 119.423360][ T5181] udevd[5181]: worker [5885] failed while handling '/devices/virtual/block/loop0' [ 120.349147][ T6028] netlink: 'syz.2.43': attribute type 1 has an invalid length. [ 120.349172][ T6028] netlink: 172 bytes leftover after parsing attributes in process `syz.2.43'. [ 120.480090][ T6032] netlink: 'syz.4.44': attribute type 1 has an invalid length. [ 120.480195][ T6032] netlink: 160 bytes leftover after parsing attributes in process `syz.4.44'. [ 120.533742][ T6036] vivid-000: disconnect [ 120.534506][ T6035] vivid-000: reconnect [ 122.802150][ T5821] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0 [ 122.802249][ T5821] Bluetooth: hci0: Injecting HCI hardware error event [ 122.803604][ T5821] Bluetooth: hci0: hardware error 0x00 [ 123.838630][ T6101] syz.0.75 (6101) used greatest stack depth: 18968 bytes left [ 124.770858][ T6116] netlink: 8 bytes leftover after parsing attributes in process `syz.0.81'. [ 125.197638][ T5821] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 126.482519][ T6125] syz.4.85 (6125) used greatest stack depth: 18728 bytes left [ 128.871881][ T6133] syz.4.89 (6133) used greatest stack depth: 18504 bytes left [ 129.784871][ T9] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 129.967346][ T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 129.967384][ T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 129.967426][ T9] usb 5-1: New USB device found, idVendor=1e7d, idProduct=319c, bcdDevice= 0.00 [ 129.967452][ T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 130.057142][ T9] usb 5-1: config 0 descriptor?? [ 130.754342][ T9] isku 0003:1E7D:319C.0002: unknown main item tag 0x0 [ 130.754391][ T9] isku 0003:1E7D:319C.0002: unknown main item tag 0x0 [ 130.887340][ T9] isku 0003:1E7D:319C.0002: hidraw0: USB HID v0.00 Device [HID 1e7d:319c] on usb-dummy_hcd.4-1/input0 [ 131.188412][ T9] usb 5-1: USB disconnect, device number 2 [ 132.578423][ T6169] fido_id[6169]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/report_descriptor': No such file or directory [ 132.946001][ C0] sched: DL replenish lagged too much [ 133.893263][ T9] usb 1-1: new full-speed USB device number 3 using dummy_hcd [ 134.099013][ T9] usb 1-1: config index 0 descriptor too short (expected 35577, got 27) [ 134.099045][ T9] usb 1-1: config 1 has too many interfaces: 92, using maximum allowed: 32 [ 134.099069][ T9] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 92 [ 134.099092][ T9] usb 1-1: config 1 has no interface number 0 [ 134.099152][ T9] usb 1-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10 [ 134.099181][ T9] usb 1-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17 [ 134.099228][ T9] usb 1-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8 [ 134.099253][ T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 134.235710][ T9] snd_usb_pod 1-1:1.1: Line 6 Pocket POD found [ 135.012671][ T9] snd_usb_pod 1-1:1.1: Line 6 Pocket POD now attached [ 135.339795][ T9] usb 1-1: USB disconnect, device number 3 [ 135.368739][ T9] snd_usb_pod 1-1:1.1: Line 6 Pocket POD now disconnected [ 136.020304][ T6192] netlink: 56 bytes leftover after parsing attributes in process `syz.0.103'. [ 136.341448][ T9] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 136.509269][ T9] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 136.509299][ T9] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 136.511072][ T9] usb 1-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 136.511103][ T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 136.511125][ T9] usb 1-1: SerialNumber: syz [ 138.248397][ T1320] ieee802154 phy0 wpan0: encryption failed: -22 [ 138.248746][ T1320] ieee802154 phy1 wpan1: encryption failed: -22 [ 141.136415][ T6222] Zero length message leads to an empty skb [ 141.742677][ T9] usb 1-1: 0:2 : does not exist [ 143.553140][ T5823] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 143.571274][ T5823] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 143.573720][ T5823] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 143.599252][ T5823] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 143.606518][ T5823] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 145.667065][ T5823] Bluetooth: hci5: command tx timeout [ 146.095264][ T10] usb 1-1: USB disconnect, device number 4 [ 147.455944][ T6235] netlink: 36 bytes leftover after parsing attributes in process `syz.3.121'. [ 147.772758][ T5823] Bluetooth: hci5: command tx timeout [ 148.825679][ T38] kauditd_printk_skb: 13 callbacks suppressed [ 148.825702][ T38] audit: type=1326 audit(1759200484.990:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6257 comm="syz.0.129" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f95f443eec9 code=0x0 [ 149.383644][ T6239] chnl_net:caif_netlink_parms(): no params data found [ 149.824669][ T5823] Bluetooth: hci5: command tx timeout [ 151.903667][ T5823] Bluetooth: hci5: command tx timeout [ 162.883846][ T5821] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 162.886236][ T5821] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 162.904335][ T5821] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 162.906487][ T5821] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 162.940640][ T5821] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 163.561440][ T5821] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 163.579270][ T5821] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 163.580320][ T5821] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 163.584570][ T5821] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 163.586672][ T5821] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 165.027148][ T5823] Bluetooth: hci6: command tx timeout [ 165.115621][ T5821] Bluetooth: hci8: unexpected cc 0x0c03 length: 249 > 1 [ 165.129348][ T5821] Bluetooth: hci8: unexpected cc 0x1003 length: 249 > 9 [ 165.130461][ T5821] Bluetooth: hci8: unexpected cc 0x1001 length: 249 > 9 [ 165.132090][ T5821] Bluetooth: hci8: unexpected cc 0x0c23 length: 249 > 4 [ 165.132926][ T5821] Bluetooth: hci8: unexpected cc 0x0c38 length: 249 > 2 [ 165.656875][ T5823] Bluetooth: hci7: command tx timeout [ 167.096123][ T5823] Bluetooth: hci6: command tx timeout [ 167.176202][ T5823] Bluetooth: hci8: command tx timeout [ 167.735851][ T5823] Bluetooth: hci7: command tx timeout [ 169.175164][ T5823] Bluetooth: hci6: command tx timeout [ 169.255591][ T5823] Bluetooth: hci8: command tx timeout [ 169.824817][ T5823] Bluetooth: hci7: command tx timeout [ 171.254122][ T5823] Bluetooth: hci6: command tx timeout [ 171.339222][ T5823] Bluetooth: hci8: command tx timeout [ 171.897279][ T5823] Bluetooth: hci7: command tx timeout [ 173.417166][ T5823] Bluetooth: hci8: command tx timeout [ 182.558470][ T6239] bridge0: port 1(bridge_slave_0) entered blocking state [ 182.558624][ T6239] bridge0: port 1(bridge_slave_0) entered disabled state [ 182.558872][ T6239] bridge_slave_0: entered allmulticast mode [ 182.588506][ T6239] bridge_slave_0: entered promiscuous mode [ 182.619953][ T6239] bridge0: port 2(bridge_slave_1) entered blocking state [ 182.620114][ T6239] bridge0: port 2(bridge_slave_1) entered disabled state [ 182.620407][ T6239] bridge_slave_1: entered allmulticast mode [ 182.652281][ T6239] bridge_slave_1: entered promiscuous mode [ 198.700472][ T6314] syz.0.143 (6314) used greatest stack depth: 16696 bytes left [ 199.646962][ T1320] ieee802154 phy0 wpan0: encryption failed: -22 [ 199.647051][ T1320] ieee802154 phy1 wpan1: encryption failed: -22 [ 200.172844][ T6239] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 203.727309][ T5821] Bluetooth: hci9: unexpected cc 0x0c03 length: 249 > 1 [ 203.744726][ T5821] Bluetooth: hci9: unexpected cc 0x1003 length: 249 > 9 [ 203.746825][ T5821] Bluetooth: hci9: unexpected cc 0x1001 length: 249 > 9 [ 203.766052][ T5821] Bluetooth: hci9: unexpected cc 0x0c23 length: 249 > 4 [ 203.766925][ T5821] Bluetooth: hci9: unexpected cc 0x0c38 length: 249 > 2 [ 205.877465][ T5821] Bluetooth: hci9: command tx timeout [ 207.961621][ T5821] Bluetooth: hci9: command tx timeout [ 210.044689][ T5821] Bluetooth: hci9: command tx timeout [ 211.078545][ T6239] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 212.113854][ T5821] Bluetooth: hci9: command tx timeout [ 213.081864][ T6275] chnl_net:caif_netlink_parms(): no params data found [ 213.455923][ T6282] chnl_net:caif_netlink_parms(): no params data found [ 213.527328][ T6279] chnl_net:caif_netlink_parms(): no params data found [ 214.904288][ T5823] Bluetooth: hci10: unexpected cc 0x0c03 length: 249 > 1 [ 214.923037][ T5823] Bluetooth: hci10: unexpected cc 0x1003 length: 249 > 9 [ 214.924137][ T5823] Bluetooth: hci10: unexpected cc 0x1001 length: 249 > 9 [ 214.952318][ T5823] Bluetooth: hci10: unexpected cc 0x0c23 length: 249 > 4 [ 214.953295][ T5823] Bluetooth: hci10: unexpected cc 0x0c38 length: 249 > 2 [ 217.071267][ T5823] Bluetooth: hci10: command tx timeout [ 219.150214][ T5823] Bluetooth: hci10: command tx timeout [ 221.239202][ T6344] Bluetooth: hci10: command tx timeout [ 222.227760][ T6344] Bluetooth: hci1: command 0x0406 tx timeout [ 222.227825][ T6344] Bluetooth: hci2: command 0x0406 tx timeout [ 222.227863][ T6344] Bluetooth: hci3: command 0x0406 tx timeout [ 222.227902][ T6344] Bluetooth: hci4: command 0x0406 tx timeout [ 223.308209][ T6344] Bluetooth: hci10: command tx timeout [ 223.416496][ T6344] Bluetooth: hci11: unexpected cc 0x0c03 length: 249 > 1 [ 223.429027][ T6344] Bluetooth: hci11: unexpected cc 0x1003 length: 249 > 9 [ 223.430101][ T6344] Bluetooth: hci11: unexpected cc 0x1001 length: 249 > 9 [ 223.431310][ T6344] Bluetooth: hci11: unexpected cc 0x0c23 length: 249 > 4 [ 223.488058][ T6344] Bluetooth: hci11: unexpected cc 0x0c38 length: 249 > 2 [ 224.558430][ T59] Bluetooth: hci12: unexpected cc 0x0c03 length: 249 > 1 [ 224.560681][ T59] Bluetooth: hci12: unexpected cc 0x1003 length: 249 > 9 [ 224.565825][ T59] Bluetooth: hci12: unexpected cc 0x1001 length: 249 > 9 [ 224.598007][ T59] Bluetooth: hci12: unexpected cc 0x0c23 length: 249 > 4 [ 224.598972][ T59] Bluetooth: hci12: unexpected cc 0x0c38 length: 249 > 2 [ 225.320112][ T6321] chnl_net:caif_netlink_parms(): no params data found [ 225.833891][ T6356] Bluetooth: hci13: unexpected cc 0x0c03 length: 249 > 1 [ 225.853760][ T6356] Bluetooth: hci13: unexpected cc 0x1003 length: 249 > 9 [ 225.854833][ T6356] Bluetooth: hci13: unexpected cc 0x1001 length: 249 > 9 [ 225.874190][ T6356] Bluetooth: hci13: unexpected cc 0x0c23 length: 249 > 4 [ 225.875073][ T6356] Bluetooth: hci13: unexpected cc 0x0c38 length: 249 > 2 [ 261.069737][ T1320] ieee802154 phy0 wpan0: encryption failed: -22 [ 261.069821][ T1320] ieee802154 phy1 wpan1: encryption failed: -22 [ 264.259031][ T5130] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 264.283467][ T5130] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 264.298821][ T5130] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 264.300095][ T5130] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 264.300940][ T5130] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 270.004832][ T59] Bluetooth: hci13: command tx timeout [ 270.005140][ T59] Bluetooth: hci12: command tx timeout [ 270.005271][ T59] Bluetooth: hci11: command tx timeout [ 272.085400][ T5130] Bluetooth: hci11: command tx timeout [ 272.085437][ T5130] Bluetooth: hci13: command tx timeout [ 272.088105][ T59] Bluetooth: hci12: command tx timeout [ 274.162723][ T59] Bluetooth: hci12: command tx timeout [ 274.162760][ T59] Bluetooth: hci13: command tx timeout [ 274.162784][ T59] Bluetooth: hci11: command tx timeout [ 275.685818][ T6344] Bluetooth: hci14: unexpected cc 0x0c03 length: 249 > 1 [ 275.706836][ T6344] Bluetooth: hci14: unexpected cc 0x1003 length: 249 > 9 [ 275.709904][ T6344] Bluetooth: hci14: unexpected cc 0x1001 length: 249 > 9 [ 275.711192][ T6344] Bluetooth: hci14: unexpected cc 0x0c23 length: 249 > 4 [ 275.738221][ T6344] Bluetooth: hci14: unexpected cc 0x0c38 length: 249 > 2 [ 276.241588][ T59] Bluetooth: hci11: command tx timeout [ 276.241636][ T59] Bluetooth: hci13: command tx timeout [ 276.241662][ T59] Bluetooth: hci12: command tx timeout [ 286.384808][ T5130] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 286.405080][ T5130] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 286.406582][ T5130] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 286.416541][ T5130] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 286.430231][ T5130] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 286.597980][ T59] Bluetooth: hci8: unexpected cc 0x0c03 length: 249 > 1 [ 286.614568][ T59] Bluetooth: hci8: unexpected cc 0x1003 length: 249 > 9 [ 286.616772][ T59] Bluetooth: hci8: unexpected cc 0x1001 length: 249 > 9 [ 286.626847][ T59] Bluetooth: hci8: unexpected cc 0x0c23 length: 249 > 4 [ 286.646392][ T59] Bluetooth: hci8: unexpected cc 0x0c38 length: 249 > 2 [ 286.796289][ T59] Bluetooth: hci5: command tx timeout [ 287.031721][ T5819] Bluetooth: hci15: unexpected cc 0x0c03 length: 249 > 1 [ 287.066698][ T5819] Bluetooth: hci15: unexpected cc 0x1003 length: 249 > 9 [ 287.068725][ T5819] Bluetooth: hci15: unexpected cc 0x1001 length: 249 > 9 [ 287.070041][ T5819] Bluetooth: hci15: unexpected cc 0x0c23 length: 249 > 4 [ 287.071317][ T5819] Bluetooth: hci15: unexpected cc 0x0c38 length: 249 > 2 [ 288.875166][ T5819] Bluetooth: hci5: command tx timeout [ 290.954386][ T5819] Bluetooth: hci5: command tx timeout [ 291.720639][ T6344] Bluetooth: hci14: command tx timeout [ 293.033330][ T5819] Bluetooth: hci5: command tx timeout [ 293.761877][ T5819] Bluetooth: hci7: command tx timeout [ 293.764283][ T5819] Bluetooth: hci15: command tx timeout [ 293.764468][ T5819] Bluetooth: hci8: command tx timeout [ 293.764576][ T5819] Bluetooth: hci14: command tx timeout [ 295.595881][ T39] INFO: task syz.1.90:6134 blocked for more than 143 seconds. [ 295.595938][ T39] Not tainted syzkaller #0 [ 295.595951][ T39] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 295.595966][ T39] task:syz.1.90 state:D stack:25128 pid:6134 tgid:6134 ppid:5816 task_flags:0x400040 flags:0x00004006 [ 295.596051][ T39] Call Trace: [ 295.596064][ T39] [ 295.596080][ T39] __schedule+0x16f3/0x4c20 [ 295.596160][ T39] ? __lock_acquire+0xab9/0xd20 [ 295.596196][ T39] ? __pfx___schedule+0x10/0x10 [ 295.596249][ T39] ? schedule+0x91/0x360 [ 295.596288][ T39] schedule+0x165/0x360 [ 295.596326][ T39] schedule_timeout+0x9a/0x270 [ 295.596362][ T39] ? __pfx_schedule_timeout+0x10/0x10 [ 295.596409][ T39] ? _raw_spin_unlock_irq+0x23/0x50 [ 295.596431][ T39] ? lockdep_hardirqs_on+0x9c/0x150 [ 295.596451][ T39] ? wait_for_completion+0x267/0x5d0 [ 295.596490][ T39] wait_for_completion+0x2bf/0x5d0 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 295.596542][ T39] ? __pfx_wait_for_completion+0x10/0x10 [ 295.596587][ T39] ? __init_swait_queue_head+0xa9/0x150 [ 295.596622][ T39] rcu_barrier+0x463/0x570 [ 295.596661][ T39] netdev_run_todo+0x327/0xea0 [ 295.596690][ T39] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 295.596717][ T39] ? __pfx_netdev_run_todo+0x10/0x10 [ 295.596741][ T39] ? unregister_netdevice_q[ 295.596741][ T39] ? unregister_netdevice_queue+0x33c/0x380 [ 295.596769][ T39] ? __pfx___fsnotify_parent+0x10/0x10 [ 295.596806][ T39] ? __pfx_unregister_netdevice_queue+0x10/0x10 [ 295.596838][ T39] ? ppp_release+0x8a/0x1f0 [ 295.596867][ T39] ppp_release+0xf5/0x1f0 [ 295.596891][ T39] ? __pfx_ppp_release+0x10/0x10 [ 295.596922][ T39] __fput+0x45b/0xa80 [ 295.596961][ T39] task_work_run+0x1d4/0x260 [ 295.596990][ T39] ? __pfx_task_work_run+0x10/0x10 [ 295.597022][ T39] ? exit_to_user_mode_loop+0x40/0x110 [ 295.597060][ T39] exit_to_user_mode_loop+0xec/0x110 [ 295.597094][ T39] do_syscall_64+0x2bd/0x3b0 [ 295.597117][ T39] ? lockdep_hardirqs_on+0x9c/0x150 [ 295.597139][ T39] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 295.597162][ T39] ? clear_bhb_loop+0x60/0xb0 [ 295.597190][ T39] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 295.597232][ T39] RIP: 0033:0x7fcca659eec9 [ 295.597257][ T39] RSP: 002b:00007ffe0c592348 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 295.597281][ T39] RAX: 0000000000000000 RBX: 000000000001ef86 RCX: 00007fcca659eec9 [ 295.597297][ T39] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 295.597311][ T39] RBP: 00007fcca67f7da0 R08: 0000000000000001 R09: 000000040c59263f [ 295.597326][ T39] R10: 0000001b2ef20000 R11: 0000000000000246 R12: 00007fcca67f5fac [ 295.597342][ T39] R13: 00007fcca67f5fa0 R14: ffffffffffffffff R15: 00007ffe0c592460 [ 295.597378][ T39] [ 295.597393][ T39] INFO: task syz.4.125:6245 blocked for more than 143 seconds. [ 295.597409][ T39] Not tainted syzkaller #0 [ 295.597420][ T39] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 295.597430][ T39] task:syz.4.125 state:D stack:25128 pid:6245 tgid:6245 ppid:5825 task_flags:0x400040 flags:0x00004006 [ 295.597498][ T39] Call Trace: [ 295.597505][ T39] [ 295.597519][ T39] __schedule+0x16f3/0x4c20 [ 295.597584][ T39] ? __pfx___schedule+0x10/0x10 [ 295.597646][ T39] rt_mutex_schedule+0x77/0xf0 [ 295.597670][ T39] rt_mutex_slowlock_block+0x5ba/0x6d0 [ 295.597715][ T39] ? rt_mutex_slowlock_block+0x351/0x6d0 [ 295.597750][ T39] rt_mutex_slowlock+0x2b1/0x6e0 [ 295.597783][ T39] ? rt_mutex_slowlock+0x1c9/0x6e0 [ 295.597815][ T39] ? __pfx_rt_mutex_slowlock+0x10/0x10 [ 295.597858][ T39] ? rcu_barrier+0x4c/0x570 [ 295.597891][ T39] ? rt_mutex_slowunlock+0x493/0x8a0 [ 295.597955][ T39] ? rcu_barrier+0x4c/0x570 [ 295.597978][ T39] mutex_lock_nested+0x16a/0x1d0 [ 295.598007][ T39] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 295.598044][ T39] rcu_barrier+0x4c/0x570 [ 295.598082][ T39] kvm_mmu_uninit_vm+0x53/0x90 [ 295.598109][ T39] kvm_arch_destroy_vm+0x23d/0x280 [ 295.598144][ T39] kvm_put_kvm+0xf8e/0x1670 [ 295.598185][ T39] ? __pfx_kvm_vm_release+0x10/0x10 [ 295.598219][ T39] kvm_vm_release+0x46/0x50 [ 295.598250][ T39] __fput+0x45b/0xa80 [ 295.598288][ T39] task_work_run+0x1d4/0x260 [ 295.598316][ T39] ? __pfx_task_work_run+0x10/0x10 [ 295.598347][ T39] ? exit_to_user_mode_loop+0x40/0x110 [ 295.598385][ T39] exit_to_user_mode_loop+0xec/0x110 [ 295.598419][ T39] do_syscall_64+0x2bd/0x3b0 [ 295.598441][ T39] ? lockdep_hardirqs_on+0x9c/0x150 [ 295.598463][ T39] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 295.598487][ T39] ? clear_bhb_loop+0x60/0xb0 [ 295.598515][ T39] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 295.598538][ T39] RIP: 0033:0x7f2c5cb3eec9 [ 295.598556][ T39] RSP: 002b:00007ffeea00f528 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 295.598579][ T39] RAX: 0000000000000000 RBX: 00007f2c5cd97da0 RCX: 00007f2c5cb3eec9 [ 295.598594][ T39] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 295.598608][ T39] RBP: 00007f2c5cd97da0 R08: 00000000000083cc R09: 00000004ea00f81f [ 295.598624][ T39] R10: 00000000005f6ff0 R11: 0000000000000246 R12: 0000000000023fb8 [ 295.598639][ T39] R13: 00007ffeea00f620 R14: ffffffffffffffff R15: 00007ffeea00f640 [ 295.598674][ T39] [ 295.598684][ T39] INFO: task syz.2.126:6250 blocked for more than 143 seconds. [ 295.598697][ T39] Not tainted syzkaller #0 [ 295.598707][ T39] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 295.598717][ T39] task:syz.2.126 state:D stack:25128 pid:6250 tgid:6250 ppid:5811 task_flags:0x400040 flags:0x00004006 [ 295.598780][ T39] Call Trace: [ 295.598786][ T39] [ 295.598800][ T39] __schedule+0x16f3/0x4c20 [ 295.598861][ T39] ? __pfx___schedule+0x10/0x10 [ 295.600913][ T39] ? _raw_spin_unlock_irq+0x23/0x50 [ 295.600952][ T39] rt_mutex_schedule+0x77/0xf0 [ 295.600978][ T39] rt_mutex_slowlock_block+0x5ba/0x6d0 [ 295.601010][ T39] ? task_blocks_on_rt_mutex+0xf12/0x1380 [ 295.601060][ T39] rt_mutex_slowlock+0x2b1/0x6e0 [ 295.601094][ T39] ? rt_mutex_slowlock+0x1c9/0x6e0 [ 295.601127][ T39] ? __pfx_rt_mutex_slowlock+0x10/0x10 [ 295.601181][ T39] ? rcu_barrier+0x4c/0x570 [ 295.601216][ T39] ? rt_mutex_slowunlock+0x493/0x8a0 [ 295.601252][ T39] ? rcu_barrier+0x4c/0x570 [ 295.601275][ T39] mutex_lock_nested+0x16a/0x1d0 [ 295.601305][ T39] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 295.601341][ T39] rcu_barrier+0x4c/0x570 [ 295.601379][ T39] kvm_mmu_uninit_vm+0x53/0x90 [ 295.601407][ T39] kvm_arch_destroy_vm+0x23d/0x280 [ 295.601441][ T39] kvm_put_kvm+0xf8e/0x1670 [ 295.601483][ T39] ? __pfx_kvm_vm_release+0x10/0x10 [ 295.601517][ T39] kvm_vm_release+0x46/0x50 [ 295.761786][ T39] __fput+0x45b/0xa80 [ 295.761840][ T39] task_work_run+0x1d4/0x260 [ 295.761870][ T39] ? __pfx_task_work_run+0x10/0x10 [ 295.761903][ T39] ? exit_to_user_mode_loop+0x40/0x110 [ 295.761941][ T39] exit_to_user_mode_loop+0xec/0x110 [ 295.761975][ T39] do_syscall_64+0x2bd/0x3b0 [ 295.762000][ T39] ? lockdep_hardirqs_on+0x9c/0x150 [ 295.762022][ T39] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 295.762046][ T39] ? clear_bhb_loop+0x60/0xb0 [ 295.762083][ T39] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 295.762106][ T39] RIP: 0033:0x7f8eada0eec9 [ 295.762126][ T39] RSP: 002b:00007ffefe27f5d8 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 295.762152][ T39] RAX: 0000000000000000 RBX: 0000000000024071 RCX: 00007f8eada0eec9 [ 295.762168][ T39] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 295.762182][ T39] RBP: 00007f8eadc67da0 R08: 0000000000000001 R09: 00000004fe27f8cf [ 295.762198][ T39] R10: 0000001b2f020000 R11: 0000000000000246 R12: 00007f8eadc65fac [ 295.762214][ T39] R13: 00007f8eadc65fa0 R14: ffffffffffffffff R15: 00007ffefe27f6f0 [ 295.762250][ T39] [ 295.762298][ T39] [ 295.762298][ T39] Showing all locks held in the system: [ 295.762310][ T39] 4 locks held by pr/legacy/17: [ 295.762327][ T39] 2 locks held by rcuc/1/28: [ 295.762339][ T39] #0: ffffffff8d24a6a0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 295.762409][ T39] #1: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 295.762471][ T39] 7 locks held by ktimers/1/29: [ 295.762485][ T39] 3 locks held by kworker/u8:2/37: [ 295.762498][ T39] #0: ffff888019481138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 295.762560][ T39] #1: ffffc90000ac7bc0 ((linkwatch_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 295.762621][ T39] #2: ffffffff8e6662f8 (rtnl_mutex){+.+.}-{4:4}, at: linkwatch_event+0xe/0x60 [ 295.762679][ T39] 1 lock held by khungtaskd/39: [ 295.762692][ T39] #0: ffffffff8d3a9d40 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180 [ 295.762753][ T39] 7 locks held by kworker/u8:4/67: [ 295.762770][ T39] 7 locks held by kworker/u8:6/158: [ 295.762783][ T39] #0: ffff888019481138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 295.762845][ T39] #1: ffffc90003a17bc0 ((work_completion)(&(&nsim_dev->trap_data->trap_report_dw)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 295.762909][ T39] #2: ffff88803ad65300 (&devlink->lock_key#5){+.+.}-{4:4}, at: nsim_dev_trap_report_work+0x57/0xbc0 [ 295.762969][ T39] #3: ffff88805972dd20 (&nsim_trap_data->trap_lock){+.+.}-{3:3}, at: nsim_dev_trap_report_work+0x1ad/0xbc0 [ 295.763023][ T39] #4: ffffffff8d3a9d40 (rcu_read_lock){....}-{1:3}, at: rt_spin_lock+0x1bb/0x2c0 [ 295.763089][ T39] #5: ffffffff8d24a6a0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 295.763150][ T39] #6: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 295.763217][ T39] 3 locks held by kworker/u8:7/1149: [ 295.763230][ T39] #0: ffff88802fc31938 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 295.763292][ T39] #1: ffffc90004e37bc0 ((work_completion)(&(&net->ipv6.addr_chk_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 295.763355][ T39] #2: ffffffff8e6662f8 (rtnl_mutex){+.+.}-{4:4}, at: addrconf_verify_work+0x19/0x30 [ 295.763419][ T39] 2 locks held by kworker/u8:8/1349: [ 295.763448][ T39] 2 locks held by getty/5575: [ 295.763461][ T39] #0: ffff88823bf7c0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 295.763516][ T39] #1: ffffc90003e8b2e0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x444/0x1410 [ 295.763579][ T39] 3 locks held by sshd-session/5799: [ 295.763592][ T39] 6 locks held by syz-executor/5800: [ 295.763614][ T39] 1 lock held by syz.1.90/6134: [ 295.763626][ T39] #0: ffffffff8d3af6f0 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570 [ 295.763683][ T39] 4 locks held by kworker/1:7/6147: [ 295.763695][ T39] #0: ffff888019499138 ((wq_completion)events_long){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 295.763757][ T39] #1: ffffc90005597bc0 ((work_completion)(&(&ipvs->defense_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 295.763819][ T39] #2: ffffffff8d24a6a0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 295.763879][ T39] #3: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 295.763941][ T39] 4 locks held by kworker/1:8/6148: [ 295.763953][ T39] #0: ffff88802f489938 ((wq_completion)wg-crypt-wg1#2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 295.764020][ T39] #1: ffffc900056c7bc0 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __ptr = (unsigned long) ((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker)))); (typeof((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker))))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 295.764114][ T39] #2: ffffffff8d24a6a0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 295.764173][ T39] #3: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 295.764236][ T39] 4 locks held by kworker/1:10/6150: [ 295.764249][ T39] #0: ffff888023b8b138 ((wq_completion)wg-crypt-wg0#5){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 295.764316][ T39] #1: ffffc900056e7bc0 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __ptr = (unsigned long) ((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker)))); (typeof((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker))))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 295.764398][ T39] #2: ffffffff8d24a6a0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 295.764458][ T39] #3: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 295.764521][ T39] 4 locks held by kworker/1:17/6157: [ 295.764534][ T39] #0: ffff888057535d38 ((wq_completion)wg-crypt-wg1){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 295.764595][ T39] #1: ffffc90005767bc0 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __ptr = (unsigned long) ((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker)))); (typeof((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker))))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 295.764676][ T39] #2: ffffffff8d24a6a0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 295.764736][ T39] #3: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 295.764798][ T39] 1 lock held by syz-executor/6239: [ 295.764810][ T39] #0: ffffffff8e6662f8 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x41/0x1c0 [ 295.764862][ T39] 1 lock held by syz.4.125/6245: [ 295.764875][ T39] #0: ffffffff8d3af6f0 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570 [ 295.764931][ T39] 1 lock held by syz.2.126/6250: [ 295.764944][ T39] #0: ffffffff8d3af6f0 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570 [ 295.765000][ T39] 1 lock held by syz.3.128/6265: [ 295.765013][ T39] #0: ffffffff8d3af6f0 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570 [ 295.765070][ T39] 1 lock held by syz-executor/6275: [ 295.765088][ T39] #0: ffffffff8e6662f8 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x41/0x1c0 [ 295.765140][ T39] 1 lock held by syz-executor/6279: [ 295.765153][ T39] #0: ffffffff8e6662f8 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x41/0x1c0 [ 295.765205][ T39] 1 lock held by syz-executor/6282: [ 295.765217][ T39] #0: ffffffff8e6662f8 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x41/0x1c0 [ 295.765269][ T39] 1 lock held by syz.0.144/6318: [ 295.765282][ T39] #0: ffffffff8d3af6f0 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570 [ 295.765337][ T39] 4 locks held by syz-executor/6321: [ 295.765350][ T39] #0: ffff8880382dce80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_unregister_dev+0x212/0x510 [ 295.765412][ T39] #1: ffff8880382dc0a8 (&hdev->lock){+.+.}-{4:4}, at: hci_dev_close_sync+0x66a/0x1330 [ 295.765478][ T39] #2: ffffffff8e7cdd98 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_hash_flush+0xa1/0x230 [ 295.765535][ T39] #3: ffff888056db0b58 (&conn->lock#2){+.+.}-{4:4}, at: l2cap_conn_del+0x70/0x680 [ 295.765595][ T39] 2 locks held by syz-executor/6340: [ 295.765608][ T39] #0: ffffffff8e6593a0 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x337/0x4e0 [ 295.765672][ T39] #1: ffffffff8e6662f8 (rtnl_mutex){+.+.}-{4:4}, at: ip_tunnel_init_net+0x2ab/0x800 [ 295.765733][ T39] 2 locks held by syz-executor/6346: [ 295.765746][ T39] #0: ffffffff8e6593a0 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x337/0x4e0 [ 295.765809][ T39] #1: ffffffff8e6662f8 (rtnl_mutex){+.+.}-{4:4}, at: wg_netns_pre_exit+0x1c/0x1d0 [ 295.765870][ T39] 2 locks held by syz-executor/6351: [ 295.765883][ T39] #0: ffffffff8e6593a0 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x337/0x4e0 [ 295.765946][ T39] #1: ffffffff8e6662f8 (rtnl_mutex){+.+.}-{4:4}, at: ip_tunnel_init_net+0x2ab/0x800 [ 295.766006][ T39] 2 locks held by syz-executor/6355: [ 295.766019][ T39] #0: ffffffff8e6593a0 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x337/0x4e0 [ 295.766090][ T39] #1: ffffffff8e6662f8 (rtnl_mutex){+.+.}-{4:4}, at: ip_tunnel_init_net+0x2ab/0x800 [ 295.766152][ T39] 1 lock held by syz-executor/6376: [ 295.766165][ T39] #0: ffffffff8e6662f8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 295.766223][ T39] 1 lock held by syz-executor/6382: [ 295.766236][ T39] #0: ffffffff8e6662f8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 295.766294][ T39] 1 lock held by syz-executor/6390: [ 295.766306][ T39] #0: ffffffff8e6662f8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 295.766365][ T39] 1 lock held by syz-executor/6393: [ 295.766378][ T39] #0: ffffffff8e6662f8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 295.766436][ T39] 1 lock held by syz-executor/6396: [ 295.766448][ T39] #0: ffffffff8e6662f8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 295.766507][ T39] [ 295.766513][ T39] ============================================= [ 295.766513][ T39] [ 295.766540][ T39] NMI backtrace for cpu 0 [ 295.766568][ T39] CPU: 0 UID: 0 PID: 39 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 295.766615][ T39] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 295.766637][ T39] Call Trace: [ 295.766653][ T39] [ 295.766669][ T39] dump_stack_lvl+0x189/0x250 [ 295.766716][ T39] ? __pfx_dump_stack_lvl+0x10/0x10 [ 295.766752][ T39] ? __pfx__printk+0x10/0x10 [ 295.766795][ T39] nmi_cpu_backtrace+0x39e/0x3d0 [ 295.766830][ T39] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 295.766865][ T39] ? __pfx__printk+0x10/0x10 [ 295.766899][ T39] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 295.766932][ T39] nmi_trigger_cpumask_backtrace+0x17a/0x300 [ 295.766967][ T39] watchdog+0xf93/0xfe0 [ 295.767003][ T39] ? watchdog+0x1de/0xfe0 [ 295.767040][ T39] kthread+0x711/0x8a0 [ 295.767065][ T39] ? __pfx_watchdog+0x10/0x10 [ 295.767103][ T39] ? __pfx_kthread+0x10/0x10 [ 295.767129][ T39] ? __pfx_kthread+0x10/0x10 [ 295.767152][ T39] ret_from_fork+0x436/0x7d0 [ 295.767187][ T39] ? __pfx_ret_from_fork+0x10/0x10 [ 295.767226][ T39] ? __switch_to_asm+0x39/0x70 [ 295.767248][ T39] ? __switch_to_asm+0x33/0x70 [ 295.767270][ T39] ? __pfx_kthread+0x10/0x10 [ 295.767292][ T39] ret_from_fork_asm+0x1a/0x30 [ 295.767333][ T39] [ 295.767342][ T39] Sending NMI from CPU 0 to CPUs 1: [ 295.767371][ C1] NMI backtrace for cpu 1 [ 295.767387][ C1] CPU: 1 UID: 0 PID: 29 Comm: ktimers/1 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 295.767420][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 295.767436][ C1] RIP: 0010:__lock_acquire+0xac1/0xd20 [ 295.767469][ C1] Code: 0b 90 90 90 31 c0 48 8b 3c 24 48 83 78 40 00 0f 84 6a 01 00 00 4c 89 f6 89 ea 4c 89 f9 e8 27 38 00 00 85 c0 0f 84 e4 01 00 00 <41> f6 46 22 10 75 2e 48 8b 1c 24 4c 89 bb 10 0b 00 00 8b 83 18 0b [ 295.767485][ C1] RSP: 0018:ffffc90000a3e288 EFLAGS: 00000002 [ 295.767501][ C1] RAX: 0000000000000001 RBX: 0000000000000007 RCX: 045d24bd00d91900 [ 295.767513][ C1] RDX: 0000000000000000 RSI: ffff88801c2aa9f8 RDI: ffff88801c2a9dc0 [ 295.767526][ C1] RBP: 0000000000000000 R08: 0000000000000000 R09: ffffffff81721165 [ 295.767538][ C1] R10: ffffc90000a3e4d8 R11: ffffffff81a94d40 R12: 00000000f167d872 [ 295.767552][ C1] R13: ffff88801c2aa8e0 R14: ffff88801c2aa9f8 R15: 50451732589cf15a [ 295.767566][ C1] FS: 0000000000000000(0000) GS:ffff888127125000(0000) knlGS:0000000000000000 [ 295.767581][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 295.767593][ C1] CR2: 00005594ef76d218 CR3: 0000000035cd2000 CR4: 00000000003526f0 [ 295.767610][ C1] Call Trace: [ 295.767617][ C1] [ 295.767628][ C1] ? unwind_next_frame+0xa5/0x2390 [ 295.767655][ C1] lock_acquire+0x120/0x360 [ 295.767681][ C1] ? unwind_next_frame+0xa5/0x2390 [ 295.767713][ C1] ? unwind_next_frame+0xa5/0x2390 [ 295.767741][ C1] ? nft_do_chain+0x409/0x1920 [ 295.767761][ C1] ? unwind_next_frame+0xa5/0x2390 [ 295.767788][ C1] unwind_next_frame+0xc2/0x2390 [ 295.767816][ C1] ? unwind_next_frame+0xa5/0x2390 [ 295.767853][ C1] ? unwind_next_frame+0xa5/0x2390 [ 295.767881][ C1] ? nft_synproxy_do_eval+0x345/0x570 [ 295.767906][ C1] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 295.767928][ C1] arch_stack_walk+0x11c/0x150 [ 295.767947][ C1] ? nft_do_chain+0x409/0x1920 [ 295.767969][ C1] stack_trace_save+0x9c/0xe0 [ 295.767990][ C1] ? __pfx_stack_trace_save+0x10/0x10 [ 295.768010][ C1] ? do_raw_spin_lock+0x121/0x290 [ 295.768038][ C1] kasan_save_track+0x3e/0x80 [ 295.768061][ C1] ? kasan_save_track+0x3e/0x80 [ 295.768085][ C1] ? __kasan_kmalloc+0x93/0xb0 [ 295.768108][ C1] ? __kmalloc_cache_noprof+0x1a8/0x320 [ 295.768134][ C1] ? ref_tracker_alloc+0x13b/0x450 [ 295.768152][ C1] ? dst_init+0xd9/0x450 [ 295.768170][ C1] ? dst_alloc+0x12a/0x170 [ 295.768189][ C1] ? ip_route_output_key_hash_rcu+0x1560/0x23e0 [ 295.768212][ C1] ? ip_route_output_key_hash+0x1b9/0x2e0 [ 295.768233][ C1] ? ip_route_output_flow+0x2a/0x150 [ 295.768250][ C1] ? ip_route_me_harder+0x6d2/0x1030 [ 295.768274][ C1] ? synproxy_send_tcp+0x359/0x6c0 [ 295.768289][ C1] ? synproxy_send_client_synack+0x8bb/0xe20 [ 295.768306][ C1] ? nft_synproxy_eval_v4+0x36e/0x560 [ 295.768326][ C1] ? nft_synproxy_do_eval+0x345/0x570 [ 295.768347][ C1] ? nft_do_chain+0x409/0x1920 [ 295.768383][ C1] ? ref_tracker_alloc+0x13b/0x450 [ 295.768401][ C1] __kasan_kmalloc+0x93/0xb0 [ 295.768426][ C1] __kmalloc_cache_noprof+0x1a8/0x320 [ 295.768453][ C1] ? ref_tracker_alloc+0x13b/0x450 [ 295.768472][ C1] ref_tracker_alloc+0x13b/0x450 [ 295.768490][ C1] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 295.768514][ C1] ? dst_alloc+0x105/0x170 [ 295.768533][ C1] ? dst_alloc+0x105/0x170 [ 295.768555][ C1] dst_init+0xd9/0x450 [ 295.768576][ C1] dst_alloc+0x12a/0x170 [ 295.768598][ C1] ip_route_output_key_hash_rcu+0x1560/0x23e0 [ 295.768625][ C1] ? ip_route_output_key_hash+0xde/0x2e0 [ 295.768648][ C1] ip_route_output_key_hash+0x1b9/0x2e0 [ 295.768669][ C1] ? __lock_acquire+0xab9/0xd20 [ 295.768695][ C1] ? __pfx_ip_route_output_key_hash+0x10/0x10 [ 295.768720][ C1] ? ip_route_me_harder+0x4ad/0x1030 [ 295.768747][ C1] ip_route_output_flow+0x2a/0x150 [ 295.768765][ C1] ? ip_route_me_harder+0x6c0/0x1030 [ 295.768789][ C1] ip_route_me_harder+0x6d2/0x1030 [ 295.768818][ C1] ? __pfx_ip_route_me_harder+0x10/0x10 [ 295.768861][ C1] synproxy_send_tcp+0x359/0x6c0 [ 295.768881][ C1] synproxy_send_client_synack+0x8bb/0xe20 [ 295.768906][ C1] ? __pfx_synproxy_send_client_synack+0x10/0x10 [ 295.768923][ C1] ? nft_fib_netdev_eval+0x68/0x250 [ 295.768942][ C1] ? synproxy_pernet+0x45/0x270 [ 295.768966][ C1] nft_synproxy_eval_v4+0x36e/0x560 [ 295.768991][ C1] ? __pfx_nft_synproxy_eval_v4+0x10/0x10 [ 295.769014][ C1] ? nf_ip_checksum+0x13c/0x510 [ 295.769037][ C1] nft_synproxy_do_eval+0x345/0x570 [ 295.769062][ C1] ? __pfx_nft_synproxy_do_eval+0x10/0x10 [ 295.769085][ C1] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 295.769116][ C1] nft_do_chain+0x409/0x1920 [ 295.769144][ C1] ? __pfx_nft_do_chain+0x10/0x10 [ 295.769182][ C1] nft_do_chain_inet+0x25d/0x340 [ 295.769202][ C1] ? __pfx_nft_do_chain_inet+0x10/0x10 [ 295.769223][ C1] ? __lock_acquire+0xab9/0xd20 [ 295.769254][ C1] ? NF_HOOK+0x9a/0x3a0 [ 295.769281][ C1] ? __pfx_nft_do_chain_inet+0x10/0x10 [ 295.769302][ C1] nf_hook_slow+0xc2/0x220 [ 295.769333][ C1] NF_HOOK+0x206/0x3a0 [ 295.769361][ C1] ? __pfx_ip_local_deliver_finish+0x10/0x10 [ 295.769389][ C1] ? NF_HOOK+0x9a/0x3a0 [ 295.769415][ C1] ? __pfx_NF_HOOK+0x10/0x10 [ 295.769441][ C1] ? ip_rcv_finish_core+0xda3/0x1c00 [ 295.769470][ C1] ? __pfx_ip_local_deliver_finish+0x10/0x10 [ 295.769500][ C1] ? skb_dst+0x4f/0xd0 [ 295.769526][ C1] ? ip_local_deliver+0x12a/0x1b0 [ 295.769555][ C1] NF_HOOK+0x30c/0x3a0 [ 295.769582][ C1] ? __pfx_ip_rcv_finish+0x10/0x10 [ 295.769609][ C1] ? NF_HOOK+0x9a/0x3a0 [ 295.769635][ C1] ? __pfx_NF_HOOK+0x10/0x10 [ 295.769663][ C1] ? __pfx_ip_rcv_finish+0x10/0x10 [ 295.769696][ C1] ? __pfx_ip_rcv+0x10/0x10 [ 295.769722][ C1] __netif_receive_skb+0x143/0x380 [ 295.769746][ C1] ? rt_spin_unlock+0x65/0x80 [ 295.769772][ C1] ? process_backlog+0x27b/0x900 [ 295.769797][ C1] process_backlog+0x31e/0x900 [ 295.769838][ C1] __napi_poll+0xb6/0x540 [ 295.769864][ C1] net_rx_action+0x707/0xe00 [ 295.769889][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 295.769914][ C1] ? __pfx_net_rx_action+0x10/0x10 [ 295.769958][ C1] handle_softirqs+0x22f/0x710 [ 295.769985][ C1] ? __pfx_handle_softirqs+0x10/0x10 [ 295.770014][ C1] run_ktimerd+0xcf/0x190 [ 295.770040][ C1] ? __pfx_run_ktimerd+0x10/0x10 [ 295.770066][ C1] ? schedule+0x91/0x360 [ 295.770103][ C1] ? smpboot_thread_fn+0x4d/0xa60 [ 295.770127][ C1] smpboot_thread_fn+0x542/0xa60 [ 295.770153][ C1] ? smpboot_thread_fn+0x4d/0xa60 [ 295.770181][ C1] kthread+0x711/0x8a0 [ 295.770199][ C1] ? __pfx_smpboot_thread_fn+0x10/0x10 [ 295.770223][ C1] ? __pfx_kthread+0x10/0x10 [ 295.770242][ C1] ? __pfx_kthread+0x10/0x10 [ 295.770258][ C1] ret_from_fork+0x436/0x7d0 [ 295.770284][ C1] ? __pfx_ret_from_fork+0x10/0x10 [ 295.770312][ C1] ? __switch_to_asm+0x39/0x70 [ 295.770330][ C1] ? __switch_to_asm+0x33/0x70 [ 295.770348][ C1] ? __pfx_kthread+0x10/0x10 [ 295.770365][ C1] ret_from_fork_asm+0x1a/0x30 [ 295.770391][ C1] [ 295.771369][ T39] Kernel panic - not syncing: hung_task: blocked tasks [ 295.771393][ T39] CPU: 0 UID: 0 PID: 39 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 295.771419][ T39] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 295.771432][ T39] Call Trace: [ 295.771440][ T39] [ 295.771449][ T39] dump_stack_lvl+0x99/0x250 [ 295.771490][ T39] ? __asan_memcpy+0x40/0x70 [ 295.771513][ T39] ? __pfx_dump_stack_lvl+0x10/0x10 [ 295.771549][ T39] ? __pfx__printk+0x10/0x10 [ 295.771592][ T39] vpanic+0x281/0x750 [ 295.771618][ T39] ? __pfx_vpanic+0x10/0x10 [ 295.771639][ T39] ? __x2apic_send_IPI_mask+0x1e4/0x260 [ 295.771664][ T39] ? lockdep_hardirqs_on+0x9c/0x150 [ 295.771697][ T39] panic+0xb9/0xc0 [ 295.771720][ T39] ? __pfx_panic+0x10/0x10 [ 295.771746][ T39] ? irq_work_queue+0xc3/0x140 [ 295.771782][ T39] ? nmi_trigger_cpumask_backtrace+0x234/0x300 [ 295.771817][ T39] watchdog+0xfd2/0xfe0 [ 295.771854][ T39] ? watchdog+0x1de/0xfe0 [ 295.771891][ T39] kthread+0x711/0x8a0 [ 295.771916][ T39] ? __pfx_watchdog+0x10/0x10 [ 295.771947][ T39] ? __pfx_kthread+0x10/0x10 [ 295.771973][ T39] ? __pfx_kthread+0x10/0x10 [ 295.771996][ T39] ret_from_fork+0x436/0x7d0 [ 295.772031][ T39] ? __pfx_ret_from_fork+0x10/0x10 [ 295.772077][ T39] ? __switch_to_asm+0x39/0x70 [ 295.772100][ T39] ? __switch_to_asm+0x33/0x70 [ 295.772123][ T39] ? __pfx_kthread+0x10/0x10 [ 295.772145][ T39] ret_from_fork_asm+0x1a/0x30 [ 295.772187][ T39] [ 295.772493][ T39] Kernel Offset: disabled