last executing test programs: 2m17.996442935s ago: executing program 2 (id=7719): r0 = socket$inet_mptcp(0x2, 0x1, 0x106) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='memory.events\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000100), 0xfecc) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x19, &(0x7f00000000c0)=0x3, 0x4) 1m59.593399594s ago: executing program 2 (id=7719): r0 = socket$inet_mptcp(0x2, 0x1, 0x106) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='memory.events\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000100), 0xfecc) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x19, &(0x7f00000000c0)=0x3, 0x4) 1m41.839570259s ago: executing program 2 (id=7719): r0 = socket$inet_mptcp(0x2, 0x1, 0x106) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='memory.events\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000100), 0xfecc) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x19, &(0x7f00000000c0)=0x3, 0x4) 1m19.870917555s ago: executing program 4 (id=8656): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x4, 0xe, &(0x7f0000000d40)=ANY=[@ANYBLOB="b702000000000000bfa300000000000007030000ffffffff7a0af0fff8ffff5979a4f0ff00000000b7060000ffffffff2d6405000000000065040400014741001404000001007d60b7030000000000006a0a00fe40000900850000001f000000b70000000004000095000000000000006623848adf1dc9a764ab51a064e0ff0c9b27a26293fddf0180000071ff31f1622271d5518193e09483c5a020c334f8c76334d8ce8303b01ddaa52e8756ad60a07d6f27c125e16d024098f755d8583da60f27c162dbba0700002ac9170f50f2568836077b7f711a18ebf608d87b885297b6a79819782748b376358c33c9f53bfd989b1ca58949a54d5827df14feecea46408a05d572077f1252fbb72c3d099c501bc4ded6fca17a3447222c95edb47b77aafa63b9dd5fa5c53e9c37251709f1ff7f0000f07bf7f53ce129a9ecd3b4dd15100f2b450f98526a0d8cac7c97fc2f64015306a1bd7e43fe1ca8345710fb6379b4c53cf55eefb4c0974486a8d25a363adbd83b49e13fbd1777b27020bd9b8cff3f48c9411670c34f23ab8caf7851b290feb3045a1b622f20c4383a0280f040de7667f8b1d0842835e81c358ebe73af41e5b5b924275cb1749289b44e9728e7a73f148ac8206afe120c1437490d99000000110000fdffffffffffffffaf580278e1342aabd1b623f6c4f128858e4eb6b42f2173184c2b99b645f6ec0e14e5d7c95a0008000000f30f6c0000000000ff0000b8f5001a1d2a34dc0973ec302bc23211d3e3b6e6dad65a51e5497a3419cecec38126247b2f113ad4c7915c8f82c333a7b350802f0311807010d1ed50c18411aa6900daccc02f4ba4b078f07e41f781eee222c7d071d5a94d82ca9a0846c1af59cee16639b4970f8f0a82c6a712fd5722d637d406160ffaffffffb4e0bde6749aa52c408b74251914c5d3255fd88a42e7ebb69ebcd8eee623e51dbb1f1b548c91a6825c0686fdc16be1cbb72c217fda18bd746253ca66093daf35923300b600000000ac376e0a4649a8a84e1d293a6b109c5e59b366bca5cc3d936c53d4a48c05099e6fc36d5aa23bff8cce0600fcff00000300a568a8532623d12b40b50ac26f2e8255470a04bfbe7acb581b90991d965a01d1f84cb6b973558e1e3f8118c77ccf0b3c6eb6443870004da10c75723b65f83769ad1f0e4ef6b9ef1cec23264fd8fdac6264af1cb467020bdc12b797b6c156c439105829d2ae1c45f7cfa40df68fd36a03353a55a8a89b60317cd78ea1dc8e0f77f2c1e68ec7c01bd5a2028a8fc107007f3deb1f200abe1f753754678dae8b4e3ba3d086d4b95dfc5817e3dafae2d38b522f942cc750399d90296171fdb1e05882f8a4b8fbd219ccac3a895828b4f22b6527ce31ceb02b7b2b4492510134552f0b076b168394f8417f25cc82ae04007193cbe69de8bf35e4bebd15412426b2e20ab1f05fc44ae9ae094c1b81d3ef947692b44d2afb09c7498dedf0f87c38bbcab7357836f03e8a7c392e535694a3ead2de11e6b1781e2a018c0ada7bc7f0eb2d678f23c07ac341fda2e563ee95085742f5fee9f95f4741b226e428d20b00bc140000e4b2f5efd0a0b1ceba000830ba8634b5aa26bdbe91614e92fae3c7349531df9bf4c01ebf5d8eb7d53e5f30647661623fbdb3f60033fc32f68ea86a2df1e76fe27dfdff1cf9194849c4cc0da9533e5983693e526a7dc0d8728f3b573ca4427bdb44df9341e9b8050e896598a156c935c800436a312e7ae3c011e46851ac599f0427729ab9c55ae0ab4c0000000000000000000000000000c87bcc2ac5aed9247b51d92e0993af4beaf1f3f47dcdfab9165f98155d93e383d6b85158b54675c1585037508c1e9461a1c3d1a6e2002045cae150a7016f1a90716eebbdf6afc4414d900be0bdf19f4a273f44f4357380b4387f1c8b104f0e406b2f04e5ed88631be6411f9927fe9f6b43ec83412b7c5a676ceec8b454ebf6481c98e86b6933a02daea0b4ec0be5b3d916bd70208b4588626c277648475002e2c62681bd07331422a6e47bbd40857d52c4894944fae5c500000000000000ff00000000de784314b8fd419216b48d0f353c11ae185749fa9ac7dfa16bc5c23a23f74b17a7f1b2d799480f33faa3537a910d6ca02f48b0e69beb1119f106ea5919ffff72e17a5dc8c3d131d82f067e29dc39665dff39fb6347b374aaaf6e65efde3fc6202bf29ccfcb08caf18d668a462493aa82e76affba9c9af31d1c23237aa6eccfadfaf794bb1004c07b21ac6ed77718098b2f722bd05fea3561b86b2838a8de5b4f91d6aba95dc9f4464a024be4d0d8d04f5023e7e19e503624d39a43c7b310de519b40738ff9a623065c06d69d16d4a46ff300022fee47803989b7e916254e0fb9e1c8b07d8a4b8b692a75a32e6ed2caeaa7c258c47fe6143cd9e90b801eff78cd4e402374e0e4ca07b7f17254e3d2f0a2a1bac6fde8a15e3ef3588065524d41966fb3915e804c53201efee751ec294584d23d9008bdf046f55c030ab941a0b8723412127efb3eac0ccf68133c76770d5e7dabcc48d47685404cc540535ed70df75c24660d85f9c9a245185c7da217d1c3743db85db67b9b8a8f00af02367429f6f0b53c169c4356751bf68745dbde055e1722ae256ae53ae637a1431855d16dfa91d82a021a4b2dbb50bf6d59fdd0c9bc84cd7d544de2523b6ce8aaeb94bfba75079f7455204ccca02bd389d8409b2effe9b88e301ac4fe28752386a0678a3f54b2bdf56f927ddd6b0ac98b2b505f668597455ada51ba95ab852b49373a11ff153d20f3681f7a3a31dcd82474b51498f65e0601bcdd23acb4c01bcd2f3e1ad378d14c07d923087d3518369710b70ffb0b523dc4f00f275c381fe1c091e478b04d5e4a9f75b4072acb005a83c25625ab7a351a68977177e27a1bf112114eb10250c2b9dca234f8967f0439696a2345e747b5f1d8c4bec86d8e8f2eb121ea0159615e7d475d45837921c2c0c3f9e683ac8000214a657c9f"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000880), 0xfffffffffffffddd, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000300)={r0, 0xe0, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10) r2 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000000c0)={r1}, 0x4) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000002c0)={r2, 0xe0, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000940)={0x6, 0x3, &(0x7f0000000700)=@framed, &(0x7f0000000740)='syzkaller\x00', 0x7, 0xc, &(0x7f0000000780)=""/12, 0x0, 0x0, '\x00', r3, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) 1m19.558078691s ago: executing program 4 (id=8659): bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f00000008c0)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000000000000051fa7824c74186dc02ec0696c37b64e3b24da3180100000005165c0f63cdc2e82818254950ee03568b8809a1ff4c7c4750eabfafcb9531b31e6a86827d1010c5a909ab98e00e19644a88e95ba26d1c9eecddb2d11c541418ceeb29b9b6829c6e433822bdb3cc85244aab60c1aae1314d7381fcfeb970bea672cf1e926f6a51479343144648a07a975bd89dc398712376610f6254f12495b4658319684387f6f3543205d4bc4ce05b8b961103673dff7f158052e62b20f05fd24108d8363d44fcd0f8f3647899762a17282a1914452d11f557c28f396eebdc858558db0276d14f9035f2b5f703e5be7e4acf8b78c2834ae5805fffee38a9a0033d520bcf6b08ede50899d4b9bdf85c71c5de2503dab358f42a2624c7daa9ed44039aab46419496362e54cfad05a0004ac71a003d7b85d07191bed4e5a890826300214146f7ed569985439baa355c2766dd056f5d79e454f3d873095e7a237bc06d035a8d601f21746d886419f38b34a495040000000071c2f0cce8c93cc17e9afa314fcb2ba15d646c66b0f65021829f87d988b4e2d71753b1549fa734f0b2e56dbd21ed2e09d0cddad721971637f384eed3034597c93e1c52f42cad0ed09c395dc6e9703660fefa1c80f467367c006f25caf0cbcefd13d68839893e39c588eb032905f91cafa4996dbf0c9be9654db05fb918086cc8228d02a3092c0830b8f587a5624515298b2d4eb2bde6f9a2eb83d53f717f13fa7552d92c51dbd32ea50c490ecd085d2811a7555c538cffffff7f00000000dd872244bfa64779e0f43a9c277e2910b7ccdc3d6726d34ad2101033a623ca2a49ad344884289130bc71cee2b7de62bf48129ae1af052a2d46a61625735a9eea7f793946b3229e861d8ea49806b3f7d4295f6b000000000000f337b1ceb2d8a65dcdcd895d7ba37098d2593fdaaef445af5bee02019c00000099b13ecda2a5b37de0519e974cba92ebaf0f701611a9b027ce04340bda4594cc9049c3f101629ab028145e004209ebe71a6fe84af50804000000000000004a27213354964e250a98fe357676f94b6947383e320fbb1118f586d5b9b1b977e1e1a4490ff67703a9b5900f8a6f8a805879dd91ec5ff435b219c53680c0ae04dcc4ef69b98fcb0d6b6a03a8b71a66b4e2876dc4b610444bf10000000000b046b6ae5d68156bcbd6d8793ade9a22ac8fc7857e5bbc14adc4e12b08f350c6789283b9990c72e64372a1f79769a8bdc632fc1a0b3417855d8b7d25ca4d404c23631ad3d2f55dcd385371c86170a4bca58c2b2b4eabc365f45bd10bb45b0c5bc354456a52be18d9b44014d20a3c51c8f013dade83562e73278662829e4f5a9ac00fd91178468c737f0872d97d38d11a176be5a0d7294c51eb161eddcfefa8837c7430721851ec2a107af0df6d43e732bbc01e76c66895eb85d36798d61622773591ee21ad9f6a1b73fa9cf3ffeb8a00b63af800a81d0fb8aa29df8b8ad6fbafefb5802a23cbdeeabceda5bfc5ff2fa5c1d61d04a1324794c6ed000696d9f04010c35474e690545c3d9bd836d4cef2585ba616e01c3d000000000000000000470ebc6f3453ecbf3047e4547d7632d3ad21798e730cb5d1da059b5bdb8107815dff995c0788906790406dfb4f8ee9f24ff94233e2e6e581e6e5de33a5f254c9a8b612547473c3001df3928dac9203b744619082421a8da7c00000000000000000000000000000018a73ef40cca690fb7595c6962984f8276677be6f66cbdbccf1896433808c9c84d74ac4a7c186a04a2250972f7acb156b21f9826b6acb7db32c4e3b3ec8b59fd972975edb1da872d81a35e4fda2f5cbde6b40bea20418c6e9dad30b791eea58f53e80fee4dd7fe08373ea2784fcd3a65261de71eb866458d2c22a"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000040)={@cgroup=r0, r1, 0x2}, 0x10) socket$l2tp6(0x2, 0x2, 0x73) 1m19.15827894s ago: executing program 4 (id=8663): timer_create(0x0, 0x0, &(0x7f0000000180)) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x0, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000e000000850000002300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x18, 0x5, &(0x7f0000000040)=ANY=[], &(0x7f00000000c0)='GPL\x00', 0x4, 0xb4, &(0x7f00000001c0)=""/180, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='hrtimer_init\x00', r0}, 0x10) timer_settime(0x0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) 1m18.530625591s ago: executing program 4 (id=8667): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000080)=[@in={0x2, 0x4e20, @empty}], 0x10) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f00000000c0)={0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0x4e20, @local}]}, &(0x7f0000000100)=0x10) r1 = socket$netlink(0x10, 0x3, 0x4) writev(r1, &(0x7f0000000140)=[{&(0x7f0000000500)="4800000014001d0d09074beafd0d8c560284606088ffe0064e204e20590100a2bc5603ca0007000020008d42188fed439693b948e142ff0000000309ff5bb9d580f6213c2cbfdff2", 0x48}], 0x1) 1m6.792682797s ago: executing program 2 (id=7719): r0 = socket$inet_mptcp(0x2, 0x1, 0x106) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='memory.events\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000100), 0xfecc) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x19, &(0x7f00000000c0)=0x3, 0x4) 51.540189891s ago: executing program 4 (id=8667): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000080)=[@in={0x2, 0x4e20, @empty}], 0x10) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f00000000c0)={0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0x4e20, @local}]}, &(0x7f0000000100)=0x10) r1 = socket$netlink(0x10, 0x3, 0x4) writev(r1, &(0x7f0000000140)=[{&(0x7f0000000500)="4800000014001d0d09074beafd0d8c560284606088ffe0064e204e20590100a2bc5603ca0007000020008d42188fed439693b948e142ff0000000309ff5bb9d580f6213c2cbfdff2", 0x48}], 0x1) 37.728569873s ago: executing program 2 (id=7719): r0 = socket$inet_mptcp(0x2, 0x1, 0x106) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='memory.events\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000100), 0xfecc) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x19, &(0x7f00000000c0)=0x3, 0x4) 29.913467296s ago: executing program 3 (id=8856): r0 = fsopen(&(0x7f0000000000)='sysfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x0, 0x0) renameat2(r1, &(0x7f0000000480)='./bus\x00', r1, &(0x7f0000000280)='./file0\x00', 0x0) unlinkat(r1, &(0x7f0000000040)='./file0\x00', 0x0) 29.602017413s ago: executing program 3 (id=8859): unshare(0x68040200) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) unshare(0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) getsockopt$IP6T_SO_GET_INFO(r0, 0x29, 0x40, &(0x7f0000000480)={'security\x00', 0x0, [0x0, 0x0, 0x4, 0x7]}, &(0x7f0000000040)=0x54) 27.035224699s ago: executing program 3 (id=8870): getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x4, 0x8031, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000180)='cdg\x00', 0x9) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e23}, 0x10) 25.547521236s ago: executing program 3 (id=8876): r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000340)={'bridge_slave_0\x00', 0x0}) r2 = socket(0x10, 0x80002, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="14000000000a2c000000060a00000000000000000000000000001800048014000180090001006d6173710000000004"], 0x54}}, 0x0) sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3400000011000100000000000000000007000000", @ANYRES32=r1, @ANYBLOB="000000000000000014001a80100004800c000a8008"], 0x34}}, 0x0) 25.23605766s ago: executing program 3 (id=8878): mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x300000a, 0x4031, 0xffffffffffffffff, 0x0) r0 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r0, 0x11b, 0x4, &(0x7f00000002c0)={&(0x7f0000000000)=""/74, 0x32a000, 0x800}, 0x20) mbind(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x0, 0x2) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x200000005c832, 0xffffffffffffffff, 0x0) 24.303539172s ago: executing program 3 (id=8883): r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) shutdown(r0, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000000580)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd70a5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c707647fa8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa60e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d42645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa165099c5ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88c3c44b3b7486f979e8a3174b531f573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b0a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867ec92d13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d93e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a0000000000000000000000000000f841b35af2e300"/3601], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x2e) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='rcu_utilization\x00', r1}, 0x10) recvmmsg(r0, &(0x7f00000055c0), 0x400023c, 0x302, 0x0) 20.543833891s ago: executing program 4 (id=8667): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000080)=[@in={0x2, 0x4e20, @empty}], 0x10) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f00000000c0)={0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0x4e20, @local}]}, &(0x7f0000000100)=0x10) r1 = socket$netlink(0x10, 0x3, 0x4) writev(r1, &(0x7f0000000140)=[{&(0x7f0000000500)="4800000014001d0d09074beafd0d8c560284606088ffe0064e204e20590100a2bc5603ca0007000020008d42188fed439693b948e142ff0000000309ff5bb9d580f6213c2cbfdff2", 0x48}], 0x1) 17.586780736s ago: executing program 2 (id=7719): r0 = socket$inet_mptcp(0x2, 0x1, 0x106) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='memory.events\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000100), 0xfecc) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x19, &(0x7f00000000c0)=0x3, 0x4) 5.681589999s ago: executing program 0 (id=8959): creat(&(0x7f0000000280)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) r1 = dup(r0) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000080), 0x0, &(0x7f00000000c0)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) 5.402394009s ago: executing program 1 (id=8961): r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x2a, &(0x7f0000000140)={0x0, {{0xa, 0x0, 0x0, @mcast2}}}, 0x88) setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x30, &(0x7f00000004c0)=ANY=[@ANYBLOB="0b000000000000000a00000000000000ff02000000000000000000000000000100000000000000000000000000000000000000000000000000000000004000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003"], 0x210) bind$inet6(r0, &(0x7f0000000000)={0xa, 0xe22, 0x0, @empty}, 0x7d) syz_emit_ethernet(0xd2, &(0x7f0000000900)=ANY=[@ANYBLOB="ffffffffbfff00000000000086dd600489f1009c1100fc010000000000000025030000000000ff02000000000000000000000000000100000e22"], 0x0) 5.014102107s ago: executing program 1 (id=8962): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x6, 0x4, 0x8, 0xa, 0x0, 0xffffffffffffffff, 0x1000000, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000002000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000f00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000010000001801000020756c250000"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000940)='percpu_alloc_percpu\x00', r1}, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0xd, 0x4, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000000000000000000000000000061126c000000000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xd, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) 4.804745675s ago: executing program 1 (id=8963): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xd, &(0x7f0000000f80)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0x1) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000180)={0x0, 0x0, 0x0, 'queue1\x00'}) write$sndseq(r0, &(0x7f0000000000)=[{0x84, 0x77, 0x0, 0x0, @tick, {}, {}, @raw32}], 0xffc8) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f00000000c0)={0x26a, @tick=0xaa1414ac, 0x0, {}, 0x0, 0x0, 0x1}) 4.712962905s ago: executing program 0 (id=8964): bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000180)=ANY=[@ANYBLOB="12010000090003206d0414c340000000000109022400010000a000090400000103010100092100080001220100090581"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f00000002c0)={0x2c, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000280)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0x2, 0x10, 0x3c, 0xd6, 0x8, 0x6, 0xff7f}}}, 0x0) 4.608613965s ago: executing program 1 (id=8965): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r0, &(0x7f0000000280)={@val={0x1c, 0x800}, @val={0x1, 0x0, 0x0, 0x0, 0x3d}, @mpls={[], @ipv4=@tcp={{0x6, 0x4, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x84, 0x0, @empty=0x3fffffff, @local}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x2, 0xb, 0x0, 0x900, 0x0, 0x1c, {[@window={0xe, 0x3}, @timestamp={0x5, 0x2}, @generic={0x0, 0x2, "d58838068b91"}]}}}}}}, 0x4e) 3.710844614s ago: executing program 1 (id=8966): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000140)=ANY=[@ANYBLOB="1201000000000040ac054382408b0b00000109022400010000002009040000fd0301000009210000000122010009058103"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f00000003c0)={0x24, 0x0, 0x0, &(0x7f0000000a80)=ANY=[@ANYBLOB="002281"], 0x0}, 0x0) r1 = syz_open_dev$hiddev(&(0x7f00000000c0), 0x0, 0x0) ioctl$HIDIOCSREPORT(r1, 0x81044804, 0x0) 2.871619169s ago: executing program 0 (id=8967): preadv(0xffffffffffffffff, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) r0 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000400), 0x2, 0x0) write$UHID_CREATE(r0, &(0x7f00000002c0)={0x0, {'syz0\x00', 'syz0\x00', 'syz1\x00', &(0x7f0000000240)=""/11, 0xb, 0x0, 0x0, 0x0, 0x0, 0x8000}}, 0x120) syz_usb_connect_ath9k(0x3, 0x5a, &(0x7f0000000100)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x48}}]}}, 0x0) write$UHID_INPUT2(r0, &(0x7f0000000500)=ANY=[@ANYBLOB="0c000000a9"], 0xaf) 1.085778787s ago: executing program 1 (id=8968): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_XEN_HVM_CONFIG(r1, 0x4038ae7a, &(0x7f0000000180)={0x0, 0x80e, 0x0, 0x0}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 716.865246ms ago: executing program 0 (id=8969): r0 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$SG_IO(0xffffffffffffffff, 0x2285, &(0x7f0000000400)={0x53, 0xfffffffffffffffd, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000200)="672d6a44b036", 0x0, 0x0, 0x0, 0x0, 0x0}) write$tun(r1, &(0x7f0000000400)=ANY=[], 0xa2) readv(r1, &(0x7f0000003680)=[{&(0x7f0000001500)=""/215, 0xd7}], 0x3f) 404.96087ms ago: executing program 0 (id=8970): r0 = socket$inet6_sctp(0xa, 0x801, 0x84) sendmmsg$inet6(r0, &(0x7f00000025c0)=[{{&(0x7f0000000000)={0xa, 0x4e22, 0x0, @private1}, 0x1c, &(0x7f0000000300)=[{&(0x7f0000000040)='P', 0x1}], 0x1}}, {{&(0x7f0000000100)={0xa, 0x0, 0x0, @private1}, 0x1c, &(0x7f0000002400)=[{&(0x7f0000000140)='i', 0x1}], 0x1}}], 0x2, 0x0) shutdown(r0, 0x1) setsockopt(r0, 0x84, 0x80, &(0x7f00000002c0)="1af3050000f2bd5b", 0x8) setsockopt$inet_sctp6_SCTP_SET_PEER_PRIMARY_ADDR(r0, 0x84, 0x5, &(0x7f0000000380)={0x0, @in6={{0xa, 0x0, 0x0, @dev}}}, 0x84) 0s ago: executing program 0 (id=8971): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040)) close_range(r1, 0xffffffffffffffff, 0x0) kernel console output (not intermixed with test programs): vsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 841.729392][ T9] usb 2-1: config 0 has an invalid interface number: 138 but max is 0 [ 841.764047][ T9] usb 2-1: config 0 has no interface number 0 [ 841.776860][ T9] usb 2-1: config 0 interface 138 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7 [ 841.806640][ T9] usb 2-1: config 0 interface 138 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 841.847095][ T9] usb 2-1: config 0 interface 138 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 7 [ 841.884847][ T9] usb 2-1: config 0 interface 138 altsetting 0 endpoint 0x8A has invalid wMaxPacketSize 0 [ 841.939924][ T9] usb 2-1: New USB device found, idVendor=1b3d, idProduct=01f0, bcdDevice=6d.75 [ 841.977584][ T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 841.985652][ T9] usb 2-1: Product: syz [ 842.013644][T14350] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 842.016672][ T9] usb 2-1: Manufacturer: syz [ 842.056781][ T9] usb 2-1: SerialNumber: syz [ 842.087458][ T9] usb 2-1: config 0 descriptor?? [ 842.126073][ T9] ftdi_sio 2-1:0.138: FTDI USB Serial Device converter detected [ 842.145110][ T9] ftdi_sio ttyUSB0: unknown device type: 0x6d75 [ 842.181087][T14350] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 842.311479][T14350] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 842.371022][ T9] usb 2-1: USB disconnect, device number 85 [ 842.379895][ T9] ftdi_sio 2-1:0.138: device disconnected [ 842.563313][T14350] bridge_slave_1: left allmulticast mode [ 842.572600][T14350] bridge_slave_1: left promiscuous mode [ 842.579129][T14350] bridge0: port 2(bridge_slave_1) entered disabled state [ 842.598591][T14350] bridge_slave_0: left allmulticast mode [ 842.604470][T14350] bridge_slave_0: left promiscuous mode [ 842.620199][T14350] bridge0: port 1(bridge_slave_0) entered disabled state [ 843.237629][ T5332] usb 1-1: new high-speed USB device number 67 using dummy_hcd [ 843.366821][ T25] usb 2-1: new high-speed USB device number 86 using dummy_hcd [ 843.378658][T21981] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 843.391663][T21981] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 843.406773][T21981] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 843.421771][T21981] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 843.439829][ T5332] usb 1-1: New USB device found, idVendor=1d50, idProduct=606f, bcdDevice=9f.d4 [ 843.450082][T21981] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 843.457630][ T5332] usb 1-1: New USB device strings: Mfr=188, Product=0, SerialNumber=0 [ 843.465945][T21981] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 843.473409][ T5332] usb 1-1: Manufacturer: syz [ 843.481485][ T5332] usb 1-1: config 0 descriptor?? [ 843.573577][ T25] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 843.618242][ T25] usb 2-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 843.632382][ T25] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 843.642668][ T25] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 843.674053][T29070] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 843.687519][ T25] usb 2-1: Quirk or no altset; falling back to MIDI 1.0 [ 843.909039][ T5332] gs_usb 1-1:0.0: Configuring for 1 interfaces [ 844.045723][ T25] usb 2-1: USB disconnect, device number 86 [ 844.310830][ T5332] gs_usb 1-1:0.0: Disabling termination support for channel 0 (-EPROTO) [ 844.311980][T14350] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 844.321658][ T5332] gs_usb 1-1:0.0: Couldn't get extended bit timing const for channel 0 (-EPROTO) [ 844.352473][ T5332] gs_usb 1-1:0.0: probe with driver gs_usb failed with error -71 [ 844.357960][T14350] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 844.396962][ T5332] usb 1-1: USB disconnect, device number 67 [ 844.402751][T14350] bond0 (unregistering): Released all slaves [ 844.454443][T29071] bridge0: port 2(bridge_slave_1) entered disabled state [ 844.462390][T29071] bridge0: port 1(bridge_slave_0) entered disabled state [ 844.809215][T29123] usb usb7: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 844.830582][T29123] usb usb7: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 845.017436][ T29] audit: type=1400 audit(1725999159.538:541): lsm=SMACK fn=smack_socket_sock_rcv_skb action=denied subject="," object="_" requested=w pid=29139 comm="syz.1.8479" saddr=fe80::bb daddr=fe80::aa dest=20002 netif=wpan0 [ 845.069353][ T25] usb 4-1: new high-speed USB device number 74 using dummy_hcd [ 845.085744][ T29] audit: type=1400 audit(1725999159.568:542): lsm=SMACK fn=smack_socket_sock_rcv_skb action=denied subject="," object="_" requested=w pid=29139 comm="syz.1.8479" saddr=fe80::bb daddr=fe80::aa dest=20002 netif=wpan0 [ 845.241819][ T29] audit: type=1400 audit(1725999159.768:543): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="," requested=w pid=29157 comm="syz.1.8482" daddr=ff01::1 [ 845.286996][ T25] usb 4-1: Using ep0 maxpacket: 32 [ 845.303504][ T25] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 845.324786][ T25] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 845.347653][ T25] usb 4-1: New USB device found, idVendor=0079, idProduct=1801, bcdDevice= 0.00 [ 845.421626][ T25] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 845.467825][ T25] usb 4-1: config 0 descriptor?? [ 845.516027][ T25] usbhid 4-1:0.0: can't add hid device: -22 [ 845.536948][ T25] usbhid 4-1:0.0: probe with driver usbhid failed with error -22 [ 845.545264][T29172] netlink: 'syz.1.8484': attribute type 19 has an invalid length. [ 845.559264][T14350] hsr_slave_0: left promiscuous mode [ 845.595839][T14350] hsr_slave_1: left promiscuous mode [ 845.616751][T21981] Bluetooth: hci1: command tx timeout [ 845.657706][T14350] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 845.665294][T14350] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 845.687030][T14350] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 845.704949][ T29] audit: type=1326 audit(1725999160.228:544): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=29175 comm="syz.4.8485" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa3e5d7def9 code=0x7ffc0000 [ 845.726983][T14350] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 845.775769][ T29] audit: type=1326 audit(1725999160.228:545): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=29175 comm="syz.4.8485" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa3e5d7def9 code=0x7ffc0000 [ 845.835636][ T29] audit: type=1326 audit(1725999160.238:546): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=29175 comm="syz.4.8485" exe="/root/syz-executor" sig=0 arch=c000003e syscall=431 compat=0 ip=0x7fa3e5d7def9 code=0x7ffc0000 [ 845.872827][T14350] veth1_macvtap: left promiscuous mode [ 845.903065][ T29] audit: type=1326 audit(1725999160.238:547): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=29175 comm="syz.4.8485" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa3e5d7def9 code=0x7ffc0000 [ 845.907618][T14350] veth0_macvtap: left promiscuous mode [ 845.966810][ T29] audit: type=1326 audit(1725999160.238:548): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=29175 comm="syz.4.8485" exe="/root/syz-executor" sig=0 arch=c000003e syscall=432 compat=0 ip=0x7fa3e5d7def9 code=0x7ffc0000 [ 845.976758][T14350] veth1_vlan: left promiscuous mode [ 846.017476][ T9] usb 2-1: new high-speed USB device number 87 using dummy_hcd [ 846.036802][T14350] veth0_vlan: left promiscuous mode [ 846.043342][ T29] audit: type=1326 audit(1725999160.238:549): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=29175 comm="syz.4.8485" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa3e5d7def9 code=0x7ffc0000 [ 846.108599][ T29] audit: type=1326 audit(1725999160.238:550): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=29175 comm="syz.4.8485" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa3e5d7def9 code=0x7ffc0000 [ 846.197310][ T9] usb 2-1: Using ep0 maxpacket: 32 [ 846.208834][ T9] usb 2-1: New USB device found, idVendor=0572, idProduct=cb01, bcdDevice=66.3d [ 846.236723][ T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 846.261906][ T9] usb 2-1: config 0 descriptor?? [ 846.287344][ T9] cx82310_eth 2-1:0.0: probe with driver cx82310_eth failed with error -22 [ 846.298394][ T9] cxacru 2-1:0.0: usbatm_usb_probe: bind failed: -19! [ 846.741709][ T47] usb 4-1: USB disconnect, device number 74 [ 847.030766][T29203] smk_cipso_doi:695 remove rc = -2 [ 847.686597][T21981] Bluetooth: hci1: command tx timeout [ 848.091627][T29213] vivid-001: disconnect [ 848.127345][T29212] vivid-001: reconnect [ 848.276932][T14350] team0 (unregistering): Port device team_slave_1 removed [ 848.500486][T14350] team0 (unregistering): Port device team_slave_0 removed [ 849.767145][T21981] Bluetooth: hci1: command tx timeout [ 849.862840][ T5332] usb 2-1: USB disconnect, device number 87 [ 850.018657][T29241] netlink: 12 bytes leftover after parsing attributes in process `syz.0.8500'. [ 850.325899][T29075] chnl_net:caif_netlink_parms(): no params data found [ 851.024989][T29075] bridge0: port 1(bridge_slave_0) entered blocking state [ 851.025318][ T5332] usb 4-1: new high-speed USB device number 75 using dummy_hcd [ 851.047835][T29075] bridge0: port 1(bridge_slave_0) entered disabled state [ 851.078096][T29075] bridge_slave_0: entered allmulticast mode [ 851.096137][T29075] bridge_slave_0: entered promiscuous mode [ 851.124976][T29408] A link change request failed with some changes committed already. Interface wg2 may have been left with an inconsistent configuration, please check. [ 851.223448][T29075] bridge0: port 2(bridge_slave_1) entered blocking state [ 851.236725][T29075] bridge0: port 2(bridge_slave_1) entered disabled state [ 851.247261][ T5332] usb 4-1: too many configurations: 9, using maximum allowed: 8 [ 851.263453][T29075] bridge_slave_1: entered allmulticast mode [ 851.279091][ T5332] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 851.288824][T29075] bridge_slave_1: entered promiscuous mode [ 851.296564][ T5332] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 851.317367][ T5332] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has invalid wMaxPacketSize 0 [ 851.357632][ T5332] usb 4-1: config 0 interface 0 has no altsetting 0 [ 851.373019][ T5332] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 851.403643][ T5332] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 851.435908][ T5332] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has invalid wMaxPacketSize 0 [ 851.468759][ T5332] usb 4-1: config 0 interface 0 has no altsetting 0 [ 851.481061][T29075] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 851.485599][ T5332] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 851.512719][T29075] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 851.546176][ T5332] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 851.576582][ T5332] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has invalid wMaxPacketSize 0 [ 851.609867][ T5332] usb 4-1: config 0 interface 0 has no altsetting 0 [ 851.638609][ T5332] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 851.658693][ T5332] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 851.695132][ T5332] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has invalid wMaxPacketSize 0 [ 851.720865][T29075] team0: Port device team_slave_0 added [ 851.731372][ T5332] usb 4-1: config 0 interface 0 has no altsetting 0 [ 851.750968][ T5332] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 851.765999][ T5332] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 851.768424][T29075] team0: Port device team_slave_1 added [ 851.783854][ T5332] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has invalid wMaxPacketSize 0 [ 851.807674][ T5332] usb 4-1: config 0 interface 0 has no altsetting 0 [ 851.844929][ T5332] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 851.861530][T21981] Bluetooth: hci1: command tx timeout [ 851.878248][ T5332] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 851.906808][ T5332] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has invalid wMaxPacketSize 0 [ 851.918025][ T5332] usb 4-1: config 0 interface 0 has no altsetting 0 [ 851.927197][ T5332] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 851.937144][ T5332] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 851.956595][ T5332] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has invalid wMaxPacketSize 0 [ 851.966410][ T5332] usb 4-1: config 0 interface 0 has no altsetting 0 [ 851.990217][ T5332] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 852.006631][ T5332] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 852.035976][ T5332] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has invalid wMaxPacketSize 0 [ 852.048166][T29075] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 852.050342][ T5332] usb 4-1: config 0 interface 0 has no altsetting 0 [ 852.083284][T29075] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 852.085842][ T5332] usb 4-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 852.163989][T29075] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 852.166610][ T5332] usb 4-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 852.233642][ T5332] usb 4-1: Product: syz [ 852.247699][ T5332] usb 4-1: Manufacturer: syz [ 852.248268][T29075] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 852.270236][ T5332] usb 4-1: SerialNumber: syz [ 852.279103][ T5332] usb 4-1: config 0 descriptor?? [ 852.287487][T29075] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 852.300221][ T5332] yurex 4-1:0.0: Could not submitting URB [ 852.351764][ T5332] yurex 4-1:0.0: probe with driver yurex failed with error -5 [ 852.363897][ T29] kauditd_printk_skb: 3 callbacks suppressed [ 852.363922][ T29] audit: type=1400 audit(1725999166.888:554): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="," requested=w pid=29495 comm="syz.0.8515" daddr=::1c9a:e7ff:fe9a:6f34 [ 852.416624][T29075] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 852.440716][ T29] audit: type=1400 audit(1725999166.888:555): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="," requested=w pid=29495 comm="syz.0.8515" daddr=2001::1 [ 852.643202][T29075] hsr_slave_0: entered promiscuous mode [ 852.687914][ T5228] usb 4-1: USB disconnect, device number 75 [ 852.698637][T29075] hsr_slave_1: entered promiscuous mode [ 852.718045][T29075] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 852.725692][T29075] Cannot create hsr debugfs directory [ 852.920817][T29560] sctp: [Deprecated]: syz.1.8519 (pid 29560) Use of int in maxseg socket option. [ 852.920817][T29560] Use struct sctp_assoc_value instead [ 853.332450][T29619] netlink: 168 bytes leftover after parsing attributes in process `syz.4.8523'. [ 853.357758][T29619] netlink: 'syz.4.8523': attribute type 2 has an invalid length. [ 853.379204][T29619] netlink: 60 bytes leftover after parsing attributes in process `syz.4.8523'. [ 853.540590][T29626] netlink: 'syz.1.8526': attribute type 10 has an invalid length. [ 853.583894][T29626] syz_tun: entered promiscuous mode [ 853.653501][T29626] bond0: (slave syz_tun): Enslaving as an active interface with an up link [ 854.039439][T29654] netlink: 8 bytes leftover after parsing attributes in process `syz.1.8532'. [ 854.052627][ T29] audit: type=1326 audit(1725999168.578:556): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=29657 comm="syz.4.8533" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa3e5d7def9 code=0x7ffc0000 [ 854.129707][ T29] audit: type=1326 audit(1725999168.608:557): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=29657 comm="syz.4.8533" exe="/root/syz-executor" sig=0 arch=c000003e syscall=63 compat=0 ip=0x7fa3e5d7def9 code=0x7ffc0000 [ 854.226607][ T29] audit: type=1326 audit(1725999168.608:558): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=29657 comm="syz.4.8533" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa3e5d7def9 code=0x7ffc0000 [ 854.248263][ C0] vkms_vblank_simulate: vblank timer overrun [ 854.283157][ T29] audit: type=1326 audit(1725999168.608:559): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=29657 comm="syz.4.8533" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa3e5d7def9 code=0x7ffc0000 [ 854.297149][T29075] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 854.328259][T29668] Bluetooth: hci4: Opcode 0x0c20 failed: -22 [ 854.389510][T29075] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 854.461456][T29075] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 854.484466][ T29] audit: type=1400 audit(1725999169.008:560): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="," requested=w pid=29677 comm="syz.3.8538" daddr=fc02:: [ 854.518430][T29075] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 854.743256][T29684] Bluetooth: hci3: unsupported parameter 65535 [ 854.779094][T29684] Bluetooth: hci3: invalid length 1, exp 2 for type 16 [ 854.861991][T29075] 8021q: adding VLAN 0 to HW filter on device bond0 [ 854.935490][T29075] 8021q: adding VLAN 0 to HW filter on device team0 [ 854.986985][ T963] bridge0: port 1(bridge_slave_0) entered blocking state [ 854.994330][ T963] bridge0: port 1(bridge_slave_0) entered forwarding state [ 855.042369][ T11] bridge0: port 2(bridge_slave_1) entered blocking state [ 855.049625][ T11] bridge0: port 2(bridge_slave_1) entered forwarding state [ 855.408918][ T47] usb 4-1: new high-speed USB device number 76 using dummy_hcd [ 855.642697][ T47] usb 4-1: Using ep0 maxpacket: 16 [ 855.668368][ T47] usb 4-1: config 0 has an invalid interface number: 8 but max is 0 [ 855.675568][T29075] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 855.676414][ T47] usb 4-1: config 0 has no interface number 0 [ 855.692167][ T47] usb 4-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 855.732749][ T47] usb 4-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 855.769474][ T47] usb 4-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f [ 855.795405][ T47] usb 4-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3 [ 855.824111][ T47] usb 4-1: Product: syz [ 855.834653][ T47] usb 4-1: SerialNumber: syz [ 855.845860][ T47] usb 4-1: config 0 descriptor?? [ 855.859082][ T47] cm109 4-1:0.8: invalid payload size 0, expected 4 [ 855.864663][T29075] veth0_vlan: entered promiscuous mode [ 855.878036][ T47] input: CM109 USB driver as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.8/input/input109 [ 855.933902][T29075] veth1_vlan: entered promiscuous mode [ 856.029625][T29075] veth0_macvtap: entered promiscuous mode [ 856.053199][T29075] veth1_macvtap: entered promiscuous mode [ 856.102663][T29075] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 856.127543][T29075] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 856.150221][T29075] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 856.165115][ C1] cm109 4-1:0.8: cm109_urb_ctl_callback: usb_submit_urb (urb_irq) failed -90 [ 856.165629][T29075] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 856.197399][T29075] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 856.216256][T29075] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 856.236105][T29075] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 856.257768][T29075] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 856.278698][T29075] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 856.318931][T29075] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 856.343976][T29075] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 856.364596][T29075] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 856.376379][T29075] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 856.376409][T29075] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 856.398024][ T9] usb 5-1: new high-speed USB device number 66 using dummy_hcd [ 856.411824][T29075] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 856.411862][T29075] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 856.411882][T29075] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 856.411903][T29075] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 856.411920][T29075] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 856.411940][T29075] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 856.411957][T29075] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 856.413956][T29075] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 856.417067][T21981] Bluetooth: hci4: command tx timeout [ 856.442710][T29075] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 856.442755][T29075] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 856.442796][T29075] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 856.442829][T29075] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 856.617891][ T9] usb 5-1: Using ep0 maxpacket: 16 [ 856.625595][ T9] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 856.625655][ T9] usb 5-1: New USB device found, idVendor=05ac, idProduct=0244, bcdDevice= 0.00 [ 856.625685][ T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 856.629370][ T9] usb 5-1: config 0 descriptor?? [ 856.656244][ T9] input: bcm5974 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/input/input110 [ 856.737007][ T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 856.737087][ T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 856.880611][T23909] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 856.880641][T23909] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 857.091089][ T4659] bcm5974 5-1:0.0: could not read from device [ 857.137403][ T9] usb 5-1: USB disconnect, device number 66 [ 857.210551][ T4659] bcm5974 5-1:0.0: could not read from device [ 857.234743][ T4659] bcm5974 5-1:0.0: could not read from device [ 857.364321][ T29] audit: type=1400 audit(1725999171.888:561): lsm=SMACK fn=smack_socket_sock_rcv_skb action=denied subject="," object="_" requested=w pid=29772 comm="syz.0.8560" daddr=fe80::aa dest=20002 netif=wpan0 [ 857.394679][ C1] cm109 4-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 857.402434][ C1] cm109 4-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 857.409863][ C1] cm109 4-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 857.419252][ C1] cm109 4-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 857.429313][ C1] cm109 4-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 857.436551][ C1] cm109 4-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 857.443750][ C1] cm109 4-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 857.450946][ C1] cm109 4-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 857.458307][ C1] cm109 4-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 857.465527][ C1] cm109 4-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 857.475163][ T25] usb 4-1: USB disconnect, device number 76 [ 857.481150][ C1] cm109 4-1:0.8: cm109_submit_buzz_toggle: usb_submit_urb (urb_ctl) failed -19 [ 857.491246][T29771] netlink: 'syz.1.8559': attribute type 4 has an invalid length. [ 857.505826][T29771] netlink: 17 bytes leftover after parsing attributes in process `syz.1.8559'. [ 857.526788][ T25] cm109 4-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19 [ 859.455311][T14350] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 860.582552][T14350] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 860.597810][T29830] netlink: 5300 bytes leftover after parsing attributes in process `syz.1.8573'. [ 860.638051][T29830] openvswitch: netlink: IP tunnel dst address not specified [ 860.832786][ T29] audit: type=1400 audit(1725999175.358:562): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="," requested=w pid=29838 comm="syz.1.8577" daddr=fe80:: [ 860.939588][T14350] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 860.996894][T26681] usb 5-1: new high-speed USB device number 67 using dummy_hcd [ 861.208089][T26681] usb 5-1: Using ep0 maxpacket: 8 [ 861.229668][T14350] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 861.244368][T26681] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 861.287223][T26681] usb 5-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 861.324089][ T55] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 861.329291][T26681] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 861.342040][ T55] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 861.367094][ T55] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 861.378354][ T55] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 861.386366][ T55] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 861.395537][ T55] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 861.404321][T26681] usb 5-1: config 0 descriptor?? [ 861.480471][T29855] block nbd3: shutting down sockets [ 861.703231][T26681] iowarrior 5-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 861.994420][T14350] bridge_slave_1: left allmulticast mode [ 862.004038][T14350] bridge_slave_1: left promiscuous mode [ 862.017869][T14350] bridge0: port 2(bridge_slave_1) entered disabled state [ 862.097710][T14350] bridge_slave_0: left allmulticast mode [ 862.103447][T14350] bridge_slave_0: left promiscuous mode [ 862.107923][T26681] usb 5-1: USB disconnect, device number 67 [ 862.132351][T14350] bridge0: port 1(bridge_slave_0) entered disabled state [ 862.137706][T26681] iowarrior 5-1:0.0: I/O-Warror #0 now disconnected [ 862.407288][T18996] usb 2-1: new high-speed USB device number 88 using dummy_hcd [ 862.618865][T18996] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 862.645630][T18996] usb 2-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 862.676254][T18996] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 862.718722][T18996] usb 2-1: config 0 descriptor?? [ 863.147853][T18996] keytouch 0003:0926:3333.008D: fixing up Keytouch IEC report descriptor [ 863.201875][T18996] input: HID 0926:3333 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:0926:3333.008D/input/input111 [ 863.347851][T29978] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 863.383276][T29978] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 863.466927][ T55] Bluetooth: hci1: command tx timeout [ 863.510466][T18996] keytouch 0003:0926:3333.008D: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.1-1/input0 [ 863.761859][T14350] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 863.785010][ T5228] usb 2-1: USB disconnect, device number 88 [ 863.830825][T14350] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 863.873142][T14350] bond0 (unregistering): Released all slaves [ 863.949335][T29847] chnl_net:caif_netlink_parms(): no params data found [ 864.335275][ T29] audit: type=1400 audit(1725999178.838:563): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="," requested=w pid=30065 comm="syz.4.8589" daddr=::ffff:0.0.0.0 dest=20000 [ 864.421703][ T29] audit: type=1400 audit(1725999178.918:564): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="," requested=w pid=30069 comm="syz.4.8592" daddr=ff01::1 [ 864.508421][ T29] audit: type=1400 audit(1725999178.918:565): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="," requested=w pid=30069 comm="syz.4.8592" daddr=fe80::bb dest=20004 [ 864.646661][T30106] netlink: 144316 bytes leftover after parsing attributes in process `syz.4.8593'. [ 864.712650][T30110] loop2: detected capacity change from 0 to 7 [ 864.754357][T30110] Dev loop2: unable to read RDB block 7 [ 864.765317][T30110] loop2: AHDI p1 p2 [ 864.776261][T30110] loop2: partition table partially beyond EOD, truncated [ 864.798812][T30106] netlink: 'syz.4.8593': attribute type 2 has an invalid length. [ 864.802769][T30110] loop2: p1 start 3496449972 is beyond EOD, truncated [ 864.869195][T30106] tipc: Started in network mode [ 864.894528][T30106] tipc: Node identity a, cluster identity 4711 [ 864.952194][T30106] tipc: Node number set to 10 [ 865.143121][T29847] bridge0: port 1(bridge_slave_0) entered blocking state [ 865.164347][T29847] bridge0: port 1(bridge_slave_0) entered disabled state [ 865.176804][T30124] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 865.183799][T29847] bridge_slave_0: entered allmulticast mode [ 865.208390][T29847] bridge_slave_0: entered promiscuous mode [ 865.227841][T29847] bridge0: port 2(bridge_slave_1) entered blocking state [ 865.235057][T29847] bridge0: port 2(bridge_slave_1) entered disabled state [ 865.270131][T29847] bridge_slave_1: entered allmulticast mode [ 865.288075][T29847] bridge_slave_1: entered promiscuous mode [ 865.453858][T14350] hsr_slave_0: left promiscuous mode [ 865.468724][T14350] hsr_slave_1: left promiscuous mode [ 865.475197][T14350] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 865.495165][T14350] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 865.508532][T14350] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 865.516056][T14350] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 865.532662][ T55] Bluetooth: hci1: command tx timeout [ 865.631366][T14350] veth1_macvtap: left promiscuous mode [ 865.676845][T14350] veth0_macvtap: left promiscuous mode [ 865.682583][T14350] veth1_vlan: left promiscuous mode [ 865.716680][T14350] veth0_vlan: left promiscuous mode [ 865.847740][ T5333] usb 2-1: new high-speed USB device number 89 using dummy_hcd [ 866.067742][ T5333] usb 2-1: Using ep0 maxpacket: 32 [ 866.105459][ T5333] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11 [ 866.128983][ T5333] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 59391, setting to 1024 [ 866.176001][ T5333] usb 2-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 866.186903][ T5333] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 866.203538][ T5333] usb 2-1: config 0 descriptor?? [ 866.214075][T30136] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 866.242294][ T5333] hub 2-1:0.0: USB hub found [ 866.465662][ T5333] hub 2-1:0.0: 2 ports detected [ 866.888243][ T5333] hub 2-1:0.0: set hub depth failed [ 866.911911][ T5333] usb 2-1: USB disconnect, device number 89 [ 867.619917][ T55] Bluetooth: hci1: command tx timeout [ 867.877030][T14350] team0 (unregistering): Port device team_slave_1 removed [ 868.200928][T14350] team0 (unregistering): Port device team_slave_0 removed [ 868.538146][T21981] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 868.566594][T21981] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 868.587537][T21981] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 868.599226][T21981] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 868.638012][T21981] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 868.667935][T21981] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 869.687577][ T55] Bluetooth: hci1: command tx timeout [ 869.906672][ T5309] usb 2-1: new high-speed USB device number 90 using dummy_hcd [ 870.120990][ T5309] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 870.146188][ T5309] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 8 [ 870.172157][ T5309] usb 2-1: New USB device found, idVendor=0499, idProduct=103e, bcdDevice=4e.18 [ 870.194725][ T5309] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 870.212145][ T5309] usb 2-1: Product: syz [ 870.216376][ T5309] usb 2-1: Manufacturer: syz [ 870.242593][ T5309] usb 2-1: SerialNumber: syz [ 870.273525][ T5309] usb 2-1: config 0 descriptor?? [ 870.290981][T29847] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 870.321257][T29847] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 870.409458][ T1270] ieee802154 phy0 wpan0: encryption failed: -22 [ 870.520177][ T5309] usb 2-1: Quirk or no altset; falling back to MIDI 1.0 [ 870.582533][ T5309] usb 2-1: USB disconnect, device number 90 [ 870.786127][T29847] team0: Port device team_slave_0 added [ 870.811950][ T55] Bluetooth: hci5: command tx timeout [ 870.910068][T29847] team0: Port device team_slave_1 added [ 871.079333][T29847] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 871.103566][T29847] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 871.141202][T29847] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 871.186336][T29847] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 871.204082][T29847] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 871.234114][T29847] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 871.515714][T29847] hsr_slave_0: entered promiscuous mode [ 871.557030][T29847] hsr_slave_1: entered promiscuous mode [ 871.563668][T29847] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 871.596738][T29847] Cannot create hsr debugfs directory [ 871.626999][T30359] team0: Device vlan2 is already an upper device of the team interface [ 872.183565][ T53] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 872.442410][ T53] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 872.517137][T26681] usb 4-1: new full-speed USB device number 77 using dummy_hcd [ 872.660159][ T53] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 872.679919][T30170] chnl_net:caif_netlink_parms(): no params data found [ 872.708046][T26681] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 512, setting to 64 [ 872.721020][T26681] usb 4-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 872.768138][T26681] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 872.786991][T26681] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 872.837471][T26681] usb 4-1: SerialNumber: syz [ 872.859687][T30440] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 872.869083][T30440] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 872.886684][ T55] Bluetooth: hci5: command tx timeout [ 872.899944][ T53] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 873.100818][T30440] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 873.116940][T30440] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 873.152912][ T29] audit: type=1400 audit(1725999187.678:566): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="," requested=w pid=30519 comm="syz.1.8627" dest=2 [ 873.328282][T30537] netlink: 16 bytes leftover after parsing attributes in process `syz.1.8628'. [ 873.745237][T26681] cdc_ether 4-1:1.0 wwan0: register 'cdc_ether' at usb-dummy_hcd.3-1, Mobile Broadband Network Device, 42:42:42:42:42:42 [ 873.795569][T26681] usb 4-1: USB disconnect, device number 77 [ 873.820147][T30170] bridge0: port 1(bridge_slave_0) entered blocking state [ 873.829269][T26681] cdc_ether 4-1:1.0 wwan0: unregister 'cdc_ether' usb-dummy_hcd.3-1, Mobile Broadband Network Device [ 873.837256][T30170] bridge0: port 1(bridge_slave_0) entered disabled state [ 873.874693][T30170] bridge_slave_0: entered allmulticast mode [ 873.896159][T30170] bridge_slave_0: entered promiscuous mode [ 873.915128][T30170] bridge0: port 2(bridge_slave_1) entered blocking state [ 873.935168][T30170] bridge0: port 2(bridge_slave_1) entered disabled state [ 873.942854][T30170] bridge_slave_1: entered allmulticast mode [ 873.962944][T30170] bridge_slave_1: entered promiscuous mode [ 874.365633][T30170] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 874.400383][T30170] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 874.445011][ T53] bridge_slave_1: left allmulticast mode [ 874.451268][ T53] bridge_slave_1: left promiscuous mode [ 874.469926][ T53] bridge0: port 2(bridge_slave_1) entered disabled state [ 874.493022][ T53] bridge_slave_0: left allmulticast mode [ 874.504992][ T53] bridge_slave_0: left promiscuous mode [ 874.514890][ T53] bridge0: port 1(bridge_slave_0) entered disabled state [ 874.970098][ T55] Bluetooth: hci5: command tx timeout [ 875.642677][ T53] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 875.672233][ T53] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 875.693151][ T53] bond0 (unregistering): Released all slaves [ 875.971650][T30689] A link change request failed with some changes committed already. Interface bond_slave_0 may have been left with an inconsistent configuration, please check. [ 876.046639][T30170] team0: Port device team_slave_0 added [ 876.109244][T30170] team0: Port device team_slave_1 added [ 876.459873][T30170] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 876.473800][T30170] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 876.554569][T30170] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 876.580639][T30170] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 876.598457][T30170] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 876.642574][T30170] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 877.046601][ T55] Bluetooth: hci5: command tx timeout [ 877.124304][T29847] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 877.159026][ T53] hsr_slave_0: left promiscuous mode [ 877.176759][ T53] hsr_slave_1: left promiscuous mode [ 877.182969][ T53] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 877.196539][ T53] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 877.208655][ T53] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 877.226634][ T53] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 877.284072][ T53] veth1_macvtap: left promiscuous mode [ 877.296665][ T53] veth0_macvtap: left promiscuous mode [ 877.302594][ T53] veth1_vlan: left promiscuous mode [ 877.308996][ T53] veth0_vlan: left promiscuous mode [ 877.416866][ T5332] usb 2-1: new low-speed USB device number 91 using dummy_hcd [ 877.638697][ T5332] usb 2-1: config 0 has an invalid interface number: 1 but max is 0 [ 877.654257][ T5332] usb 2-1: config 0 has no interface number 0 [ 877.666564][ T5332] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10 [ 877.706512][ T5332] usb 2-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 877.715696][ T5332] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 877.739920][ T5332] usb 2-1: config 0 descriptor?? [ 877.755121][ T5332] iowarrior 2-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0 [ 877.992009][ T5332] usb 2-1: USB disconnect, device number 91 [ 878.009087][ T5332] iowarrior 2-1:0.1: I/O-Warror #0 now disconnected [ 878.737933][ T53] team0 (unregistering): Port device team_slave_1 removed [ 878.918839][ T53] team0 (unregistering): Port device team_slave_0 removed [ 880.305759][T30170] hsr_slave_0: entered promiscuous mode [ 880.316380][T30170] hsr_slave_1: entered promiscuous mode [ 880.333623][T30170] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 880.346589][T30170] Cannot create hsr debugfs directory [ 880.368944][T29847] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 880.400262][T30826] netlink: 8 bytes leftover after parsing attributes in process `syz.1.8650'. [ 880.591941][T29847] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 880.625261][T30855] netlink: 16 bytes leftover after parsing attributes in process `syz.1.8652'. [ 880.670250][T30855] A link change request failed with some changes committed already. Interface bridge0 may have been left with an inconsistent configuration, please check. [ 880.888409][T29847] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 881.494481][T30916] netlink: 8 bytes leftover after parsing attributes in process `syz.3.8657'. [ 881.516673][T30916] netlink: 'syz.3.8657': attribute type 2 has an invalid length. [ 881.833671][T29847] 8021q: adding VLAN 0 to HW filter on device bond0 [ 882.056032][T29847] 8021q: adding VLAN 0 to HW filter on device team0 [ 882.125927][T23901] bridge0: port 1(bridge_slave_0) entered blocking state [ 882.133202][T23901] bridge0: port 1(bridge_slave_0) entered forwarding state [ 882.390157][ T963] bridge0: port 2(bridge_slave_1) entered blocking state [ 882.397416][ T963] bridge0: port 2(bridge_slave_1) entered forwarding state [ 882.668250][T23901] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 882.686561][ T5309] usb 2-1: new high-speed USB device number 92 using dummy_hcd [ 882.835366][T29847] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 882.866871][T29847] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 882.906665][ T5309] usb 2-1: Using ep0 maxpacket: 8 [ 882.920272][ T5309] usb 2-1: New USB device found, idVendor=054c, idProduct=0069, bcdDevice= a.8d [ 882.946820][ T5309] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 882.986607][ T5309] usb 2-1: config 0 descriptor?? [ 883.008854][ T5309] usb-storage 2-1:0.0: USB Mass Storage device detected [ 883.053570][T23901] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 883.092750][ T5309] usb-storage 2-1:0.0: Quirks match for vid 054c pid 0069: 1 [ 883.245764][ T5309] usb 2-1: USB disconnect, device number 92 [ 883.299404][T30989] random: crng reseeded on system resumption [ 883.411969][T23901] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 883.598502][T23901] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 883.705728][T30170] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 883.774302][T30170] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 883.843413][T30170] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 883.869354][T30170] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 883.902691][T29847] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 884.275540][T23901] bridge_slave_1: left allmulticast mode [ 884.284770][T23901] bridge_slave_1: left promiscuous mode [ 884.300115][T23901] bridge0: port 2(bridge_slave_1) entered disabled state [ 884.367809][T23901] bridge_slave_0: left allmulticast mode [ 884.398407][T23901] bridge_slave_0: left promiscuous mode [ 884.404200][T23901] bridge0: port 1(bridge_slave_0) entered disabled state [ 885.437838][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 885.732861][T21981] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 885.746237][T21981] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 885.776174][T21981] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 885.789905][T21981] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 885.798251][T21981] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 885.805759][T21981] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 886.164766][T23901] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 886.180890][T23901] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 886.196705][T23901] bond0 (unregistering): Released all slaves [ 886.336059][T23901] tipc: Left network mode [ 886.459549][T29847] veth0_vlan: entered promiscuous mode [ 886.614828][T31045] sctp: [Deprecated]: syz.1.8674 (pid 31045) Use of struct sctp_assoc_value in delayed_ack socket option. [ 886.614828][T31045] Use struct sctp_sack_info instead [ 886.844611][T29847] veth1_vlan: entered promiscuous mode [ 887.027872][T23901] hsr_slave_0: left promiscuous mode [ 887.055611][T23901] hsr_slave_1: left promiscuous mode [ 887.063701][T23901] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 887.071527][T23901] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 887.083151][T23901] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 887.090764][T23901] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 887.131461][T23901] veth1_macvtap: left promiscuous mode [ 887.137142][T23901] veth0_macvtap: left promiscuous mode [ 887.142957][T23901] veth1_vlan: left promiscuous mode [ 887.148540][T23901] veth0_vlan: left promiscuous mode [ 887.286857][ T25] usb 4-1: new high-speed USB device number 78 using dummy_hcd [ 887.496969][ T25] usb 4-1: Using ep0 maxpacket: 16 [ 887.523851][ T25] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 887.528253][T26681] usb 2-1: new high-speed USB device number 93 using dummy_hcd [ 887.535634][ T25] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 887.558476][ T25] usb 4-1: New USB device found, idVendor=1fd2, idProduct=6007, bcdDevice= 0.00 [ 887.604913][ T25] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 887.617387][ T25] usb 4-1: config 0 descriptor?? [ 887.745574][T26681] usb 2-1: config 0 has an invalid interface number: 18 but max is 0 [ 887.762452][T26681] usb 2-1: config 0 has no interface number 0 [ 887.771378][T26681] usb 2-1: config 0 interface 18 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 887.791212][T26681] usb 2-1: config 0 interface 18 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 887.828878][T26681] usb 2-1: New USB device found, idVendor=054c, idProduct=03d5, bcdDevice= 0.10 [ 887.873651][T26681] usb 2-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0 [ 887.890217][T26681] usb 2-1: Manufacturer: syz [ 887.898617][T26681] usb 2-1: config 0 descriptor?? [ 887.937158][ T55] Bluetooth: hci3: command tx timeout [ 888.079930][ T25] hid-multitouch 0003:1FD2:6007.008E: unknown main item tag 0x0 [ 888.096058][ T25] hid-multitouch 0003:1FD2:6007.008E: unknown main item tag 0x0 [ 888.103973][ T25] hid-multitouch 0003:1FD2:6007.008E: unknown main item tag 0x0 [ 888.119825][ T25] hid-multitouch 0003:1FD2:6007.008E: unknown main item tag 0x0 [ 888.134087][ T25] hid-multitouch 0003:1FD2:6007.008E: unknown main item tag 0x0 [ 888.156874][ T25] hid-multitouch 0003:1FD2:6007.008E: hidraw0: USB HID v0.00 Device [HID 1fd2:6007] on usb-dummy_hcd.3-1/input0 [ 888.385942][T26681] input: syz as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.18/0003:054C:03D5.008F/input/input112 [ 888.459801][ T943] usb 4-1: USB disconnect, device number 78 [ 888.501686][T26681] sony 0003:054C:03D5.008F: input,hidraw0: USB HID v0.00 Joystick [syz] on usb-dummy_hcd.1-1/input18 [ 888.650853][T26681] usb 2-1: USB disconnect, device number 93 [ 888.976238][T23901] team0 (unregistering): Port device team_slave_1 removed [ 889.142225][T23901] team0 (unregistering): Port device team_slave_0 removed [ 889.148773][ T29] audit: type=1400 audit(1725999459.671:567): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="," requested=w pid=31128 comm="syz.3.8680" daddr=::ffff:172.20.20.0 [ 890.024662][ T55] Bluetooth: hci3: command tx timeout [ 890.536627][ T9] usb 4-1: new full-speed USB device number 79 using dummy_hcd [ 890.700333][T30170] 8021q: adding VLAN 0 to HW filter on device bond0 [ 890.748717][ T9] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 890.776765][ T9] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 890.803467][ T9] usb 4-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8 [ 890.836665][ T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 890.855449][T30170] 8021q: adding VLAN 0 to HW filter on device team0 [ 890.882714][ T9] usb 4-1: config 0 descriptor?? [ 890.926113][ T9] dvb-usb: found a 'Artec T1 USB2.0' in warm state. [ 890.943853][ T9] dvb-usb: bulk message failed: -22 (3/0) [ 890.954951][ T1105] bridge0: port 1(bridge_slave_0) entered blocking state [ 890.962178][ T1105] bridge0: port 1(bridge_slave_0) entered forwarding state [ 890.993916][T29847] veth0_macvtap: entered promiscuous mode [ 891.003828][ T9] dvb-usb: will use the device's hardware PID filter (table count: 16). [ 891.034823][ T9] dvbdev: DVB: registering new adapter (Artec T1 USB2.0) [ 891.099315][ T9] usb 4-1: media controller created [ 891.144973][T23875] bridge0: port 2(bridge_slave_1) entered blocking state [ 891.152222][T23875] bridge0: port 2(bridge_slave_1) entered forwarding state [ 891.163818][T31142] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 891.179141][ T9] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 891.211096][T31142] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 891.261273][T29847] veth1_macvtap: entered promiscuous mode [ 891.261473][ T9] dvb-usb: bulk message failed: -22 (6/0) [ 891.271788][T31142] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 891.287093][ T9] dvb-usb: no frontend was attached by 'Artec T1 USB2.0' [ 891.310479][T31142] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 891.335876][ T9] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.3/usb4/4-1/input/input113 [ 891.389467][ T9] dvb-usb: schedule remote query interval to 150 msecs. [ 891.416573][ T9] dvb-usb: Artec T1 USB2.0 successfully initialized and connected. [ 891.440724][T29847] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 891.461077][ T9] usb 4-1: USB disconnect, device number 79 [ 891.462810][T29847] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 891.488920][T29847] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 891.503777][T29847] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 891.518895][T29847] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 891.570402][ T9] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected. [ 891.581636][T31003] chnl_net:caif_netlink_parms(): no params data found [ 891.642286][T30170] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 891.666916][T29847] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 891.678965][ T943] usb 2-1: new high-speed USB device number 94 using dummy_hcd [ 891.690013][T29847] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 891.700376][T29847] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 891.711922][T29847] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 891.722197][T29847] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 891.732795][T29847] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 891.750566][T29847] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 891.763724][T29847] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 891.788252][T29847] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 891.877519][ T943] usb 2-1: Using ep0 maxpacket: 16 [ 891.885186][T29847] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 891.906708][T29847] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 891.906908][ T943] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 891.928288][T29847] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 891.945024][T29847] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 891.953941][ T943] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 891.986580][ T943] usb 2-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 892.000339][ T943] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 892.028523][ T943] usb 2-1: config 0 descriptor?? [ 892.087581][ T55] Bluetooth: hci3: command tx timeout [ 892.317536][T31003] bridge0: port 1(bridge_slave_0) entered blocking state [ 892.356980][T31003] bridge0: port 1(bridge_slave_0) entered disabled state [ 892.364415][T31003] bridge_slave_0: entered allmulticast mode [ 892.394241][T31003] bridge_slave_0: entered promiscuous mode [ 892.430138][T31003] bridge0: port 2(bridge_slave_1) entered blocking state [ 892.448581][T31182] raw-gadget.0 gadget.1: fail, usb_ep_set_wedge returned -11 [ 892.457409][T31003] bridge0: port 2(bridge_slave_1) entered disabled state [ 892.464725][T31003] bridge_slave_1: entered allmulticast mode [ 892.498059][T31003] bridge_slave_1: entered promiscuous mode [ 892.503849][ T943] usbhid 2-1:0.0: can't add hid device: -71 [ 892.546018][ T943] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 892.571063][ T943] usb 2-1: USB disconnect, device number 94 [ 892.681699][T31003] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 892.743354][T30170] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 892.780603][T31003] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 892.915427][T31003] team0: Port device team_slave_0 added [ 892.942060][T31003] team0: Port device team_slave_1 added [ 893.131137][T31003] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 893.146962][T31003] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 893.210641][T31003] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 893.238910][T31003] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 893.245922][T31003] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 893.285695][T31003] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 893.327521][T23901] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 893.335398][T23901] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 893.636249][T31003] hsr_slave_0: entered promiscuous mode [ 893.664323][T31003] hsr_slave_1: entered promiscuous mode [ 893.675932][T31003] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 893.692686][T31003] Cannot create hsr debugfs directory [ 893.739287][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 893.761024][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 893.916564][ T47] usb 2-1: new high-speed USB device number 95 using dummy_hcd [ 894.110944][T30170] veth0_vlan: entered promiscuous mode [ 894.116656][ T47] usb 2-1: Using ep0 maxpacket: 32 [ 894.132356][ T47] usb 2-1: New USB device found, idVendor=05a9, idProduct=1550, bcdDevice=e4.bb [ 894.154971][ T47] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 894.168174][ T55] Bluetooth: hci3: command tx timeout [ 894.196690][ T47] usb 2-1: Product: syz [ 894.201020][ T47] usb 2-1: Manufacturer: syz [ 894.205648][ T47] usb 2-1: SerialNumber: syz [ 894.250309][ T47] usb 2-1: config 0 descriptor?? [ 894.279414][ T47] gspca_main: ov534_9-2.14.0 probing 05a9:1550 [ 894.564848][T14350] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 894.703847][T30170] veth1_vlan: entered promiscuous mode [ 894.810570][T14350] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 894.985073][T14350] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 895.135257][T14350] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 895.175733][T30170] veth0_macvtap: entered promiscuous mode [ 895.204750][T30170] veth1_macvtap: entered promiscuous mode [ 895.266377][T30170] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 895.288587][T30170] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 895.308244][ T47] gspca_ov534_9: reg_w failed -71 [ 895.317525][T30170] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 895.336495][T30170] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 895.346378][T30170] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 895.387094][T30170] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 895.408836][T30170] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 895.473774][T30170] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 895.500015][T30170] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 895.513385][T30170] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 895.524055][T30170] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 895.534781][T30170] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 895.548411][T30170] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 895.559717][T30170] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 895.571344][T30170] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 895.581374][T30170] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 895.592187][T30170] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 895.629420][T30170] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 895.674444][T30170] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 895.692963][T30170] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 895.726547][T30170] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 895.726700][ T47] gspca_ov534_9: Unknown sensor 0000 [ 895.735290][T30170] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 895.804304][ T47] ov534_9 2-1:0.0: probe with driver ov534_9 failed with error -22 [ 895.863833][ T47] usb 2-1: USB disconnect, device number 95 [ 896.369359][T14350] bridge_slave_1: left allmulticast mode [ 896.386754][T14350] bridge_slave_1: left promiscuous mode [ 896.392616][T14350] bridge0: port 2(bridge_slave_1) entered disabled state [ 896.418798][T14350] bridge_slave_0: left allmulticast mode [ 896.434835][T14350] bridge_slave_0: left promiscuous mode [ 896.445184][T14350] bridge0: port 1(bridge_slave_0) entered disabled state [ 896.478221][T21981] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 896.495279][T21981] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 896.508912][T21981] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 896.519330][T21981] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 896.531503][T21981] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 896.539155][T21981] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 897.645994][T14350] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 897.661350][T14350] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 897.684104][T14350] bond0 (unregistering): Released all slaves [ 897.743055][ T963] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 897.761769][ T963] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 898.064786][T31003] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 898.085067][T31646] netlink: 4 bytes leftover after parsing attributes in process `syz.3.8699'. [ 898.099284][T31003] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 898.240213][T31003] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 898.287322][T23901] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 898.303822][T23901] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 898.395994][T31003] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 898.647391][T21981] Bluetooth: hci1: command tx timeout [ 898.675429][T14350] hsr_slave_0: left promiscuous mode [ 898.684862][T14350] hsr_slave_1: left promiscuous mode [ 898.698236][T14350] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 898.705724][T14350] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 898.717537][T14350] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 898.755703][T14350] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 898.821673][T14350] veth1_macvtap: left promiscuous mode [ 898.827570][T14350] veth0_macvtap: left promiscuous mode [ 898.833923][T14350] veth1_vlan: left promiscuous mode [ 898.845427][T14350] veth0_vlan: left promiscuous mode [ 900.207330][T14350] team0 (unregistering): Port device team_slave_1 removed [ 900.331662][T14350] team0 (unregistering): Port device team_slave_0 removed [ 900.727571][T21981] Bluetooth: hci1: command tx timeout [ 902.324541][ T29] audit: type=1400 audit(1725999472.841:568): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="," requested=w pid=31755 comm="syz.0.8707" daddr=fe80::aa [ 902.506657][ T943] usb 4-1: new high-speed USB device number 80 using dummy_hcd [ 902.543308][T31003] 8021q: adding VLAN 0 to HW filter on device bond0 [ 902.613085][T31617] chnl_net:caif_netlink_parms(): no params data found [ 902.643612][T31003] 8021q: adding VLAN 0 to HW filter on device team0 [ 902.700516][ T943] usb 4-1: Using ep0 maxpacket: 32 [ 902.723679][ T943] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 902.738169][ T53] bridge0: port 1(bridge_slave_0) entered blocking state [ 902.745391][ T53] bridge0: port 1(bridge_slave_0) entered forwarding state [ 902.765870][ T943] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7 [ 902.798837][ T53] bridge0: port 2(bridge_slave_1) entered blocking state [ 902.806056][ T53] bridge0: port 2(bridge_slave_1) entered forwarding state [ 902.815328][T21981] Bluetooth: hci1: command tx timeout [ 902.825179][ T943] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0 [ 902.845807][ T943] usb 4-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 902.865477][ T943] usb 4-1: config 1 interface 1 has no altsetting 0 [ 902.883865][ T943] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 902.919404][ T943] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 902.930242][ T943] usb 4-1: Product: syz [ 902.934744][ T943] usb 4-1: Manufacturer: syz [ 902.939550][ T943] usb 4-1: SerialNumber: syz [ 903.118554][ T29] audit: type=1400 audit(1725999473.641:569): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="," requested=w pid=31844 comm="syz.0.8713" daddr=fe80:: [ 903.198184][ T943] usb 4-1: 2:1 : no or invalid class specific endpoint descriptor [ 903.216690][ T943] usb 4-1: 2:1 : no or invalid class specific endpoint descriptor [ 903.231662][T31617] bridge0: port 1(bridge_slave_0) entered blocking state [ 903.257552][T31617] bridge0: port 1(bridge_slave_0) entered disabled state [ 903.280124][T31617] bridge_slave_0: entered allmulticast mode [ 903.301247][T31617] bridge_slave_0: entered promiscuous mode [ 903.358341][T31617] bridge0: port 2(bridge_slave_1) entered blocking state [ 903.390108][ T943] usb 4-1: USB disconnect, device number 80 [ 903.397470][T31617] bridge0: port 2(bridge_slave_1) entered disabled state [ 903.430591][T31617] bridge_slave_1: entered allmulticast mode [ 903.446485][ T29] audit: type=1400 audit(1725999473.951:570): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="," requested=w pid=31872 comm="syz.0.8715" daddr=ff26:6500:42e2:dacd:0:5efe:236.230.190.24 dest=35511 [ 903.492411][T31617] bridge_slave_1: entered promiscuous mode [ 903.664373][T31617] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 903.703349][T31617] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 903.887566][T31617] team0: Port device team_slave_0 added [ 903.915957][ T29] audit: type=1400 audit(1725999474.431:571): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="," requested=w pid=31947 comm="syz.1.8718" daddr=ff02::1 dest=52770 [ 903.995663][T31003] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 904.079709][T31617] team0: Port device team_slave_1 added [ 904.268756][T31617] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 904.275928][T31617] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 904.323639][T31617] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 904.390487][T31617] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 904.417398][T31617] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 904.497736][T31617] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 904.792324][T31617] hsr_slave_0: entered promiscuous mode [ 904.826785][T31617] hsr_slave_1: entered promiscuous mode [ 904.846363][T31617] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 904.854159][T31617] Cannot create hsr debugfs directory [ 904.886734][T21981] Bluetooth: hci1: command tx timeout [ 905.027493][ T5332] usb 1-1: new high-speed USB device number 68 using dummy_hcd [ 905.067555][T31003] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 905.228949][ T5332] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 905.260436][ T5332] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 905.292172][ T5332] usb 1-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 905.319008][ T5332] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 905.351675][ T5332] usb 1-1: SerialNumber: syz [ 905.598724][ T5332] usb 1-1: 0:2 : does not exist [ 905.979487][T31003] veth0_vlan: entered promiscuous mode [ 906.109028][T31003] veth1_vlan: entered promiscuous mode [ 906.111871][ T47] usb 1-1: USB disconnect, device number 68 [ 906.243754][T31003] veth0_macvtap: entered promiscuous mode [ 906.383080][T31003] veth1_macvtap: entered promiscuous mode [ 906.552365][T31003] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 906.586920][T31003] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 906.613132][T31003] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 906.644285][T31003] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 906.672527][T31003] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 906.703606][T31003] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 906.726086][T31003] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 906.755085][T31003] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 906.790888][T31003] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 906.833829][T31003] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 906.863345][T31003] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 906.890120][T31003] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 906.916549][T31003] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 906.937358][T31003] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 906.985546][T31003] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 907.027406][T31003] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 907.059139][T31003] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 907.101428][T31003] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 907.141432][T31617] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 907.191957][T31617] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 907.266370][T31617] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 907.285797][T32179] netlink: 4 bytes leftover after parsing attributes in process `syz.3.8738'. [ 907.804100][T31617] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 907.852793][T31003] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 907.896574][T31003] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 907.930631][T31003] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 907.944711][T31003] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 908.366699][ T5332] usb 2-1: new high-speed USB device number 96 using dummy_hcd [ 908.515941][ T1105] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 908.536520][ T1105] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 908.547460][ T5332] usb 2-1: Using ep0 maxpacket: 16 [ 908.556437][ T5332] usb 2-1: config 0 has no interfaces? [ 908.568918][ T5332] usb 2-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 908.581123][ T5332] usb 2-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 908.601180][ T5332] usb 2-1: Manufacturer: syz [ 908.623780][ T5332] usb 2-1: config 0 descriptor?? [ 908.661800][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 908.686533][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 908.804980][T31617] 8021q: adding VLAN 0 to HW filter on device bond0 [ 908.882887][T31617] 8021q: adding VLAN 0 to HW filter on device team0 [ 908.920401][ T53] bridge0: port 1(bridge_slave_0) entered blocking state [ 908.927687][ T53] bridge0: port 1(bridge_slave_0) entered forwarding state [ 908.984680][T23901] bridge0: port 2(bridge_slave_1) entered blocking state [ 908.991964][T23901] bridge0: port 2(bridge_slave_1) entered forwarding state [ 909.009006][T32230] input: syz1 as /devices/virtual/input/input114 [ 909.035411][ T5332] usb 2-1: USB disconnect, device number 96 [ 909.310833][T31617] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 910.053904][T31617] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 910.645980][ T53] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 910.921827][ T55] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 910.934402][ T55] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 910.945016][ T55] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 910.962269][ T55] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 910.971519][ T55] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 910.985403][ T55] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 911.002669][ T53] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 911.060420][T31617] veth0_vlan: entered promiscuous mode [ 911.067125][T32283] netlink: 44 bytes leftover after parsing attributes in process `syz.3.8757'. [ 911.098555][ T47] usb 1-1: new high-speed USB device number 69 using dummy_hcd [ 911.127935][T31617] veth1_vlan: entered promiscuous mode [ 911.267089][ T53] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 911.318537][ T47] usb 1-1: config index 0 descriptor too short (expected 45, got 36) [ 911.346833][ T47] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 911.389650][ T47] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 911.411110][ T47] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 911.458598][ T47] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 911.488632][ T53] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 911.506325][ T47] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 911.516322][ T47] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 911.595976][ T47] usb 1-1: config 0 descriptor?? [ 911.635094][T31617] veth0_macvtap: entered promiscuous mode [ 911.705352][T31617] veth1_macvtap: entered promiscuous mode [ 912.015824][T31617] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 912.037628][T31617] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 912.070045][T31617] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 912.096486][T31617] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 912.120271][ T47] plantronics 0003:047F:FFFF.0090: unknown main item tag 0xd [ 912.136565][T31617] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 912.151894][ T47] plantronics 0003:047F:FFFF.0090: No inputs registered, leaving [ 912.170253][T31617] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 912.196844][ T47] plantronics 0003:047F:FFFF.0090: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 912.209687][T31617] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 912.230423][T31617] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 912.248322][T31617] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 912.334809][T31617] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 912.374428][T31617] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 912.394806][T31617] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 912.416166][T31617] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 912.437396][T31617] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 912.457394][T31617] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 912.474519][T31617] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 912.497709][ T47] usb 1-1: USB disconnect, device number 69 [ 912.505986][T31617] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 912.531477][T31617] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 912.551255][T31617] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 912.571093][T31617] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 912.585083][T31617] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 912.585621][T32378] xt_hashlimit: size too large, truncated to 1048576 [ 912.597284][T31617] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 912.682265][ T53] bridge_slave_1: left allmulticast mode [ 912.688339][ T29] audit: type=1400 audit(1725999483.201:572): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="," requested=w pid=32377 comm="syz.3.8771" [ 912.704218][ T53] bridge_slave_1: left promiscuous mode [ 912.724450][ T53] bridge0: port 2(bridge_slave_1) entered disabled state [ 912.759167][ T53] bridge_slave_0: left allmulticast mode [ 912.785378][ T53] bridge_slave_0: left promiscuous mode [ 912.795732][ T53] bridge0: port 1(bridge_slave_0) entered disabled state [ 913.047043][ T55] Bluetooth: hci3: command tx timeout [ 913.621301][ T29] audit: type=1400 audit(1725999484.131:573): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="," requested=w pid=32393 comm="syz.0.8774" daddr=ff02::1 [ 914.849485][ T53] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 914.876240][ T53] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 914.905400][ T53] bond0 (unregistering): Released all slaves [ 915.127833][ T55] Bluetooth: hci3: command tx timeout [ 915.199582][T31617] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 915.256636][T31617] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 915.284753][T31617] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 915.318478][T32441] usb usb1: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 915.319987][T31617] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 915.708400][T32280] chnl_net:caif_netlink_parms(): no params data found [ 916.112939][T32502] can0: slcan on ttyS3. [ 916.268854][T32518] can0 (unregistered): slcan off ttyS3. [ 916.352405][ T53] hsr_slave_0: left promiscuous mode [ 916.386764][ T53] hsr_slave_1: left promiscuous mode [ 916.400802][ T53] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 916.426619][ T53] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 916.467403][ T53] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 916.488649][ T53] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 916.579057][ T53] veth1_macvtap: left promiscuous mode [ 916.584682][ T53] veth0_macvtap: left promiscuous mode [ 916.636723][ T53] veth1_vlan: left promiscuous mode [ 916.642140][ T53] veth0_vlan: left promiscuous mode [ 917.207502][ T55] Bluetooth: hci3: command tx timeout [ 919.286756][ T55] Bluetooth: hci3: command tx timeout [ 919.897791][ T53] team0 (unregistering): Port device team_slave_1 removed [ 920.093494][ T53] team0 (unregistering): Port device team_slave_0 removed [ 921.767369][T32280] bridge0: port 1(bridge_slave_0) entered blocking state [ 921.775621][T32280] bridge0: port 1(bridge_slave_0) entered disabled state [ 921.786365][T32280] bridge_slave_0: entered allmulticast mode [ 921.794169][T32280] bridge_slave_0: entered promiscuous mode [ 921.825701][T32280] bridge0: port 2(bridge_slave_1) entered blocking state [ 921.834584][T32280] bridge0: port 2(bridge_slave_1) entered disabled state [ 921.843450][T32280] bridge_slave_1: entered allmulticast mode [ 921.851345][T32280] bridge_slave_1: entered promiscuous mode [ 921.879847][T32606] bridge0: port 3(macvlan2) entered blocking state [ 921.896600][T32606] bridge0: port 3(macvlan2) entered disabled state [ 921.903437][T32606] macvlan2: entered allmulticast mode [ 921.913076][T32606] macvlan2: entered promiscuous mode [ 922.170345][T23901] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 922.198652][T23901] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 922.262264][ T29] audit: type=1400 audit(1725999492.781:574): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="," requested=w pid=32649 comm="syz.1.8809" daddr=ff01::1 [ 922.280992][T32280] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 922.331017][T32280] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 922.570328][T23875] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 922.606060][T23875] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 922.631265][T32280] team0: Port device team_slave_0 added [ 922.681987][T32280] team0: Port device team_slave_1 added [ 922.827607][ T5332] usb 4-1: new high-speed USB device number 81 using dummy_hcd [ 922.864015][T32280] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 922.890177][T32280] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 922.977511][T32280] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 923.028745][ T5332] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 923.084456][ T5332] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 923.126473][ T5332] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 923.141130][T32280] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 923.148905][ T29] audit: type=1326 audit(1725999493.661:575): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=32728 comm="syz.0.8817" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f617d37def9 code=0x0 [ 923.174653][T32280] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 923.202108][ T5332] usb 4-1: New USB device found, idVendor=20d6, idProduct=cb17, bcdDevice= 0.00 [ 923.211547][ T5332] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 923.222915][ T5332] usb 4-1: config 0 descriptor?? [ 923.228802][T32280] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 923.321780][ T29] audit: type=1400 audit(1725999493.841:576): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="," requested=w pid=32750 comm="syz.1.8818" daddr=fc02:: [ 923.359496][ T29] audit: type=1400 audit(1725999493.841:577): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="," requested=w pid=32750 comm="syz.1.8818" daddr=fc00:: [ 923.420591][T32280] hsr_slave_0: entered promiscuous mode [ 923.439931][T32280] hsr_slave_1: entered promiscuous mode [ 923.455703][T32280] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 923.485415][T32280] Cannot create hsr debugfs directory [ 923.678784][ T5332] hid-udraw 0003:20D6:CB17.0091: unknown main item tag 0x0 [ 923.739411][ T5332] input: THQ uDraw Game Tablet for PS3 Joypad as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:20D6:CB17.0091/input/input116 [ 923.791506][ T53] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 923.841190][ T5332] input: THQ uDraw Game Tablet for PS3 Touchpad as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:20D6:CB17.0091/input/input117 [ 923.938905][ T5332] input: THQ uDraw Game Tablet for PS3 Pen as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:20D6:CB17.0091/input/input118 [ 923.962164][ T5332] input: THQ uDraw Game Tablet for PS3 Accelerometer as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:20D6:CB17.0091/input/input119 [ 923.985809][ T5332] hid-udraw 0003:20D6:CB17.0091: hidraw0: USB HID v0.00 Device [HID 20d6:cb17] on usb-dummy_hcd.3-1/input0 [ 924.008418][ T5332] usb 4-1: USB disconnect, device number 81 [ 924.048506][ T53] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 924.238436][ T53] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 924.390995][ T53] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 924.670974][ T53] bridge_slave_1: left allmulticast mode [ 924.685616][ T53] bridge_slave_1: left promiscuous mode [ 924.691821][ T53] bridge0: port 2(bridge_slave_1) entered disabled state [ 924.702618][ T53] bridge_slave_0: left allmulticast mode [ 924.709041][ T53] bridge_slave_0: left promiscuous mode [ 924.714852][ T53] bridge0: port 1(bridge_slave_0) entered disabled state [ 925.772828][T21981] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 925.794605][T21981] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 925.807454][T21981] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 925.841447][T21981] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 925.883985][T21981] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 925.903706][T21981] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 926.750943][ T53] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 926.779507][ T53] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 926.813472][ T53] bond0 (unregistering): Released all slaves [ 926.957385][ T462] netlink: 'syz.0.8836': attribute type 9 has an invalid length. [ 926.992240][ T462] netlink: 61951 bytes leftover after parsing attributes in process `syz.0.8836'. [ 927.921776][T32280] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 927.981302][T32280] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 928.009927][ T55] Bluetooth: hci1: command tx timeout [ 928.118514][ T53] hsr_slave_0: left promiscuous mode [ 928.141429][ T53] hsr_slave_1: left promiscuous mode [ 928.161030][ T53] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 928.177196][ T53] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 928.194903][ T53] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 928.206318][ T53] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 928.294596][ T53] veth1_macvtap: left promiscuous mode [ 928.307471][ T53] veth0_macvtap: left promiscuous mode [ 928.313301][ T53] veth1_vlan: left promiscuous mode [ 928.326652][ T53] veth0_vlan: left promiscuous mode [ 928.685606][ T943] usb 2-1: new high-speed USB device number 97 using dummy_hcd [ 928.894115][ T943] usb 2-1: Using ep0 maxpacket: 16 [ 928.905300][ T943] usb 2-1: New USB device found, idVendor=061d, idProduct=c020, bcdDevice=9c.15 [ 928.926517][ T943] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 928.938185][ T943] usb 2-1: Product: syz [ 928.942419][ T943] usb 2-1: Manufacturer: syz [ 928.964345][ T943] usb 2-1: SerialNumber: syz [ 929.004757][ T943] usb 2-1: config 0 descriptor?? [ 929.016343][ T943] ssu100 2-1:0.0: Quatech SSU-100 USB to Serial Driver converter detected [ 929.296569][ T5332] usb 4-1: new full-speed USB device number 82 using dummy_hcd [ 929.505596][ T5332] usb 4-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 929.516712][ T5332] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 929.528256][ T5332] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 929.556842][ T5332] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 929.570635][ T5332] usb 4-1: New USB device found, idVendor=17ef, idProduct=6085, bcdDevice= 0.00 [ 929.603867][ T5332] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 929.624882][ T5332] usb 4-1: config 0 descriptor?? [ 930.032726][ T53] team0 (unregistering): Port device team_slave_1 removed [ 930.047425][ T943] ssu100 2-1:0.0: probe with driver ssu100 failed with error -71 [ 930.059313][ T943] usb 2-1: USB disconnect, device number 97 [ 930.097254][ T55] Bluetooth: hci1: command tx timeout [ 930.103205][ T5332] hid-rmi 0003:17EF:6085.0092: unknown main item tag 0x0 [ 930.111698][ T5332] hid-rmi 0003:17EF:6085.0092: unknown main item tag 0x0 [ 930.139471][ T5332] hid-rmi 0003:17EF:6085.0092: unknown main item tag 0x0 [ 930.147272][ T5332] hid-rmi 0003:17EF:6085.0092: unknown main item tag 0x0 [ 930.190613][ T5332] hid-rmi 0003:17EF:6085.0092: unknown main item tag 0x0 [ 930.208340][ T5332] hid-rmi 0003:17EF:6085.0092: hidraw0: USB HID v0.00 Device [HID 17ef:6085] on usb-dummy_hcd.3-1/input0 [ 930.252086][ T53] team0 (unregistering): Port device team_slave_0 removed [ 930.335574][ T5332] usb 4-1: USB disconnect, device number 82 [ 931.219644][ T586] input: syz0 as /devices/virtual/input/input120 [ 931.849327][ T1270] ieee802154 phy0 wpan0: encryption failed: -22 [ 932.089683][T32280] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 932.167711][ T55] Bluetooth: hci1: command tx timeout [ 932.193233][T32280] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 932.823402][ T439] chnl_net:caif_netlink_parms(): no params data found [ 933.522736][ T439] bridge0: port 1(bridge_slave_0) entered blocking state [ 933.541363][ T439] bridge0: port 1(bridge_slave_0) entered disabled state [ 933.555742][ T439] bridge_slave_0: entered allmulticast mode [ 933.570760][ T439] bridge_slave_0: entered promiscuous mode [ 933.648037][ T439] bridge0: port 2(bridge_slave_1) entered blocking state [ 933.655246][ T439] bridge0: port 2(bridge_slave_1) entered disabled state [ 933.687711][ T439] bridge_slave_1: entered allmulticast mode [ 933.705942][ T439] bridge_slave_1: entered promiscuous mode [ 933.814232][T32280] 8021q: adding VLAN 0 to HW filter on device bond0 [ 933.926214][ T439] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 933.984236][ T439] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 934.041063][ T818] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 934.165841][ T439] team0: Port device team_slave_0 added [ 934.188041][ T439] team0: Port device team_slave_1 added [ 934.246885][ T55] Bluetooth: hci1: command tx timeout [ 934.269658][T32280] 8021q: adding VLAN 0 to HW filter on device team0 [ 934.421193][ T439] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 934.446620][ T439] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 934.536532][ T439] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 934.577149][ T439] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 934.584158][ T439] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 934.664094][ T439] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 934.728270][ T53] bridge0: port 1(bridge_slave_0) entered blocking state [ 934.735527][ T53] bridge0: port 1(bridge_slave_0) entered forwarding state [ 934.973732][ T439] hsr_slave_0: entered promiscuous mode [ 935.012478][ T439] hsr_slave_1: entered promiscuous mode [ 935.047254][ T439] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 935.074718][ T439] Cannot create hsr debugfs directory [ 935.360736][ T963] bridge0: port 2(bridge_slave_1) entered blocking state [ 935.368078][ T963] bridge0: port 2(bridge_slave_1) entered forwarding state [ 935.503086][ T29] audit: type=1400 audit(1725999506.021:578): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="," requested=w pid=959 comm="syz.0.8875" daddr=ff01::1 dest=20000 [ 936.638104][T32280] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 936.815606][ T1062] overlayfs: upper fs does not support tmpfile. [ 936.949793][ T439] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 937.030651][ T439] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 937.079486][ T439] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 937.117364][ T439] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 937.567686][ T439] 8021q: adding VLAN 0 to HW filter on device bond0 [ 937.669302][ T439] 8021q: adding VLAN 0 to HW filter on device team0 [ 937.719659][T32280] veth0_vlan: entered promiscuous mode [ 937.778574][T23901] bridge0: port 1(bridge_slave_0) entered blocking state [ 937.785801][T23901] bridge0: port 1(bridge_slave_0) entered forwarding state [ 937.824215][T23901] bridge0: port 2(bridge_slave_1) entered blocking state [ 937.831460][T23901] bridge0: port 2(bridge_slave_1) entered forwarding state [ 937.880063][ T29] audit: type=1400 audit(1725999508.401:579): lsm=SMACK fn=smack_socket_sock_rcv_skb action=denied subject="," object="_" requested=w pid=1090 comm="syz.0.8889" saddr=fc01:: daddr=ff02::1 dest=3618 netif=wpan0 [ 937.932342][T32280] veth1_vlan: entered promiscuous mode [ 938.029160][ T439] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 938.120345][T32280] veth0_macvtap: entered promiscuous mode [ 938.163125][T32280] veth1_macvtap: entered promiscuous mode [ 938.279680][T32280] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 938.309020][T32280] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 938.327560][T32280] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 938.347546][T32280] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 938.393649][T32280] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 938.428936][T32280] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 938.452470][T32280] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 938.502192][T32280] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 938.546531][T32280] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 938.586527][T32280] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 938.628696][T32280] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 938.656576][T32280] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 938.710795][T32280] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 938.754927][T32280] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 938.776949][T32280] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 938.796515][T32280] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 938.826493][T32280] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 938.849154][T32280] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 938.888674][T32280] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 938.910776][T32280] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 938.956477][T32280] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 938.965258][T32280] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 939.179021][ T439] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 939.417827][ T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 939.457750][ T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 939.506892][ T29] audit: type=1400 audit(1725999510.021:580): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="," requested=w pid=1126 comm="syz.0.8898" daddr=fe80::aa dest=20000 [ 939.606794][ T5333] usb 2-1: new high-speed USB device number 98 using dummy_hcd [ 939.626912][ T439] veth0_vlan: entered promiscuous mode [ 939.661966][T23901] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 939.687434][T23901] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 939.690899][ T439] veth1_vlan: entered promiscuous mode [ 939.806511][ T29] audit: type=1400 audit(1725999510.321:581): lsm=SMACK fn=smack_socket_sock_rcv_skb action=denied subject="," object="_" requested=w pid=1132 comm="syz.0.8899" saddr=fe80::bb daddr=fe80::aa dest=20002 netif=wpan0 [ 939.822510][ T439] veth0_macvtap: entered promiscuous mode [ 939.855912][ T5333] usb 2-1: New USB device found, idVendor=0af0, idProduct=7a05, bcdDevice= 0.00 [ 939.875715][ T439] veth1_macvtap: entered promiscuous mode [ 939.885572][ T5333] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 939.887729][ T29] audit: type=1400 audit(1725999510.341:582): lsm=SMACK fn=smack_socket_sock_rcv_skb action=denied subject="," object="_" requested=w pid=1132 comm="syz.0.8899" saddr=fe80::bb daddr=fe80::aa dest=20002 netif=wpan0 [ 939.908328][ T5333] usb 2-1: Product: syz [ 939.947691][ T5333] usb 2-1: Manufacturer: syz [ 939.974163][ T5333] usb 2-1: SerialNumber: syz [ 940.006025][ T5333] usb 2-1: config 0 descriptor?? [ 940.165765][ T439] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 940.188690][ T439] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 940.226551][ T439] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 940.256619][ T439] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 940.284963][ T439] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 940.314025][ T5333] hso 2-1:0.0: Failed to find INT IN ep [ 940.336173][ T5333] usb-storage 2-1:0.0: USB Mass Storage device detected [ 940.346544][ T439] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 940.376591][ T439] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 940.409795][ T439] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 940.451808][ T439] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 940.507953][ T439] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 940.564869][ T29] audit: type=1400 audit(1725999511.061:583): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="," requested=w pid=1153 comm="syz.0.8902" daddr=::ffff:172.20.20.187 [ 940.596492][ T439] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 940.633773][ T439] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 940.667327][ T439] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 940.697347][ T439] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 940.736637][ T439] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 940.756956][ T439] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 940.789078][ T439] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 940.820522][ T439] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 940.846494][ T439] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 940.879012][ T439] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 940.911008][ T439] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 940.945127][ T439] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 941.037713][ T25] usb 2-1: USB disconnect, device number 98 [ 941.152269][T23875] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 941.279064][ T439] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 941.306831][ T439] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 941.315618][ T439] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 941.346494][ T439] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 941.475470][T23875] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 941.829305][T23875] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 941.867370][ T47] kernel write not supported for file /snd/seq (pid: 47 comm: kworker/1:1) [ 942.032268][T21981] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 942.048379][T21981] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 942.067541][T21981] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 942.080773][T23875] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 942.092323][T21981] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 942.102096][T21981] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 942.115750][T21981] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 942.292566][ T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 942.356502][ T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 942.367266][ T5333] usb 1-1: new high-speed USB device number 70 using dummy_hcd [ 942.500022][T14350] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 942.508483][T14350] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 942.586490][ T5333] usb 1-1: Using ep0 maxpacket: 32 [ 942.594041][ T5333] usb 1-1: config 0 has no interfaces? [ 942.617013][ T5333] usb 1-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 942.644547][ T5333] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 942.679338][ T5333] usb 1-1: config 0 descriptor?? [ 943.126998][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 943.660280][T23875] bridge_slave_1: left allmulticast mode [ 943.716786][T23875] bridge_slave_1: left promiscuous mode [ 943.722768][T23875] bridge0: port 2(bridge_slave_1) entered disabled state [ 943.828488][T23875] bridge_slave_0: left allmulticast mode [ 943.834205][T23875] bridge_slave_0: left promiscuous mode [ 943.903880][T23875] bridge0: port 1(bridge_slave_0) entered disabled state [ 944.175078][T21981] Bluetooth: hci3: command tx timeout [ 944.175283][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 944.646787][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 945.106899][ T5228] usb 1-1: USB disconnect, device number 70 [ 945.138171][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 945.781943][ T29] audit: type=1400 audit(1725999516.301:584): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="," requested=w pid=1277 comm="syz.1.8915" [ 946.246734][T21981] Bluetooth: hci3: command tx timeout [ 946.476217][ T55] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 946.490556][ T55] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 946.505606][ T55] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 946.533356][ T55] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 946.556304][ T55] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 946.567740][ T55] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 946.580030][ T1299] could not open pipe file descriptor [ 946.616870][T23875] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 946.688207][T23875] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 946.712722][T23875] bond0 (unregistering): Released all slaves [ 946.766051][ T1294] mac80211_hwsim hwsim28 wlan1: entered promiscuous mode [ 946.782521][ T1294] mac80211_hwsim hwsim28 wlan1: entered allmulticast mode [ 947.360026][ T1312] tun0: tun_chr_ioctl cmd 1074025675 [ 947.366063][ T1312] tun0: persist enabled [ 947.386132][ T1315] tun0: tun_chr_ioctl cmd 1074025675 [ 947.402354][ T1315] tun0: persist disabled [ 947.710285][T21981] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 947.724319][T21981] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 947.734737][T21981] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 947.761689][T21981] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 947.797091][T21981] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 947.808131][T21981] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 948.327930][ T55] Bluetooth: hci3: command tx timeout [ 948.333496][T23875] hsr_slave_0: left promiscuous mode [ 948.374804][T23875] hsr_slave_1: left promiscuous mode [ 948.395695][T23875] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 948.427360][T23875] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 948.457819][T23875] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 948.465321][T23875] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 948.535766][ T29] audit: type=1400 audit(1725999519.051:585): lsm=SMACK fn=smack_socket_sock_rcv_skb action=denied subject="," object="_" requested=w pid=1432 comm="syz.0.8930" saddr=fe80::bb daddr=fe80::aa dest=20002 netif=wpan0 [ 948.589702][T23875] veth1_macvtap: left promiscuous mode [ 948.595328][T23875] veth0_macvtap: left promiscuous mode [ 948.613051][T23875] veth1_vlan: left promiscuous mode [ 948.621151][T23875] veth0_vlan: left promiscuous mode [ 948.646725][ T55] Bluetooth: hci1: command tx timeout [ 948.938110][ T1437] netlink: 28 bytes leftover after parsing attributes in process `syz.0.8932'. [ 949.346049][ T29] audit: type=1400 audit(1725999519.861:586): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="," requested=w pid=1440 comm="syz.1.8933" daddr=::ffff:172.20.20.187 [ 949.852289][ T55] Bluetooth: hci7: command tx timeout [ 949.887630][ T943] usb 2-1: new high-speed USB device number 99 using dummy_hcd [ 950.076483][ T943] usb 2-1: Using ep0 maxpacket: 16 [ 950.089155][ T943] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 950.106747][ T943] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 950.127319][ T943] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 950.157331][ T943] usb 2-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice= 0.00 [ 950.173653][ T943] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 950.201384][ T943] usb 2-1: config 0 descriptor?? [ 950.408003][ T55] Bluetooth: hci3: command tx timeout [ 950.490762][T23875] team0 (unregistering): Port device team_slave_1 removed [ 950.592638][T23875] team0 (unregistering): Port device team_slave_0 removed [ 950.650788][ T943] shield 0003:0955:7214.0093: unknown main item tag 0x4 [ 950.681212][ T943] shield 0003:0955:7214.0093: unknown main item tag 0x0 [ 950.690092][ T943] shield 0003:0955:7214.0093: unknown main item tag 0x0 [ 950.699350][ T943] shield 0003:0955:7214.0093: unknown main item tag 0x0 [ 950.706363][ T943] shield 0003:0955:7214.0093: unknown main item tag 0x0 [ 950.735074][ T943] input: HID 0955:7214 Haptics as /devices/virtual/input/input121 [ 950.743975][ T55] Bluetooth: hci1: command tx timeout [ 950.793555][ T943] shield 0003:0955:7214.0093: Registered Thunderstrike controller [ 950.802301][ T943] shield 0003:0955:7214.0093: : USB HID v0.00 Device [HID 0955:7214] on usb-dummy_hcd.1-1/input0 [ 950.910363][T18996] shield 0003:0955:7214.0093: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO [ 950.950867][ T943] usb 2-1: USB disconnect, device number 99 [ 950.977572][T18996] shield 0003:0955:7214.0093: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV [ 950.995336][T18996] shield 0003:0955:7214.0093: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV [ 951.006938][T18996] shield 0003:0955:7214.0093: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV [ 951.936032][ T55] Bluetooth: hci7: command tx timeout [ 952.201071][ T1071] bridge0: port 1(syz_tun) entered disabled state [ 952.305199][ T1071] syz_tun (unregistering): left allmulticast mode [ 952.328834][ T1071] syz_tun (unregistering): left promiscuous mode [ 952.337410][ T1071] bridge0: port 1(syz_tun) entered disabled state [ 952.379720][ T1178] chnl_net:caif_netlink_parms(): no params data found [ 952.807889][ T55] Bluetooth: hci1: command tx timeout [ 953.023311][ T1178] bridge0: port 1(bridge_slave_0) entered blocking state [ 953.056602][ T1178] bridge0: port 1(bridge_slave_0) entered disabled state [ 953.086849][ T1178] bridge_slave_0: entered allmulticast mode [ 953.094526][ T1178] bridge_slave_0: entered promiscuous mode [ 953.164878][ T1178] bridge0: port 2(bridge_slave_1) entered blocking state [ 953.184231][ T1178] bridge0: port 2(bridge_slave_1) entered disabled state [ 953.193503][ T1178] bridge_slave_1: entered allmulticast mode [ 953.201671][ T1178] bridge_slave_1: entered promiscuous mode [ 953.355500][ T1178] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 953.561106][ T1178] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 953.907945][ T1178] team0: Port device team_slave_0 added [ 953.943741][ T1178] team0: Port device team_slave_1 added [ 954.016648][ T55] Bluetooth: hci7: command tx timeout [ 954.072839][T14350] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 954.301001][T14350] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 954.427673][ T1178] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 954.435072][ T1178] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 954.496659][ T1178] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 954.508671][ T1293] chnl_net:caif_netlink_parms(): no params data found [ 954.546809][ T1341] chnl_net:caif_netlink_parms(): no params data found [ 954.648441][ T29] audit: type=1400 audit(1725999525.171:587): lsm=SMACK fn=smack_socket_sock_rcv_skb action=denied subject="," object="_" requested=w pid=1847 comm="syz.0.8953" saddr=9eda:ce00::21:0:2 daddr=ff02::1 netif=wpan0 [ 954.679496][T14350] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 954.728233][ T1839] bridge0: port 4(gretap0) entered blocking state [ 954.742177][ T1839] bridge0: port 4(gretap0) entered disabled state [ 954.752648][ T1839] gretap0: entered allmulticast mode [ 954.764999][ T1839] gretap0: left allmulticast mode [ 954.771496][ T1178] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 954.778947][ T1178] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 954.805825][ T1178] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 954.887393][ T55] Bluetooth: hci1: command tx timeout [ 955.122753][T14350] team0: Port device netdevsim0 removed [ 955.153260][T14350] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 955.198740][ T29] audit: type=1400 audit(1725999525.721:588): lsm=SMACK fn=smack_socket_sock_rcv_skb action=denied subject="," object="_" requested=w pid=1879 comm="syz.0.8957" saddr=fe80::bb daddr=fe80::aa dest=20002 netif=wpan0 [ 955.255958][ T29] audit: type=1400 audit(1725999525.741:589): lsm=SMACK fn=smack_socket_sock_rcv_skb action=denied subject="," object="_" requested=w pid=1879 comm="syz.0.8957" saddr=fe80::bb daddr=fe80::aa dest=20002 netif=wpan0 [ 955.429342][ T1178] hsr_slave_0: entered promiscuous mode [ 955.468975][ T1178] hsr_slave_1: entered promiscuous mode [ 955.496686][ T1178] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 955.504363][ T1178] Cannot create hsr debugfs directory [ 955.818767][ T1341] bridge0: port 1(bridge_slave_0) entered blocking state [ 955.826930][ T1341] bridge0: port 1(bridge_slave_0) entered disabled state [ 955.834357][ T1341] bridge_slave_0: entered allmulticast mode [ 955.844811][ T1341] bridge_slave_0: entered promiscuous mode [ 955.914329][ T1293] bridge0: port 1(bridge_slave_0) entered blocking state [ 955.921943][ T1293] bridge0: port 1(bridge_slave_0) entered disabled state [ 955.930816][ T1293] bridge_slave_0: entered allmulticast mode [ 955.948346][ T1293] bridge_slave_0: entered promiscuous mode [ 955.968522][ T1293] bridge0: port 2(bridge_slave_1) entered blocking state [ 955.987618][ T1293] bridge0: port 2(bridge_slave_1) entered disabled state [ 955.994946][ T1293] bridge_slave_1: entered allmulticast mode [ 956.027536][ T1293] bridge_slave_1: entered promiscuous mode [ 956.037656][ T1341] bridge0: port 2(bridge_slave_1) entered blocking state [ 956.055353][ T1341] bridge0: port 2(bridge_slave_1) entered disabled state [ 956.077868][ T1341] bridge_slave_1: entered allmulticast mode [ 956.086627][ T55] Bluetooth: hci7: command tx timeout [ 956.092255][ T1341] bridge_slave_1: entered promiscuous mode [ 956.463179][ T1293] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 956.478878][ T1341] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 956.497497][ T1341] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 956.531199][ T1293] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 956.666211][T14350] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 956.708310][ T5333] usb 1-1: new high-speed USB device number 71 using dummy_hcd [ 956.914445][ T5333] usb 1-1: Using ep0 maxpacket: 32 [ 956.939785][ T5333] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11 [ 956.962979][ T5333] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 59391, setting to 1024 [ 956.974646][ T5333] usb 1-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 956.994368][ T5333] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 957.009646][ T5333] usb 1-1: config 0 descriptor?? [ 957.016098][ T2099] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 957.033210][T14350] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 957.045256][ T5333] hub 1-1:0.0: USB hub found [ 957.222881][ T1341] team0: Port device team_slave_0 added [ 957.241310][ T1341] team0: Port device team_slave_1 added [ 957.270566][ T5333] hub 1-1:0.0: 2 ports detected [ 957.287953][ T5333] hub 1-1:0.0: insufficient power available to use all downstream ports [ 957.373629][T14350] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 957.408687][ T1293] team0: Port device team_slave_0 added [ 957.477364][ T5333] hub 1-1:0.0: hub_hub_status failed (err = -71) [ 957.494088][ T5333] hub 1-1:0.0: config failed, can't get hub status (err -71) [ 957.531075][ T5333] usbhid 1-1:0.0: can't add hid device: -71 [ 957.546100][T14350] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 957.556828][ T5333] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 957.585997][ T1293] team0: Port device team_slave_1 added [ 957.603476][ T5333] usb 1-1: USB disconnect, device number 71 [ 957.648907][ T5332] usb 2-1: new high-speed USB device number 100 using dummy_hcd [ 957.778280][ T1341] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 957.785341][ T1341] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 957.813822][ T1341] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 957.828463][ T1341] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 957.835448][ T1341] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 957.874193][ T5332] usb 2-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 957.894864][ T5332] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 957.906231][ T5332] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 957.918004][ T1341] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 957.929710][ T5332] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 957.966574][ T5332] usb 2-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 957.985671][ T5332] usb 2-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 957.994205][ T5332] usb 2-1: Manufacturer: syz [ 958.019390][ T5332] usb 2-1: config 0 descriptor?? [ 958.140032][ T1293] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 958.167162][ T1293] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 958.193666][ C0] vkms_vblank_simulate: vblank timer overrun [ 958.244567][ T943] hid-generic 0000:0000:0000.0094: unknown main item tag 0x0 [ 958.264173][ T943] hid-generic 0000:0000:0000.0094: unknown main item tag 0x0 [ 958.272451][ T1293] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 958.294964][ T943] hid-generic 0000:0000:0000.0094: unknown main item tag 0x0 [ 958.305585][ T1293] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 958.316876][ T943] hid-generic 0000:0000:0000.0094: unknown main item tag 0x0 [ 958.337408][ T1293] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 958.371082][ T943] hid-generic 0000:0000:0000.0094: hidraw0: HID v0.00 Device [syz0] on syz0 [ 958.393193][ T1293] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 958.490946][ T5332] appleir 0003:05AC:8243.0095: unknown main item tag 0x0 [ 958.512268][ T5332] appleir 0003:05AC:8243.0095: No inputs registered, leaving [ 958.538108][ T5228] usb 1-1: new high-speed USB device number 72 using dummy_hcd [ 958.538519][ T5332] appleir 0003:05AC:8243.0095: hiddev0,hidraw1: USB HID v0.00 Device [syz] on usb-dummy_hcd.1-1/input0 [ 958.570985][ T1341] hsr_slave_0: entered promiscuous mode [ 958.584922][ T1341] hsr_slave_1: entered promiscuous mode [ 958.591799][ T1341] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 958.600372][ T1341] Cannot create hsr debugfs directory [ 958.741200][ T5228] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 958.761077][ T5228] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 958.778226][ T5228] usb 1-1: Product: syz [ 958.782725][ T5228] usb 1-1: Manufacturer: syz [ 958.812285][ T5228] usb 1-1: SerialNumber: syz [ 958.844905][ T5228] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 958.862575][ T5332] usb 2-1: USB disconnect, device number 100 [ 958.941952][ T1293] hsr_slave_0: entered promiscuous mode [ 958.958075][ T1293] hsr_slave_1: entered promiscuous mode [ 958.973146][ T1293] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 958.981584][ T1293] Cannot create hsr debugfs directory [ 959.055265][T26681] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 959.092537][T14350] bridge_slave_1: left allmulticast mode [ 959.107575][T14350] bridge_slave_1: left promiscuous mode [ 959.116628][T14350] bridge0: port 2(bridge_slave_1) entered disabled state [ 959.131971][T14350] bridge_slave_0: left allmulticast mode [ 959.139404][T14350] bridge_slave_0: left promiscuous mode [ 959.147627][T14350] bridge0: port 1(bridge_slave_0) entered disabled state [ 960.335367][T14350] ip6gretap0 (unregistering): left promiscuous mode [ 960.533508][ T29] audit: type=1400 audit(1725999531.061:590): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="," requested=w pid=2490 comm="syz.0.8970" daddr=fc01:: dest=20002 [ 968.972405][T26681] ath9k_htc 1-1:1.0: ath9k_htc: Target is unresponsive [ 971.288221][T21981] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 971.294160][T21981] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 971.295512][T21981] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 971.297709][T21981] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 971.299595][T21981] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 971.300059][T21981] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 972.487948][ T55] Bluetooth: hci8: unexpected cc 0x0c03 length: 249 > 1 [ 972.491575][ T55] Bluetooth: hci8: unexpected cc 0x1003 length: 249 > 9 [ 972.492811][ T55] Bluetooth: hci8: unexpected cc 0x1001 length: 249 > 9 [ 972.498841][ T55] Bluetooth: hci8: unexpected cc 0x0c23 length: 249 > 4 [ 972.500368][ T55] Bluetooth: hci8: unexpected cc 0x0c25 length: 249 > 3 [ 972.500789][ T55] Bluetooth: hci8: unexpected cc 0x0c38 length: 249 > 2 [ 973.376652][T21981] Bluetooth: hci2: command tx timeout [ 975.458407][T21981] Bluetooth: hci2: command tx timeout [ 977.536648][T21981] Bluetooth: hci2: command tx timeout [ 979.610693][T21981] Bluetooth: hci2: command tx timeout [ 993.537383][ T1270] ieee802154 phy0 wpan0: encryption failed: -22 [ 996.497124][ T19] rcu: INFO: rcu_preempt detected expedited stalls on CPUs/tasks: { 0-.... } 2631 jiffies s: 53617 root: 0x1/. [ 996.497191][ T19] rcu: blocking rcu_node structures (internal RCU debug): [ 996.497211][ T19] Sending NMI from CPU 1 to CPUs 0: [ 996.497247][ C0] NMI backtrace for cpu 0 [ 996.497263][ C0] CPU: 0 UID: 0 PID: 26681 Comm: kworker/0:4 Not tainted 6.11.0-rc7-syzkaller-00020-g8d8d276ba2fb #0 [ 996.497285][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 996.497297][ C0] Workqueue: events request_firmware_work_func [ 996.497327][ C0] RIP: 0010:unwind_next_frame+0x8e0/0x2a00 [ 996.497357][ C0] Code: 48 83 c5 10 e9 da 06 00 00 83 fd 04 0f 84 6c 01 00 00 83 fd 05 0f 85 ff 02 00 00 e8 3a 5c 52 00 48 8b 44 24 58 42 80 3c 28 00 <74> 08 48 89 df e8 66 7f b6 00 48 8b 33 48 8b 54 24 18 48 8d 5a 01 [ 996.497373][ C0] RSP: 0018:ffffc90000006a40 EFLAGS: 00000046 [ 996.497387][ C0] RAX: 1ffff92000000d77 RBX: ffffc90000006bb8 RCX: ffff88802dda3c00 [ 996.497403][ C0] RDX: 0000000000010100 RSI: ffffffff8e5a3da0 RDI: 0000000000000005 [ 996.497415][ C0] RBP: 0000000000000005 R08: 0000000000000005 R09: ffffffff81412f0e [ 996.497427][ C0] R10: 0000000000000008 R11: ffff88802dda3c00 R12: ffffffff900778e0 [ 996.497440][ C0] R13: dffffc0000000000 R14: ffffc90000006bd0 R15: 1ffff92000000d70 [ 996.497454][ C0] FS: 0000000000000000(0000) GS:ffff8880b8800000(0000) knlGS:0000000000000000 [ 996.497469][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 996.497483][ C0] CR2: 0000001b31113ff8 CR3: 000000000e534000 CR4: 00000000003526f0 [ 996.497499][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 996.497510][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 996.497522][ C0] Call Trace: [ 996.497529][ C0] [ 996.497538][ C0] ? nmi_cpu_backtrace+0x3c2/0x4d0 [ 996.497563][ C0] ? __pfx_lock_acquire+0x10/0x10 [ 996.497591][ C0] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 996.497614][ C0] ? nmi_handle+0x2a/0x5a0 [ 996.497643][ C0] ? nmi_cpu_backtrace_handler+0xc/0x20 [ 996.497666][ C0] ? nmi_handle+0x14f/0x5a0 [ 996.497683][ C0] ? nmi_handle+0x2a/0x5a0 [ 996.497702][ C0] ? unwind_next_frame+0x8e0/0x2a00 [ 996.497728][ C0] ? default_do_nmi+0x63/0x160 [ 996.497754][ C0] ? exc_nmi+0x123/0x1f0 [ 996.497777][ C0] ? end_repeat_nmi+0xf/0x53 [ 996.497804][ C0] ? unwind_next_frame+0x7be/0x2a00 [ 996.497835][ C0] ? unwind_next_frame+0x8e0/0x2a00 [ 996.497862][ C0] ? unwind_next_frame+0x8e0/0x2a00 [ 996.497890][ C0] ? unwind_next_frame+0x8e0/0x2a00 [ 996.497917][ C0] [ 996.497924][ C0] [ 996.497937][ C0] ? get_stack_info_noinstr+0x47/0x130 [ 996.497960][ C0] ? __unwind_start+0x2bc/0x7c0 [ 996.497987][ C0] ? get_stack_info+0x102/0x180 [ 996.498014][ C0] __unwind_start+0x641/0x7c0 [ 996.498044][ C0] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 996.498067][ C0] arch_stack_walk+0x103/0x1b0 [ 996.498090][ C0] ? __unwind_start+0x2bc/0x7c0 [ 996.498120][ C0] stack_trace_save+0x118/0x1d0 [ 996.498142][ C0] ? __read_once_word_nocheck+0x9/0x20 [ 996.498169][ C0] ? __pfx_stack_trace_save+0x10/0x10 [ 996.498192][ C0] ? validate_chain+0x11e/0x5900 [ 996.498213][ C0] ? mark_lock+0x9a/0x350 [ 996.498246][ C0] kasan_save_track+0x3f/0x80 [ 996.498302][ C0] __kasan_kmalloc+0x98/0xb0 [ 996.498322][ C0] ? dummy_urb_enqueue+0x7d/0x760 [ 996.498343][ C0] __kmalloc_cache_noprof+0x19c/0x2c0 [ 996.498374][ C0] dummy_urb_enqueue+0x7d/0x760 [ 996.498399][ C0] usb_hcd_submit_urb+0x36c/0x1e80 [ 996.498433][ C0] ? __pfx_usb_hcd_submit_urb+0x10/0x10 [ 996.498458][ C0] ? do_raw_spin_unlock+0x13c/0x8b0 [ 996.498480][ C0] ? _raw_spin_lock_irqsave+0xe1/0x120 [ 996.498510][ C0] ? usb_submit_urb+0xe85/0x1930 [ 996.498530][ C0] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 996.498565][ C0] ath9k_hif_usb_rx_cb+0x11a3/0x1500 [ 996.498586][ C0] ? __usb_hcd_giveback_urb+0x2a6/0x6e0 [ 996.498614][ C0] ? __pfx_lock_release+0x10/0x10 [ 996.498643][ C0] ? do_raw_spin_unlock+0x13c/0x8b0 [ 996.498665][ C0] ? __pfx_ath9k_hif_usb_rx_cb+0x10/0x10 [ 996.498684][ C0] ? _raw_spin_lock_irqsave+0xe1/0x120 [ 996.498713][ C0] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 996.498741][ C0] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 996.498771][ C0] ? usb_unanchor_urb+0x7d/0xc0 [ 996.498792][ C0] __usb_hcd_giveback_urb+0x42c/0x6e0 [ 996.498822][ C0] ? __pfx___usb_hcd_giveback_urb+0x10/0x10 [ 996.498851][ C0] ? do_raw_spin_unlock+0x13c/0x8b0 [ 996.498878][ C0] dummy_timer+0x830/0x45a0 [ 996.498904][ C0] ? __pfx_lock_release+0x10/0x10 [ 996.498942][ C0] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 996.498970][ C0] ? __hrtimer_run_queues+0x477/0xd50 [ 996.498990][ C0] ? __pfx_lock_release+0x10/0x10 [ 996.499019][ C0] ? do_raw_spin_unlock+0x13c/0x8b0 [ 996.499047][ C0] ? __pfx_dummy_timer+0x10/0x10 [ 996.499072][ C0] ? __pfx_dummy_timer+0x10/0x10 [ 996.499092][ C0] __hrtimer_run_queues+0x59b/0xd50 [ 996.499124][ C0] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 996.499147][ C0] ? ktime_get_update_offsets_now+0x22d/0x250 [ 996.499177][ C0] hrtimer_interrupt+0x396/0x990 [ 996.499212][ C0] __sysvec_apic_timer_interrupt+0x110/0x3f0 [ 996.499247][ C0] sysvec_apic_timer_interrupt+0x52/0xc0 [ 996.499276][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 996.499299][ C0] RIP: 0010:__sanitizer_cov_trace_const_cmp8+0x8/0x90 [ 996.499325][ C0] Code: 44 0a 20 c3 cc cc cc cc 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 4c 8b 04 24 <65> 48 8b 0c 25 c0 d6 03 00 65 8b 05 70 45 70 7e 25 00 01 ff 00 74 [ 996.499340][ C0] RSP: 0018:ffffc90000007a98 EFLAGS: 00000293 [ 996.499354][ C0] RAX: 0000000000000100 RBX: 00000010c6f7a0b5 RCX: ffff88802dda3c00 [ 996.499367][ C0] RDX: ffff88802dda3c00 RSI: 0000000000000000 RDI: 00000010c6f7a0b5 [ 996.499379][ C0] RBP: 0019999999999998 R08: ffffffff89b5bdf3 R09: fffff52000000f58 [ 996.499393][ C0] R10: dffffc0000000000 R11: fffff52000000f58 R12: 0000000225c17d04 [ 996.499406][ C0] R13: 0000000000000000 R14: 00000015798ee228 R15: 1ffff11005a42c63 [ 996.499423][ C0] ? pie_calculate_probability+0x293/0x820 [ 996.499455][ C0] pie_calculate_probability+0x293/0x820 [ 996.499491][ C0] fq_pie_timer+0x26d/0x590 [ 996.499516][ C0] ? fq_pie_timer+0x4d/0x590 [ 996.499547][ C0] call_timer_fn+0x18e/0x650 [ 996.499575][ C0] ? call_timer_fn+0xc0/0x650 [ 996.499600][ C0] ? __pfx_fq_pie_timer+0x10/0x10 [ 996.499626][ C0] ? __pfx_call_timer_fn+0x10/0x10 [ 996.499656][ C0] ? __pfx_fq_pie_timer+0x10/0x10 [ 996.499683][ C0] ? __pfx_fq_pie_timer+0x10/0x10 [ 996.499709][ C0] ? __pfx_fq_pie_timer+0x10/0x10 [ 996.499734][ C0] ? _raw_spin_unlock_irq+0x23/0x50 [ 996.499759][ C0] ? lockdep_hardirqs_on+0x99/0x150 [ 996.499777][ C0] ? __pfx_fq_pie_timer+0x10/0x10 [ 996.499804][ C0] __run_timer_base+0x66a/0x8e0 [ 996.499837][ C0] ? __pfx___run_timer_base+0x10/0x10 [ 996.499873][ C0] run_timer_softirq+0xb7/0x170 [ 996.499899][ C0] handle_softirqs+0x2c4/0x970 [ 996.499926][ C0] ? __irq_exit_rcu+0xf4/0x1c0 [ 996.499952][ C0] ? __pfx_handle_softirqs+0x10/0x10 [ 996.499979][ C0] ? irqtime_account_irq+0xd4/0x1e0 [ 996.500008][ C0] __irq_exit_rcu+0xf4/0x1c0 [ 996.500031][ C0] ? __pfx___irq_exit_rcu+0x10/0x10 [ 996.500062][ C0] irq_exit_rcu+0x9/0x30 [ 996.500083][ C0] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 996.500111][ C0] [ 996.500117][ C0] [ 996.500125][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 996.500148][ C0] RIP: 0010:format_decode+0x6c6/0x1bb0 [ 996.500171][ C0] Code: 4c 24 18 80 e1 07 38 c1 7c a9 be 08 00 00 00 48 8b 7c 24 18 e8 4b 65 4d f6 eb 98 e8 b4 40 e9 f5 48 8b 5c 24 40 e9 4a 09 00 00 <48> 8b 44 24 30 42 80 3c 30 00 74 0d 48 8d bc 24 80 00 00 00 e8 c1 [ 996.500186][ C0] RSP: 0018:ffffc9000914eb20 EFLAGS: 00000212 [ 996.500200][ C0] RAX: 0000000000000000 RBX: 0000000000000035 RCX: ffff88802dda3c00 [ 996.500212][ C0] RDX: 0000000000000005 RSI: ffffffff8fde5e60 RDI: 0000000000000035 [ 996.500230][ C0] RBP: ffffc9000914ec10 R08: 0000000000000001 R09: ffffffff8baa4aaa [ 996.500243][ C0] R10: 0000000000000005 R11: ffff88802dda3c00 R12: ffffffff8beb9ac2 [ 996.500256][ C0] R13: ffffffff8beb9ac2 R14: dffffc0000000000 R15: 1ffffffff17d7358 [ 996.500275][ C0] ? format_decode+0x5ba/0x1bb0 [ 996.500311][ C0] ? __pfx_format_decode+0x10/0x10 [ 996.500336][ C0] ? vsnprintf+0x948/0x1da0 [ 996.500362][ C0] vsnprintf+0x14f/0x1da0 [ 996.500390][ C0] ? __pfx_vsnprintf+0x10/0x10 [ 996.500420][ C0] sprintf+0xda/0x120 [ 996.500447][ C0] ? __pfx_sprintf+0x10/0x10 [ 996.500477][ C0] ? serial8250_console_write+0xdc6/0x1770 [ 996.500504][ C0] ? do_raw_spin_lock+0x14f/0x370 [ 996.500525][ C0] ? __pfx_lock_release+0x10/0x10 [ 996.500552][ C0] info_print_prefix+0x16b/0x310 [ 996.500579][ C0] ? __pfx_info_print_prefix+0x10/0x10 [ 996.500609][ C0] printk_get_next_message+0x6da/0xbe0 [ 996.500637][ C0] ? __pfx_printk_get_next_message+0x10/0x10 [ 996.500662][ C0] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 996.500689][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 996.500729][ C0] ? console_flush_all+0x3a8/0xfd0 [ 996.500753][ C0] console_flush_all+0x410/0xfd0 [ 996.500777][ C0] ? console_flush_all+0x152/0xfd0 [ 996.500805][ C0] ? __pfx_console_flush_all+0x10/0x10 [ 996.500828][ C0] ? __pfx_lock_acquire+0x10/0x10 [ 996.500855][ C0] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 996.500885][ C0] console_unlock+0x13b/0x4d0 [ 996.500908][ C0] ? __pfx_console_unlock+0x10/0x10 [ 996.500925][ C0] ? dev_vprintk_emit+0x2ae/0x330 [ 996.500942][ C0] ? dev_vprintk_emit+0x2ae/0x330 [ 996.500959][ C0] ? __pfx___down_trylock_console_sem+0x10/0x10 [ 996.500991][ C0] vprintk_emit+0x5dc/0x7c0 [ 996.501011][ C0] ? __pfx_vprintk_emit+0x10/0x10 [ 996.501030][ C0] ? __pfx_snprintf+0x10/0x10 [ 996.501057][ C0] ? read_word_at_a_time+0xe/0x20 [ 996.501076][ C0] ? sized_strscpy+0x8d/0x220 [ 996.501098][ C0] dev_vprintk_emit+0x2ae/0x330 [ 996.501117][ C0] ? __pfx_dev_vprintk_emit+0x10/0x10 [ 996.501157][ C0] dev_printk_emit+0xdd/0x120 [ 996.501176][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 996.501200][ C0] ? _raw_spin_lock_irq+0xdf/0x120 [ 996.501232][ C0] ? __pfx_dev_printk_emit+0x10/0x10 [ 996.501251][ C0] ? lockdep_hardirqs_on+0x99/0x150 [ 996.501270][ C0] ? _raw_spin_unlock_irq+0x2e/0x50 [ 996.501296][ C0] ? __dev_printk+0x137/0x1a0 [ 996.501319][ C0] _dev_err+0x122/0x170 [ 996.501338][ C0] ? ath9k_htc_wait_for_target+0xc2/0x160 [ 996.501367][ C0] ? __pfx__dev_err+0x10/0x10 [ 996.501384][ C0] ? __pfx_wait_for_completion_timeout+0x10/0x10 [ 996.501407][ C0] ? ieee80211_roc_setup+0x119/0x1d0 [ 996.501427][ C0] ? ieee80211_alloc_hw_nm+0x1835/0x1ea0 [ 996.501457][ C0] ath9k_htc_wait_for_target+0x132/0x160 [ 996.501489][ C0] ath9k_htc_probe_device+0x1a5/0x2240 [ 996.501526][ C0] ? lockdep_hardirqs_on+0x99/0x150 [ 996.501544][ C0] ? __pfx_ath9k_htc_probe_device+0x10/0x10 [ 996.501572][ C0] ? usb_submit_urb+0x10e4/0x1930 [ 996.501597][ C0] ? usb_free_urb+0x9f/0x120 [ 996.501616][ C0] ? ath9k_hif_usb_alloc_urbs+0x1003/0x10f0 [ 996.501641][ C0] ath9k_htc_hw_init+0x34/0x80 [ 996.501660][ C0] ath9k_hif_usb_firmware_cb+0x255/0x4b0 [ 996.501685][ C0] ? __pfx_ath9k_hif_usb_firmware_cb+0x10/0x10 [ 996.501705][ C0] request_firmware_work_func+0x1a4/0x280 [ 996.501733][ C0] ? __pfx_request_firmware_work_func+0x10/0x10 [ 996.501762][ C0] ? process_scheduled_works+0x945/0x1830 [ 996.501786][ C0] process_scheduled_works+0xa2c/0x1830 [ 996.501829][ C0] ? __pfx_process_scheduled_works+0x10/0x10 [ 996.501859][ C0] ? assign_work+0x364/0x3d0 [ 996.501886][ C0] worker_thread+0x86d/0xd10 [ 996.501916][ C0] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 996.501946][ C0] ? __kthread_parkme+0x169/0x1d0 [ 996.501974][ C0] ? __pfx_worker_thread+0x10/0x10 [ 996.501998][ C0] kthread+0x2f0/0x390 [ 996.502025][ C0] ? __pfx_worker_thread+0x10/0x10 [ 996.502049][ C0] ? __pfx_kthread+0x10/0x10 [ 996.502076][ C0] ret_from_fork+0x4b/0x80 [ 996.502100][ C0] ? __pfx_kthread+0x10/0x10 [ 996.502127][ C0] ret_from_fork_asm+0x1a/0x30 [ 996.502163][ C0] [ 1003.175303][ T5229] Bluetooth: hci9: unexpected cc 0x0c03 length: 249 > 1 [ 1003.183121][ T5229] Bluetooth: hci9: unexpected cc 0x1003 length: 249 > 9 [ 1003.184442][ T5229] Bluetooth: hci9: unexpected cc 0x1001 length: 249 > 9 [ 1003.186515][ T5229] Bluetooth: hci9: unexpected cc 0x0c23 length: 249 > 4 [ 1003.187319][ T5229] Bluetooth: hci9: unexpected cc 0x0c25 length: 249 > 3 [ 1003.187736][ T5229] Bluetooth: hci9: unexpected cc 0x0c38 length: 249 > 2 [ 1008.449940][ T2523] Bluetooth: hci10: unexpected cc 0x0c03 length: 249 > 1 [ 1008.454386][ T2523] Bluetooth: hci10: unexpected cc 0x1003 length: 249 > 9 [ 1008.457875][ T2523] Bluetooth: hci10: unexpected cc 0x1001 length: 249 > 9 [ 1008.459816][ T2523] Bluetooth: hci10: unexpected cc 0x0c23 length: 249 > 4 [ 1008.460604][ T2523] Bluetooth: hci10: unexpected cc 0x0c25 length: 249 > 3 [ 1008.466915][ T2523] Bluetooth: hci10: unexpected cc 0x0c38 length: 249 > 2 [ 1009.670874][ T2530] Bluetooth: hci11: unexpected cc 0x0c03 length: 249 > 1 [ 1009.687064][ T2530] Bluetooth: hci11: unexpected cc 0x1003 length: 249 > 9 [ 1009.691129][ T2530] Bluetooth: hci11: unexpected cc 0x1001 length: 249 > 9 [ 1009.692418][ T2530] Bluetooth: hci11: unexpected cc 0x0c23 length: 249 > 4 [ 1009.693230][ T2530] Bluetooth: hci11: unexpected cc 0x0c25 length: 249 > 3 [ 1009.693636][ T2530] Bluetooth: hci11: unexpected cc 0x0c38 length: 249 > 2 [ 1031.892063][ T2540] Bluetooth: hci12: unexpected cc 0x0c03 length: 249 > 1 [ 1031.903879][ T2540] Bluetooth: hci12: unexpected cc 0x1003 length: 249 > 9 [ 1031.933267][ T2540] Bluetooth: hci12: unexpected cc 0x1001 length: 249 > 9 [ 1031.938320][ T2540] Bluetooth: hci12: unexpected cc 0x0c23 length: 249 > 4 [ 1031.939169][ T2540] Bluetooth: hci12: unexpected cc 0x0c25 length: 249 > 3 [ 1031.939600][ T2540] Bluetooth: hci12: unexpected cc 0x0c38 length: 249 > 2 [ 1033.339818][ T2545] Bluetooth: hci13: unexpected cc 0x0c03 length: 249 > 1 [ 1033.358293][ T2545] Bluetooth: hci13: unexpected cc 0x1003 length: 249 > 9 [ 1033.360069][ T2545] Bluetooth: hci13: unexpected cc 0x1001 length: 249 > 9 [ 1033.361358][ T2545] Bluetooth: hci13: unexpected cc 0x0c23 length: 249 > 4 [ 1033.362994][ T2545] Bluetooth: hci13: unexpected cc 0x0c25 length: 249 > 3 [ 1033.363422][ T2545] Bluetooth: hci13: unexpected cc 0x0c38 length: 249 > 2 [ 1034.413641][ C0] hrtimer: interrupt took 9450445 ns [ 1055.032542][ T1270] ieee802154 phy0 wpan0: encryption failed: -22 [ 1064.490638][ T2553] Bluetooth: hci14: unexpected cc 0x0c03 length: 249 > 1 [ 1064.495566][ T2553] Bluetooth: hci14: unexpected cc 0x1003 length: 249 > 9 [ 1064.497212][ T2553] Bluetooth: hci14: unexpected cc 0x1001 length: 249 > 9 [ 1064.499858][ T2553] Bluetooth: hci14: unexpected cc 0x0c23 length: 249 > 4 [ 1064.500636][ T2553] Bluetooth: hci14: unexpected cc 0x0c25 length: 249 > 3 [ 1064.501035][ T2553] Bluetooth: hci14: unexpected cc 0x0c38 length: 249 > 2 [ 1067.067340][ T2557] Bluetooth: hci3: command 0x0406 tx timeout [ 1070.883591][ T2564] Bluetooth: hci15: unexpected cc 0x0c03 length: 249 > 1 [ 1070.890318][ T2564] Bluetooth: hci15: unexpected cc 0x1003 length: 249 > 9 [ 1070.891673][ T2564] Bluetooth: hci15: unexpected cc 0x1001 length: 249 > 9 [ 1070.893811][ T2564] Bluetooth: hci15: unexpected cc 0x0c23 length: 249 > 4 [ 1070.894639][ T2564] Bluetooth: hci15: unexpected cc 0x0c25 length: 249 > 3 [ 1070.895074][ T2564] Bluetooth: hci15: unexpected cc 0x0c38 length: 249 > 2 [ 1072.005849][ T2571] Bluetooth: hci16: unexpected cc 0x0c03 length: 249 > 1 [ 1072.011282][ T2571] Bluetooth: hci16: unexpected cc 0x1003 length: 249 > 9 [ 1072.018096][ T2571] Bluetooth: hci16: unexpected cc 0x1001 length: 249 > 9 [ 1072.027515][ T2571] Bluetooth: hci16: unexpected cc 0x0c23 length: 249 > 4 [ 1072.030048][ T2571] Bluetooth: hci16: unexpected cc 0x0c25 length: 249 > 3 [ 1072.030502][ T2571] Bluetooth: hci16: unexpected cc 0x0c38 length: 249 > 2 [ 1072.183052][ T2571] Bluetooth: hci1: command 0x0406 tx timeout [ 1072.259593][ T2571] Bluetooth: hci7: command 0x0406 tx timeout [ 1080.363679][ T19] rcu: INFO: rcu_preempt detected expedited stalls on CPUs/tasks: { 0-.... } 11017 jiffies s: 53617 root: 0x1/. [ 1080.363743][ T19] rcu: blocking rcu_node structures (internal RCU debug): [ 1080.363763][ T19] Sending NMI from CPU 1 to CPUs 0: [ 1080.363800][ C0] NMI backtrace for cpu 0 [ 1080.363817][ C0] CPU: 0 UID: 0 PID: 26681 Comm: kworker/0:4 Not tainted 6.11.0-rc7-syzkaller-00020-g8d8d276ba2fb #0 [ 1080.363840][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 1080.363852][ C0] Workqueue: events request_firmware_work_func [ 1080.363881][ C0] RIP: 0010:unwind_next_frame+0x50b/0x2a00 [ 1080.363912][ C0] Code: 49 8d 5c 45 00 48 89 d8 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df 0f b6 04 08 84 c0 75 34 48 63 2b 48 01 dd 48 89 ef 4c 89 f6 60 62 52 00 48 8d 43 04 4c 39 f5 4c 0f 46 e8 48 8d 43 fc 4c 0f [ 1080.363928][ C0] RSP: 0018:ffffc90000006888 EFLAGS: 00000083 [ 1080.363943][ C0] RAX: 0000000000000000 RBX: ffffffff900a4f38 RCX: dffffc0000000000 [ 1080.363957][ C0] RDX: 0000000000010100 RSI: ffffffff817f2e67 RDI: ffffffff817f2d58 [ 1080.363971][ C0] RBP: ffffffff817f2d58 R08: ffffffff81412c60 R09: ffffc90000006a50 [ 1080.363985][ C0] R10: 0000000000000003 R11: ffffffff817f2f30 R12: ffffffff900a4f38 [ 1080.363998][ C0] R13: ffffffff900a4f38 R14: ffffffff817f2e67 R15: ffffffff900a4f38 [ 1080.364011][ C0] FS: 0000000000000000(0000) GS:ffff8880b8800000(0000) knlGS:0000000000000000 [ 1080.364027][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1080.364040][ C0] CR2: 0000001b31113ff8 CR3: 000000000e534000 CR4: 00000000003526f0 [ 1080.364057][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 1080.364069][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 1080.364080][ C0] Call Trace: [ 1080.364087][ C0] [ 1080.364097][ C0] ? nmi_cpu_backtrace+0x3c2/0x4d0 [ 1080.364123][ C0] ? __pfx_lock_acquire+0x10/0x10 [ 1080.364150][ C0] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 1080.364174][ C0] ? nmi_handle+0x2a/0x5a0 [ 1080.364203][ C0] ? nmi_cpu_backtrace_handler+0xc/0x20 [ 1080.364226][ C0] ? nmi_handle+0x14f/0x5a0 [ 1080.364243][ C0] ? nmi_handle+0x2a/0x5a0 [ 1080.364262][ C0] ? unwind_next_frame+0x50b/0x2a00 [ 1080.364288][ C0] ? unwind_next_frame+0x8e0/0x2a00 [ 1080.364313][ C0] ? default_do_nmi+0x63/0x160 [ 1080.364338][ C0] ? exc_nmi+0x123/0x1f0 [ 1080.364362][ C0] ? end_repeat_nmi+0xf/0x53 [ 1080.364385][ C0] ? stack_trace_save+0x117/0x1d0 [ 1080.364407][ C0] ? stack_trace_save+0x8/0x1d0 [ 1080.364428][ C0] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 1080.364451][ C0] ? unwind_next_frame+0x510/0x2a00 [ 1080.364478][ C0] ? stack_trace_save+0x117/0x1d0 [ 1080.364498][ C0] ? stack_trace_save+0x8/0x1d0 [ 1080.364519][ C0] ? unwind_next_frame+0x50b/0x2a00 [ 1080.364548][ C0] ? unwind_next_frame+0x50b/0x2a00 [ 1080.364577][ C0] ? unwind_next_frame+0x50b/0x2a00 [ 1080.364604][ C0] [ 1080.364611][ C0] [ 1080.364621][ C0] ? stack_trace_save+0x117/0x1d0 [ 1080.364644][ C0] ? __unwind_start+0x6af/0x7c0 [ 1080.364668][ C0] ? stack_trace_save+0x118/0x1d0 [ 1080.364689][ C0] ? stack_trace_save+0x118/0x1d0 [ 1080.364711][ C0] ? __kernel_text_address+0xd/0x40 [ 1080.364730][ C0] ? stack_trace_save+0x118/0x1d0 [ 1080.364751][ C0] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 1080.364774][ C0] arch_stack_walk+0x151/0x1b0 [ 1080.364803][ C0] ? stack_trace_save+0x118/0x1d0 [ 1080.364828][ C0] stack_trace_save+0x118/0x1d0 [ 1080.364852][ C0] ? __pfx_stack_trace_save+0x10/0x10 [ 1080.364878][ C0] ? debug_check_no_obj_freed+0x561/0x580 [ 1080.364899][ C0] ? do_raw_spin_lock+0x14f/0x370 [ 1080.364919][ C0] ? __pfx_lock_release+0x10/0x10 [ 1080.364945][ C0] kasan_save_track+0x3f/0x80 [ 1080.365000][ C0] ? dummy_timer+0x7ce/0x45a0 [ 1080.365020][ C0] kasan_save_free_info+0x40/0x50 [ 1080.365046][ C0] poison_slab_object+0xe0/0x150 [ 1080.365068][ C0] __kasan_slab_free+0x37/0x60 [ 1080.365087][ C0] ? dummy_timer+0x7ce/0x45a0 [ 1080.365107][ C0] kfree+0x149/0x360 [ 1080.365132][ C0] dummy_timer+0x7ce/0x45a0 [ 1080.365159][ C0] ? __pfx_lock_release+0x10/0x10 [ 1080.365197][ C0] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 1080.365225][ C0] ? __hrtimer_run_queues+0x477/0xd50 [ 1080.365245][ C0] ? __pfx_lock_release+0x10/0x10 [ 1080.365274][ C0] ? do_raw_spin_unlock+0x13c/0x8b0 [ 1080.365302][ C0] ? __pfx_dummy_timer+0x10/0x10 [ 1080.365327][ C0] ? __pfx_dummy_timer+0x10/0x10 [ 1080.365348][ C0] __hrtimer_run_queues+0x59b/0xd50 [ 1080.365381][ C0] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 1080.365403][ C0] ? ktime_get_update_offsets_now+0x22d/0x250 [ 1080.365433][ C0] hrtimer_interrupt+0x396/0x990 [ 1080.365468][ C0] __sysvec_apic_timer_interrupt+0x110/0x3f0 [ 1080.365498][ C0] sysvec_apic_timer_interrupt+0x52/0xc0 [ 1080.365527][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 1080.365551][ C0] RIP: 0010:unwind_get_return_address+0x0/0xc0 [ 1080.365579][ C0] Code: b6 00 48 8d 7c 24 40 8b 74 24 14 e9 dd fe ff ff e8 f5 e3 6f 0a 0f 1f 44 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1e fa 55 41 57 41 56 53 48 89 fb 49 be 00 00 00 00 00 fc ff [ 1080.365594][ C0] RSP: 0018:ffffc90000007438 EFLAGS: 00000246 [ 1080.365609][ C0] RAX: ffffffff81378a4f RBX: ffffffff81f77b66 RCX: ffff88802dda3c00 [ 1080.365623][ C0] RDX: 0000000000000100 RSI: 0000000000000101 RDI: ffffc90000007440 [ 1080.365636][ C0] RBP: ffffc900000074d0 R08: ffffffff814145c5 R09: ffffffff814140bf [ 1080.365650][ C0] R10: 0000000000000003 R11: ffff88802dda3c00 R12: ffff88802dda3c00 [ 1080.365663][ C0] R13: ffffffff817f2f30 R14: ffffc90000007520 R15: ffffc90000007440 [ 1080.365678][ C0] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 1080.365702][ C0] ? __kasan_slab_alloc+0x66/0x80 [ 1080.365722][ C0] ? unwind_next_frame+0x196f/0x2a00 [ 1080.365748][ C0] ? unwind_next_frame+0x1e75/0x2a00 [ 1080.365773][ C0] ? arch_stack_walk+0x15f/0x1b0 [ 1080.365801][ C0] arch_stack_walk+0x125/0x1b0 [ 1080.365823][ C0] ? kmem_cache_alloc_noprof+0x135/0x2a0 [ 1080.365851][ C0] stack_trace_save+0x118/0x1d0 [ 1080.365876][ C0] ? __pfx_stack_trace_save+0x10/0x10 [ 1080.365901][ C0] ? stack_trace_save+0x118/0x1d0 [ 1080.365927][ C0] kasan_save_track+0x3f/0x80 [ 1080.365945][ C0] ? kasan_save_track+0x3f/0x80 [ 1080.365962][ C0] ? __kasan_slab_alloc+0x66/0x80 [ 1080.366017][ C0] __kasan_slab_alloc+0x66/0x80 [ 1080.366038][ C0] ? dst_alloc+0x12b/0x190 [ 1080.366058][ C0] kmem_cache_alloc_noprof+0x135/0x2a0 [ 1080.366084][ C0] ? __pfx_ip6_dst_gc+0x10/0x10 [ 1080.366107][ C0] dst_alloc+0x12b/0x190 [ 1080.366131][ C0] icmp6_dst_alloc+0x77/0x420 [ 1080.366157][ C0] ? icmpv6_flow_init+0x63/0x120 [ 1080.366181][ C0] ndisc_send_skb+0x32a/0x1380 [ 1080.366204][ C0] ? __alloc_skb+0x28f/0x440 [ 1080.366230][ C0] ? __pfx_ndisc_send_skb+0x10/0x10 [ 1080.366249][ C0] ? ipv6_get_ifaddr+0x107/0x770 [ 1080.366274][ C0] ? skb_set_owner_w+0x238/0x3e0 [ 1080.366305][ C0] ? ndisc_send_rs+0x536/0x6c0 [ 1080.366332][ C0] addrconf_rs_timer+0x371/0x670 [ 1080.366358][ C0] ? __pfx_addrconf_rs_timer+0x10/0x10 [ 1080.366382][ C0] ? call_timer_fn+0xa8/0x650 [ 1080.366418][ C0] call_timer_fn+0x18e/0x650 [ 1080.366449][ C0] ? call_timer_fn+0xc0/0x650 [ 1080.366477][ C0] ? __pfx_addrconf_rs_timer+0x10/0x10 [ 1080.366517][ C0] ? __pfx_call_timer_fn+0x10/0x10 [ 1080.366547][ C0] ? __pfx_addrconf_rs_timer+0x10/0x10 [ 1080.366568][ C0] ? __pfx_addrconf_rs_timer+0x10/0x10 [ 1080.366588][ C0] ? __pfx_addrconf_rs_timer+0x10/0x10 [ 1080.366606][ C0] ? _raw_spin_unlock_irq+0x23/0x50 [ 1080.366632][ C0] ? lockdep_hardirqs_on+0x99/0x150 [ 1080.366649][ C0] ? __pfx_addrconf_rs_timer+0x10/0x10 [ 1080.366669][ C0] __run_timer_base+0x66a/0x8e0 [ 1080.366703][ C0] ? __pfx___run_timer_base+0x10/0x10 [ 1080.366732][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 1080.366763][ C0] run_timer_softirq+0xb7/0x170 [ 1080.366795][ C0] handle_softirqs+0x2c4/0x970 [ 1080.366822][ C0] ? __irq_exit_rcu+0xf4/0x1c0 [ 1080.366849][ C0] ? __pfx_handle_softirqs+0x10/0x10 [ 1080.366875][ C0] ? irqtime_account_irq+0xd4/0x1e0 [ 1080.366905][ C0] __irq_exit_rcu+0xf4/0x1c0 [ 1080.366928][ C0] ? __pfx___irq_exit_rcu+0x10/0x10 [ 1080.366958][ C0] irq_exit_rcu+0x9/0x30 [ 1080.366978][ C0] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 1080.367007][ C0] [ 1080.367014][ C0] [ 1080.367021][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 1080.367044][ C0] RIP: 0010:__sanitizer_cov_trace_cmp8+0x7d/0x90 [ 1080.367070][ C0] Code: c1 e1 05 48 8d 41 28 4c 39 c8 77 1e 49 ff c2 4c 89 12 48 c7 44 11 08 06 00 00 00 48 89 7c 11 10 48 89 74 11 18 4c 89 44 11 20 cc cc cc cc 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 90 90 90 [ 1080.367086][ C0] RSP: 0018:ffffc9000914ec18 EFLAGS: 00000293 [ 1080.367101][ C0] RAX: 0000000000000000 RBX: 0000000000000001 RCX: ffff88802dda3c00 [ 1080.367114][ C0] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 000000007ffffff9 [ 1080.367125][ C0] RBP: ffffc9000914ed10 R08: ffffffff8baa3069 R09: ffffffff8baa28c4 [ 1080.367139][ C0] R10: 0000000000000012 R11: ffff88802dda3c00 R12: ffffffff8beb9ac6 [ 1080.367152][ C0] R13: 000000007ffffff9 R14: ffffc9000914ef66 R15: ffffffff8beb9ac5 [ 1080.367171][ C0] ? vsnprintf+0x184/0x1da0 [ 1080.367192][ C0] ? vsnprintf+0x929/0x1da0 [ 1080.367219][ C0] vsnprintf+0x929/0x1da0 [ 1080.367248][ C0] ? __pfx_vsnprintf+0x10/0x10 [ 1080.367278][ C0] sprintf+0xda/0x120 [ 1080.367305][ C0] ? __pfx_sprintf+0x10/0x10 [ 1080.367330][ C0] ? serial8250_console_write+0xdc6/0x1770 [ 1080.367357][ C0] ? do_raw_spin_lock+0x14f/0x370 [ 1080.367377][ C0] ? __pfx_lock_release+0x10/0x10 [ 1080.367405][ C0] info_print_prefix+0x16b/0x310 [ 1080.367430][ C0] ? __pfx_info_print_prefix+0x10/0x10 [ 1080.367461][ C0] printk_get_next_message+0x6da/0xbe0 [ 1080.367488][ C0] ? __pfx_printk_get_next_message+0x10/0x10 [ 1080.367512][ C0] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 1080.367539][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 1080.367580][ C0] ? console_flush_all+0x3a8/0xfd0 [ 1080.367605][ C0] console_flush_all+0x410/0xfd0 [ 1080.367629][ C0] ? console_flush_all+0x152/0xfd0 [ 1080.367656][ C0] ? __pfx_console_flush_all+0x10/0x10 [ 1080.367680][ C0] ? __pfx_lock_acquire+0x10/0x10 [ 1080.367707][ C0] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 1080.367737][ C0] console_unlock+0x13b/0x4d0 [ 1080.367760][ C0] ? __pfx_console_unlock+0x10/0x10 [ 1080.367777][ C0] ? dev_vprintk_emit+0x2ae/0x330 [ 1080.367804][ C0] ? dev_vprintk_emit+0x2ae/0x330 [ 1080.367821][ C0] ? __pfx___down_trylock_console_sem+0x10/0x10 [ 1080.367852][ C0] vprintk_emit+0x5dc/0x7c0 [ 1080.367873][ C0] ? __pfx_vprintk_emit+0x10/0x10 [ 1080.367892][ C0] ? __pfx_snprintf+0x10/0x10 [ 1080.367919][ C0] ? read_word_at_a_time+0xe/0x20 [ 1080.367938][ C0] ? sized_strscpy+0x8d/0x220 [ 1080.367960][ C0] dev_vprintk_emit+0x2ae/0x330 [ 1080.367979][ C0] ? __pfx_dev_vprintk_emit+0x10/0x10 [ 1080.368019][ C0] dev_printk_emit+0xdd/0x120 [ 1080.368039][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 1080.368063][ C0] ? _raw_spin_lock_irq+0xdf/0x120 [ 1080.368091][ C0] ? __pfx_dev_printk_emit+0x10/0x10 [ 1080.368110][ C0] ? lockdep_hardirqs_on+0x99/0x150 [ 1080.368129][ C0] ? _raw_spin_unlock_irq+0x2e/0x50 [ 1080.368155][ C0] ? __dev_printk+0x137/0x1a0 [ 1080.368177][ C0] _dev_err+0x122/0x170 [ 1080.368195][ C0] ? ath9k_htc_wait_for_target+0xc2/0x160 [ 1080.368226][ C0] ? __pfx__dev_err+0x10/0x10 [ 1080.368243][ C0] ? __pfx_wait_for_completion_timeout+0x10/0x10 [ 1080.368265][ C0] ? ieee80211_roc_setup+0x119/0x1d0 [ 1080.368285][ C0] ? ieee80211_alloc_hw_nm+0x1835/0x1ea0 [ 1080.368316][ C0] ath9k_htc_wait_for_target+0x132/0x160 [ 1080.368347][ C0] ath9k_htc_probe_device+0x1a5/0x2240 [ 1080.368383][ C0] ? lockdep_hardirqs_on+0x99/0x150 [ 1080.368402][ C0] ? __pfx_ath9k_htc_probe_device+0x10/0x10 [ 1080.368429][ C0] ? usb_submit_urb+0x10e4/0x1930 [ 1080.368455][ C0] ? usb_free_urb+0x9f/0x120 [ 1080.368473][ C0] ? ath9k_hif_usb_alloc_urbs+0x1003/0x10f0 [ 1080.368498][ C0] ath9k_htc_hw_init+0x34/0x80 [ 1080.368518][ C0] ath9k_hif_usb_firmware_cb+0x255/0x4b0 [ 1080.368542][ C0] ? __pfx_ath9k_hif_usb_firmware_cb+0x10/0x10 [ 1080.368562][ C0] request_firmware_work_func+0x1a4/0x280 [ 1080.368590][ C0] ? __pfx_request_firmware_work_func+0x10/0x10 [ 1080.368619][ C0] ? process_scheduled_works+0x945/0x1830 [ 1080.368643][ C0] process_scheduled_works+0xa2c/0x1830 [ 1080.368686][ C0] ? __pfx_process_scheduled_works+0x10/0x10 [ 1080.368716][ C0] ? assign_work+0x364/0x3d0 [ 1080.368743][ C0] worker_thread+0x86d/0xd10 [ 1080.368773][ C0] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 1080.368808][ C0] ? __kthread_parkme+0x169/0x1d0 [ 1080.368836][ C0] ? __pfx_worker_thread+0x10/0x10 [ 1080.368861][ C0] kthread+0x2f0/0x390 [ 1080.368887][ C0] ? __pfx_worker_thread+0x10/0x10 [ 1080.368911][ C0] ? __pfx_kthread+0x10/0x10 [ 1080.368938][ C0] ret_from_fork+0x4b/0x80 [ 1080.368963][ C0] ? __pfx_kthread+0x10/0x10 [ 1080.368989][ C0] ret_from_fork_asm+0x1a/0x30 [ 1080.369025][ C0] [ 1084.740199][ C0] rcu: INFO: rcu_preempt self-detected stall on CPU [ 1084.740237][ C0] rcu: 0-....: (6331 ticks this GP) idle=d0dc/1/0x4000000000000000 softirq=97740/97741 fqs=4863 [ 1084.741483][ C0] rcu: hardirqs softirqs csw/system [ 1084.741500][ C0] rcu: number: 77 6 0 [ 1084.741519][ C0] rcu: cputime: 51477 994 3775 ==> 52480(ms) [ 1084.741548][ C0] rcu: (t=10500 jiffies g=154501 q=1832 ncpus=2) [ 1084.741573][ C0] CPU: 0 UID: 0 PID: 26681 Comm: kworker/0:4 Not tainted 6.11.0-rc7-syzkaller-00020-g8d8d276ba2fb #0 [ 1084.741602][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 1084.741619][ C0] Workqueue: events request_firmware_work_func [ 1084.741659][ C0] RIP: 0010:__sanitizer_cov_trace_const_cmp8+0x0/0x90 [ 1084.741697][ C0] Code: 10 48 89 74 0a 18 4c 89 44 0a 20 c3 cc cc cc cc 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1e fa 4c 8b 04 24 65 48 8b 0c 25 c0 d6 03 00 65 8b 05 70 45 [ 1084.741719][ C0] RSP: 0018:ffffc90000007a98 EFLAGS: 00000287 [ 1084.741741][ C0] RAX: 0000000000000100 RBX: 000000a7c5ac471b RCX: ffff88802dda3c00 [ 1084.741760][ C0] RDX: ffff88802dda3c00 RSI: 0000000000000000 RDI: 000000a7c5ac471b [ 1084.741778][ C0] RBP: 0019999999999998 R08: ffffffff89b5bdbf R09: fffff52000000f58 [ 1084.741797][ C0] R10: dffffc0000000000 R11: fffff52000000f58 R12: 0000000225c17d04 [ 1084.741816][ C0] R13: 0000000000000000 R14: 00000015798ee228 R15: 1ffff11005a42c63 [ 1084.741834][ C0] FS: 0000000000000000(0000) GS:ffff8880b8800000(0000) knlGS:0000000000000000 [ 1084.741855][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1084.741872][ C0] CR2: 0000001b31113ff8 CR3: 000000000e534000 CR4: 00000000003526f0 [ 1084.741893][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 1084.741909][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 1084.741926][ C0] Call Trace: [ 1084.741936][ C0] [ 1084.741950][ C0] ? rcu_dump_cpu_stacks+0x28a/0x440 [ 1084.741992][ C0] ? print_cpu_stall+0x2e0/0x5a0 [ 1084.742026][ C0] ? rcu_sched_clock_irq+0xa1d/0x10d0 [ 1084.742074][ C0] ? __pfx_rcu_sched_clock_irq+0x10/0x10 [ 1084.742110][ C0] ? hrtimer_run_queues+0x16c/0x460 [ 1084.742144][ C0] ? update_process_times+0x1ce/0x230 [ 1084.742189][ C0] ? tick_nohz_handler+0x37c/0x500 [ 1084.742222][ C0] ? __pfx_tick_nohz_handler+0x10/0x10 [ 1084.742251][ C0] ? __hrtimer_run_queues+0x551/0xd50 [ 1084.742301][ C0] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 1084.742333][ C0] ? ktime_get_update_offsets_now+0x22d/0x250 [ 1084.742374][ C0] ? hrtimer_interrupt+0x396/0x990 [ 1084.742429][ C0] ? __sysvec_apic_timer_interrupt+0x110/0x3f0 [ 1084.742469][ C0] ? sysvec_apic_timer_interrupt+0x52/0xc0 [ 1084.742506][ C0] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 1084.742546][ C0] ? pie_calculate_probability+0x25f/0x820 [ 1084.742585][ C0] ? __pfx___sanitizer_cov_trace_const_cmp8+0x10/0x10 [ 1084.742623][ C0] pie_calculate_probability+0x279/0x820 [ 1084.742674][ C0] fq_pie_timer+0x26d/0x590 [ 1084.742706][ C0] ? fq_pie_timer+0x4d/0x590 [ 1084.742751][ C0] call_timer_fn+0x18e/0x650 [ 1084.742787][ C0] ? call_timer_fn+0xc0/0x650 [ 1084.742819][ C0] ? __pfx_fq_pie_timer+0x10/0x10 [ 1084.742853][ C0] ? __pfx_call_timer_fn+0x10/0x10 [ 1084.742892][ C0] ? __pfx_fq_pie_timer+0x10/0x10 [ 1084.742928][ C0] ? __pfx_fq_pie_timer+0x10/0x10 [ 1084.742962][ C0] ? __pfx_fq_pie_timer+0x10/0x10 [ 1084.742994][ C0] ? _raw_spin_unlock_irq+0x23/0x50 [ 1084.743027][ C0] ? lockdep_hardirqs_on+0x99/0x150 [ 1084.743051][ C0] ? __pfx_fq_pie_timer+0x10/0x10 [ 1084.743087][ C0] __run_timer_base+0x66a/0x8e0 [ 1084.743136][ C0] ? __pfx___run_timer_base+0x10/0x10 [ 1084.743183][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 1084.743227][ C0] run_timer_softirq+0xb7/0x170 [ 1084.743260][ C0] handle_softirqs+0x2c4/0x970 [ 1084.743297][ C0] ? __irq_exit_rcu+0xf4/0x1c0 [ 1084.743334][ C0] ? __pfx_handle_softirqs+0x10/0x10 [ 1084.743370][ C0] ? irqtime_account_irq+0xd4/0x1e0 [ 1084.743408][ C0] __irq_exit_rcu+0xf4/0x1c0 [ 1084.743439][ C0] ? __pfx___irq_exit_rcu+0x10/0x10 [ 1084.743481][ C0] irq_exit_rcu+0x9/0x30 [ 1084.743509][ C0] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 1084.743545][ C0] [ 1084.743555][ C0] [ 1084.743567][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 1084.743597][ C0] RIP: 0010:__sanitizer_cov_trace_cmp8+0x7d/0x90 [ 1084.743629][ C0] Code: c1 e1 05 48 8d 41 28 4c 39 c8 77 1e 49 ff c2 4c 89 12 48 c7 44 11 08 06 00 00 00 48 89 7c 11 10 48 89 74 11 18 4c 89 44 11 20 cc cc cc cc 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 90 90 90 [ 1084.743649][ C0] RSP: 0018:ffffc9000914ec18 EFLAGS: 00000293 [ 1084.743671][ C0] RAX: 0000000000000000 RBX: 0000000000000001 RCX: ffff88802dda3c00 [ 1084.743689][ C0] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 000000007ffffff9 [ 1084.743705][ C0] RBP: ffffc9000914ed10 R08: ffffffff8baa3069 R09: ffffffff8baa28c4 [ 1084.743724][ C0] R10: 0000000000000012 R11: ffff88802dda3c00 R12: ffffffff8beb9ac6 [ 1084.743741][ C0] R13: 000000007ffffff9 R14: ffffc9000914ef66 R15: ffffffff8beb9ac5 [ 1084.743768][ C0] ? vsnprintf+0x184/0x1da0 [ 1084.743796][ C0] ? vsnprintf+0x929/0x1da0 [ 1084.743834][ C0] vsnprintf+0x929/0x1da0 [ 1084.743875][ C0] ? __pfx_vsnprintf+0x10/0x10 [ 1084.743919][ C0] sprintf+0xda/0x120 [ 1084.743956][ C0] ? __pfx_sprintf+0x10/0x10 [ 1084.743990][ C0] ? serial8250_console_write+0xdc6/0x1770 [ 1084.744025][ C0] ? do_raw_spin_lock+0x14f/0x370 [ 1084.744052][ C0] ? __pfx_lock_release+0x10/0x10 [ 1084.744090][ C0] info_print_prefix+0x16b/0x310 [ 1084.744124][ C0] ? __pfx_info_print_prefix+0x10/0x10 [ 1084.744174][ C0] printk_get_next_message+0x6da/0xbe0 [ 1084.744214][ C0] ? __pfx_printk_get_next_message+0x10/0x10 [ 1084.744248][ C0] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 1084.744284][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 1084.744344][ C0] ? console_flush_all+0x3a8/0xfd0 [ 1084.744378][ C0] console_flush_all+0x410/0xfd0 [ 1084.744412][ C0] ? console_flush_all+0x152/0xfd0 [ 1084.744453][ C0] ? __pfx_console_flush_all+0x10/0x10 [ 1084.744485][ C0] ? __pfx_lock_acquire+0x10/0x10 [ 1084.744522][ C0] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 1084.744564][ C0] console_unlock+0x13b/0x4d0 [ 1084.744597][ C0] ? __pfx_console_unlock+0x10/0x10 [ 1084.744620][ C0] ? dev_vprintk_emit+0x2ae/0x330 [ 1084.744644][ C0] ? dev_vprintk_emit+0x2ae/0x330 [ 1084.744667][ C0] ? __pfx___down_trylock_console_sem+0x10/0x10 [ 1084.744713][ C0] vprintk_emit+0x5dc/0x7c0 [ 1084.744741][ C0] ? __pfx_vprintk_emit+0x10/0x10 [ 1084.744767][ C0] ? __pfx_snprintf+0x10/0x10 [ 1084.744805][ C0] ? read_word_at_a_time+0xe/0x20 [ 1084.744830][ C0] ? sized_strscpy+0x8d/0x220 [ 1084.744861][ C0] dev_vprintk_emit+0x2ae/0x330 [ 1084.744888][ C0] ? __pfx_dev_vprintk_emit+0x10/0x10 [ 1084.744946][ C0] dev_printk_emit+0xdd/0x120 [ 1084.744973][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 1084.745004][ C0] ? _raw_spin_lock_irq+0xdf/0x120 [ 1084.745042][ C0] ? __pfx_dev_printk_emit+0x10/0x10 [ 1084.745069][ C0] ? lockdep_hardirqs_on+0x99/0x150 [ 1084.745095][ C0] ? _raw_spin_unlock_irq+0x2e/0x50 [ 1084.745129][ C0] ? __dev_printk+0x137/0x1a0 [ 1084.745165][ C0] _dev_err+0x122/0x170 [ 1084.745191][ C0] ? ath9k_htc_wait_for_target+0xc2/0x160 [ 1084.745230][ C0] ? __pfx__dev_err+0x10/0x10 [ 1084.745254][ C0] ? __pfx_wait_for_completion_timeout+0x10/0x10 [ 1084.745285][ C0] ? ieee80211_roc_setup+0x119/0x1d0 [ 1084.745313][ C0] ? ieee80211_alloc_hw_nm+0x1835/0x1ea0 [ 1084.745354][ C0] ath9k_htc_wait_for_target+0x132/0x160 [ 1084.745396][ C0] ath9k_htc_probe_device+0x1a5/0x2240 [ 1084.745448][ C0] ? lockdep_hardirqs_on+0x99/0x150 [ 1084.745474][ C0] ? __pfx_ath9k_htc_probe_device+0x10/0x10 [ 1084.745509][ C0] ? usb_submit_urb+0x10e4/0x1930 [ 1084.745546][ C0] ? usb_free_urb+0x9f/0x120 [ 1084.745572][ C0] ? ath9k_hif_usb_alloc_urbs+0x1003/0x10f0 [ 1084.745608][ C0] ath9k_htc_hw_init+0x34/0x80 [ 1084.745636][ C0] ath9k_hif_usb_firmware_cb+0x255/0x4b0 [ 1084.745670][ C0] ? __pfx_ath9k_hif_usb_firmware_cb+0x10/0x10 [ 1084.745696][ C0] request_firmware_work_func+0x1a4/0x280 [ 1084.745735][ C0] ? __pfx_request_firmware_work_func+0x10/0x10 [ 1084.745778][ C0] ? process_scheduled_works+0x945/0x1830 [ 1084.745808][ C0] process_scheduled_works+0xa2c/0x1830 [ 1084.745874][ C0] ? __pfx_process_scheduled_works+0x10/0x10 [ 1084.745917][ C0] ? assign_work+0x364/0x3d0 [ 1084.745955][ C0] worker_thread+0x86d/0xd10 [ 1084.745998][ C0] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 1084.746039][ C0] ? __kthread_parkme+0x169/0x1d0 [ 1084.746097][ C0] ? __pfx_worker_thread+0x10/0x10 [ 1084.746129][ C0] kthread+0x2f0/0x390 [ 1084.746169][ C0] ? __pfx_worker_thread+0x10/0x10 [ 1084.746200][ C0] ? __pfx_kthread+0x10/0x10 [ 1084.746237][ C0] ret_from_fork+0x4b/0x80 [ 1084.746269][ C0] ? __pfx_kthread+0x10/0x10 [ 1084.746304][ C0] ret_from_fork_asm+0x1a/0x30 [ 1084.746351][ C0] [ 1092.061987][ T2577] Bluetooth: hci17: unexpected cc 0x0c03 length: 249 > 1 [ 1092.068777][ T2577] Bluetooth: hci17: unexpected cc 0x1003 length: 249 > 9 [ 1092.070082][ T2577] Bluetooth: hci17: unexpected cc 0x1001 length: 249 > 9 [ 1092.071345][ T2577] Bluetooth: hci17: unexpected cc 0x0c23 length: 249 > 4 [ 1092.072176][ T2577] Bluetooth: hci17: unexpected cc 0x0c25 length: 249 > 3 [ 1092.072588][ T2577] Bluetooth: hci17: unexpected cc 0x0c38 length: 249 > 2 [ 1093.229944][ T2583] Bluetooth: hci18: unexpected cc 0x0c03 length: 249 > 1 [ 1093.258855][ T2583] Bluetooth: hci18: unexpected cc 0x1003 length: 249 > 9 [ 1093.263174][ T2583] Bluetooth: hci18: unexpected cc 0x1001 length: 249 > 9 [ 1093.266057][ T2583] Bluetooth: hci18: unexpected cc 0x0c23 length: 249 > 4 [ 1093.266989][ T2583] Bluetooth: hci18: unexpected cc 0x0c25 length: 249 > 3 [ 1093.267425][ T2583] Bluetooth: hci18: unexpected cc 0x0c38 length: 249 > 2 [ 1097.788199][ T2588] Bluetooth: hci2: command 0x0406 tx timeout [ 1116.446258][ T1270] ieee802154 phy0 wpan0: encryption failed: -22 [ 1120.017045][ T30] INFO: task kworker/u8:0:11 blocked for more than 143 seconds. [ 1120.017110][ T30] Not tainted 6.11.0-rc7-syzkaller-00020-g8d8d276ba2fb #0 [ 1120.017128][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1120.017141][ T30] task:kworker/u8:0 state:D stack:19984 pid:11 tgid:11 ppid:2 flags:0x00004000 [ 1120.017187][ T30] Workqueue: events_unbound linkwatch_event [ 1120.017224][ T30] Call Trace: [ 1120.017235][ T30] [ 1120.017253][ T30] __schedule+0x17ae/0x4a10 [ 1120.017319][ T30] ? __pfx___schedule+0x10/0x10 [ 1120.017361][ T30] ? __pfx_lock_release+0x10/0x10 [ 1120.017398][ T30] ? __mutex_trylock_common+0x92/0x2e0 [ 1120.017437][ T30] ? kthread_data+0x52/0xd0 [ 1120.017470][ T30] ? schedule+0x90/0x320 [ 1120.017504][ T30] ? wq_worker_sleeping+0x66/0x240 [ 1120.017542][ T30] ? schedule+0x90/0x320 [ 1120.017577][ T30] schedule+0x14b/0x320 [ 1120.017617][ T30] schedule_preempt_disabled+0x13/0x30 [ 1120.017653][ T30] __mutex_lock+0x6a4/0xd70 [ 1120.017685][ T30] ? __mutex_lock+0x527/0xd70 [ 1120.017715][ T30] ? linkwatch_event+0xe/0x60 [ 1120.017745][ T30] ? __pfx___mutex_lock+0x10/0x10 [ 1120.017790][ T30] ? process_scheduled_works+0x945/0x1830 [ 1120.017822][ T30] linkwatch_event+0xe/0x60 [ 1120.017849][ T30] process_scheduled_works+0xa2c/0x1830 [ 1120.017918][ T30] ? __pfx_process_scheduled_works+0x10/0x10 [ 1120.017963][ T30] ? assign_work+0x364/0x3d0 [ 1120.018003][ T30] worker_thread+0x86d/0xd10 [ 1120.018055][ T30] ? __kthread_parkme+0x169/0x1d0 [ 1120.018095][ T30] ? __pfx_worker_thread+0x10/0x10 [ 1120.018129][ T30] kthread+0x2f0/0x390 [ 1120.018165][ T30] ? __pfx_worker_thread+0x10/0x10 [ 1120.018198][ T30] ? __pfx_kthread+0x10/0x10 [ 1120.018237][ T30] ret_from_fork+0x4b/0x80 [ 1120.018270][ T30] ? __pfx_kthread+0x10/0x10 [ 1120.018308][ T30] ret_from_fork_asm+0x1a/0x30 [ 1120.018363][ T30] [ 1120.018389][ T30] INFO: task kworker/u9:0:55 blocked for more than 143 seconds. [ 1120.018414][ T30] Not tainted 6.11.0-rc7-syzkaller-00020-g8d8d276ba2fb #0 [ 1120.018430][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1120.018442][ T30] task:kworker/u9:0 state:D stack:24664 pid:55 tgid:55 ppid:2 flags:0x00004000 [ 1120.018487][ T30] Workqueue: hci8 hci_rx_work [ 1120.018519][ T30] Call Trace: [ 1120.018529][ T30] [ 1120.018546][ T30] __schedule+0x17ae/0x4a10 [ 1120.018612][ T30] ? __pfx___schedule+0x10/0x10 [ 1120.018653][ T30] ? __pfx_lock_release+0x10/0x10 [ 1120.018689][ T30] ? __mutex_trylock_common+0x92/0x2e0 [ 1120.018718][ T30] ? kthread_data+0x52/0xd0 [ 1120.018750][ T30] ? schedule+0x90/0x320 [ 1120.018785][ T30] ? wq_worker_sleeping+0x66/0x240 [ 1120.018822][ T30] ? schedule+0x90/0x320 [ 1120.018857][ T30] schedule+0x14b/0x320 [ 1120.018896][ T30] schedule_preempt_disabled+0x13/0x30 [ 1120.018932][ T30] __mutex_lock+0x6a4/0xd70 [ 1120.018965][ T30] ? __mutex_lock+0x527/0xd70 [ 1120.018994][ T30] ? hci_remote_features_evt+0x4c3/0xaf0 [ 1120.019030][ T30] ? __pfx___mutex_lock+0x10/0x10 [ 1120.019063][ T30] ? skb_queue_tail+0x36/0x120 [ 1120.019096][ T30] ? hci_send_cmd+0xb6/0x180 [ 1120.019134][ T30] hci_remote_features_evt+0x4c3/0xaf0 [ 1120.019176][ T30] ? __pfx_hci_remote_features_evt+0x10/0x10 [ 1120.019215][ T30] ? skb_pull_data+0x112/0x230 [ 1120.019260][ T30] hci_event_packet+0xac2/0x1540 [ 1120.019297][ T30] ? __pfx_hci_remote_features_evt+0x10/0x10 [ 1120.019339][ T30] ? __pfx_hci_event_packet+0x10/0x10 [ 1120.019368][ T30] ? do_raw_spin_unlock+0x13c/0x8b0 [ 1120.019413][ T30] ? hci_send_to_monitor+0xd8/0x7f0 [ 1120.019452][ T30] ? kcov_remote_start+0x97/0x7d0 [ 1120.019491][ T30] hci_rx_work+0x3e8/0xca0 [ 1120.019534][ T30] ? process_scheduled_works+0x945/0x1830 [ 1120.019566][ T30] process_scheduled_works+0xa2c/0x1830 [ 1120.019634][ T30] ? __pfx_process_scheduled_works+0x10/0x10 [ 1120.019679][ T30] ? assign_work+0x364/0x3d0 [ 1120.019719][ T30] worker_thread+0x86d/0xd10 [ 1120.019771][ T30] ? __kthread_parkme+0x169/0x1d0 [ 1120.019811][ T30] ? __pfx_worker_thread+0x10/0x10 [ 1120.019845][ T30] kthread+0x2f0/0x390 [ 1120.019880][ T30] ? __pfx_worker_thread+0x10/0x10 [ 1120.019913][ T30] ? __pfx_kthread+0x10/0x10 [ 1120.019951][ T30] ret_from_fork+0x4b/0x80 [ 1120.019984][ T30] ? __pfx_kthread+0x10/0x10 [ 1120.020021][ T30] ret_from_fork_asm+0x1a/0x30 [ 1120.020075][ T30] [ 1120.020162][ T30] INFO: task kworker/1:6:5333 blocked for more than 143 seconds. [ 1120.020180][ T30] Not tainted 6.11.0-rc7-syzkaller-00020-g8d8d276ba2fb #0 [ 1120.020196][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1120.020208][ T30] task:kworker/1:6 state:D stack:21360 pid:5333 tgid:5333 ppid:2 flags:0x00004000 [ 1120.020250][ T30] Workqueue: events switchdev_deferred_process_work [ 1120.020282][ T30] Call Trace: [ 1120.020293][ T30] [ 1120.020309][ T30] __schedule+0x17ae/0x4a10 [ 1120.020373][ T30] ? __pfx___schedule+0x10/0x10 [ 1120.020419][ T30] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 1120.020454][ T30] ? __pfx_lock_release+0x10/0x10 [ 1120.020490][ T30] ? kick_pool+0x45c/0x620 [ 1120.020531][ T30] ? _raw_spin_unlock_irq+0x23/0x50 [ 1120.020566][ T30] ? lockdep_hardirqs_on+0x99/0x150 [ 1120.020594][ T30] ? schedule+0x90/0x320 [ 1120.020629][ T30] schedule+0x14b/0x320 [ 1120.020669][ T30] schedule_preempt_disabled+0x13/0x30 [ 1120.020706][ T30] __mutex_lock+0x6a4/0xd70 [ 1120.020738][ T30] ? __mutex_lock+0x527/0xd70 [ 1120.020768][ T30] ? switchdev_deferred_process_work+0xe/0x20 [ 1120.020802][ T30] ? __pfx___mutex_lock+0x10/0x10 [ 1120.020848][ T30] ? process_scheduled_works+0x945/0x1830 [ 1120.020880][ T30] switchdev_deferred_process_work+0xe/0x20 [ 1120.020911][ T30] process_scheduled_works+0xa2c/0x1830 [ 1120.020975][ T30] ? __pfx_process_scheduled_works+0x10/0x10 [ 1120.021020][ T30] ? assign_work+0x364/0x3d0 [ 1120.021059][ T30] worker_thread+0x86d/0xd10 [ 1120.021111][ T30] ? __kthread_parkme+0x169/0x1d0 [ 1120.021151][ T30] ? __pfx_worker_thread+0x10/0x10 [ 1120.021185][ T30] kthread+0x2f0/0x390 [ 1120.021222][ T30] ? __pfx_worker_thread+0x10/0x10 [ 1120.021255][ T30] ? __pfx_kthread+0x10/0x10 [ 1120.021293][ T30] ret_from_fork+0x4b/0x80 [ 1120.021326][ T30] ? __pfx_kthread+0x10/0x10 [ 1120.021364][ T30] ret_from_fork_asm+0x1a/0x30 [ 1120.021424][ T30] [ 1120.021442][ T30] INFO: task kworker/u8:1:14350 blocked for more than 143 seconds. [ 1120.021460][ T30] Not tainted 6.11.0-rc7-syzkaller-00020-g8d8d276ba2fb #0 [ 1120.021476][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1120.021488][ T30] task:kworker/u8:1 state:D stack:21008 pid:14350 tgid:14350 ppid:2 flags:0x00004000 [ 1120.021530][ T30] Workqueue: netns cleanup_net [ 1120.021559][ T30] Call Trace: [ 1120.021569][ T30] [ 1120.021586][ T30] __schedule+0x17ae/0x4a10 [ 1120.021650][ T30] ? __pfx___schedule+0x10/0x10 [ 1120.021692][ T30] ? __pfx_lock_release+0x10/0x10 [ 1120.021724][ T30] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 1120.021768][ T30] ? kthread_data+0x52/0xd0 [ 1120.021803][ T30] ? wq_worker_sleeping+0x66/0x240 [ 1120.021840][ T30] ? schedule+0x90/0x320 [ 1120.021875][ T30] schedule+0x14b/0x320 [ 1120.021915][ T30] synchronize_rcu_expedited+0x684/0x830 [ 1120.021958][ T30] ? __pfx_synchronize_rcu_expedited+0x10/0x10 [ 1120.022016][ T30] ? __pfx_wait_rcu_exp_gp+0x10/0x10 [ 1120.022054][ T30] ? __pfx___might_resched+0x10/0x10 [ 1120.022084][ T30] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 1120.022119][ T30] ? __pfx_autoremove_wake_function+0x10/0x10 [ 1120.022154][ T30] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 1120.022203][ T30] synchronize_rcu+0x11b/0x360 [ 1120.022240][ T30] ? __pfx_synchronize_rcu+0x10/0x10 [ 1120.022294][ T30] lockdep_unregister_key+0x4b7/0x540 [ 1120.022335][ T30] ? __pfx_lockdep_unregister_key+0x10/0x10 [ 1120.022375][ T30] ? rcu_is_watching+0x15/0xb0 [ 1120.022463][ T30] ? qdisc_reset+0x3bf/0x5b0 [ 1120.022499][ T30] __qdisc_destroy+0x165/0x410 [ 1120.022532][ T30] dev_shutdown+0x357/0x450 [ 1120.022567][ T30] unregister_netdevice_many_notify+0x97b/0x1c40 [ 1120.022624][ T30] ? __pfx_unregister_netdevice_many_notify+0x10/0x10 [ 1120.022661][ T30] ? net_generic+0x1f/0x240 [ 1120.022699][ T30] ? __pfx_lock_release+0x10/0x10 [ 1120.022738][ T30] ? unregister_netdevice_queue+0x26b/0x370 [ 1120.022793][ T30] ? nexthop_net_exit_batch_rtnl+0x100/0x150 [ 1120.022831][ T30] cleanup_net+0x75d/0xcc0 [ 1120.022867][ T30] ? __pfx_cleanup_net+0x10/0x10 [ 1120.022912][ T30] ? process_scheduled_works+0x945/0x1830 [ 1120.022943][ T30] process_scheduled_works+0xa2c/0x1830 [ 1120.023012][ T30] ? __pfx_process_scheduled_works+0x10/0x10 [ 1120.023057][ T30] ? assign_work+0x364/0x3d0 [ 1120.023097][ T30] worker_thread+0x86d/0xd10 [ 1120.023141][ T30] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 1120.023184][ T30] ? __kthread_parkme+0x169/0x1d0 [ 1120.023223][ T30] ? __pfx_worker_thread+0x10/0x10 [ 1120.023258][ T30] kthread+0x2f0/0x390 [ 1120.023294][ T30] ? __pfx_worker_thread+0x10/0x10 [ 1120.023327][ T30] ? __pfx_kthread+0x10/0x10 [ 1120.023365][ T30] ret_from_fork+0x4b/0x80 [ 1120.023405][ T30] ? __pfx_kthread+0x10/0x10 [ 1120.023442][ T30] ret_from_fork_asm+0x1a/0x30 [ 1120.023496][ T30] [ 1120.023520][ T30] INFO: task syz-executor:30170 blocked for more than 143 seconds. [ 1120.023539][ T30] Not tainted 6.11.0-rc7-syzkaller-00020-g8d8d276ba2fb #0 [ 1120.023555][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1120.023568][ T30] task:syz-executor state:D stack:20992 pid:30170 tgid:30170 ppid:1 flags:0x00004006 [ 1120.023608][ T30] Call Trace: [ 1120.023618][ T30] [ 1120.023635][ T30] __schedule+0x17ae/0x4a10 [ 1120.023700][ T30] ? __pfx___schedule+0x10/0x10 [ 1120.023741][ T30] ? __pfx_lock_release+0x10/0x10 [ 1120.023776][ T30] ? __mutex_trylock_common+0x92/0x2e0 [ 1120.023817][ T30] ? schedule+0x90/0x320 [ 1120.023852][ T30] schedule+0x14b/0x320 [ 1120.023892][ T30] schedule_preempt_disabled+0x13/0x30 [ 1120.023928][ T30] __mutex_lock+0x6a4/0xd70 [ 1120.023960][ T30] ? __mutex_lock+0x527/0xd70 [ 1120.023990][ T30] ? synchronize_rcu_expedited+0x451/0x830 [ 1120.024031][ T30] ? __pfx___mutex_lock+0x10/0x10 [ 1120.024066][ T30] ? do_raw_spin_unlock+0x13c/0x8b0 [ 1120.024107][ T30] synchronize_rcu_expedited+0x451/0x830 [ 1120.024150][ T30] ? __pfx_synchronize_rcu_expedited+0x10/0x10 [ 1120.024213][ T30] ? __pfx___might_resched+0x10/0x10 [ 1120.024247][ T30] ? rcu_is_watching+0x15/0xb0 [ 1120.024298][ T30] synchronize_rcu+0x11b/0x360 [ 1120.024335][ T30] ? __pfx_synchronize_rcu+0x10/0x10 [ 1120.024373][ T30] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 1120.024421][ T30] hci_chan_del+0x119/0x1b0 [ 1120.024452][ T30] ? __pfx_l2cap_disconn_cfm+0x10/0x10 [ 1120.024491][ T30] l2cap_conn_del+0x4ed/0x690 [ 1120.024535][ T30] ? __pfx_l2cap_disconn_cfm+0x10/0x10 [ 1120.024574][ T30] hci_conn_hash_flush+0xff/0x240 [ 1120.024611][ T30] hci_dev_close_sync+0x9ef/0x11a0 [ 1120.024657][ T30] hci_unregister_dev+0x20b/0x510 [ 1120.024696][ T30] vhci_release+0x83/0xd0 [ 1120.024722][ T30] ? __pfx_vhci_release+0x10/0x10 [ 1120.024751][ T30] __fput+0x24a/0x8a0 [ 1120.024798][ T30] task_work_run+0x24f/0x310 [ 1120.024832][ T30] ? __pfx_task_work_run+0x10/0x10 [ 1120.024867][ T30] ? switch_task_namespaces+0xe4/0x110 [ 1120.024903][ T30] do_exit+0xa2f/0x27f0 [ 1120.024940][ T30] ? __pfx_do_exit+0x10/0x10 [ 1120.024965][ T30] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 1120.025001][ T30] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 1120.025039][ T30] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 1120.025072][ T30] ? _raw_spin_lock_irq+0xdf/0x120 [ 1120.025114][ T30] do_group_exit+0x207/0x2c0 [ 1120.025138][ T30] ? _raw_spin_unlock_irq+0x23/0x50 [ 1120.025173][ T30] ? lockdep_hardirqs_on+0x99/0x150 [ 1120.025203][ T30] get_signal+0x16a1/0x1740 [ 1120.025252][ T30] ? __pfx_get_signal+0x10/0x10 [ 1120.025296][ T30] arch_do_signal_or_restart+0x96/0x860 [ 1120.025334][ T30] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 1120.025365][ T30] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 1120.025426][ T30] ? syscall_exit_to_user_mode+0xa3/0x370 [ 1120.025458][ T30] syscall_exit_to_user_mode+0xc9/0x370 [ 1120.025490][ T30] do_syscall_64+0x100/0x230 [ 1120.025519][ T30] ? clear_bhb_loop+0x35/0x90 [ 1120.025554][ T30] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1120.025584][ T30] RIP: 0033:0x7f617d374157 [ 1120.025608][ T30] RSP: 002b:00007ffebe7002f0 EFLAGS: 00000293 ORIG_RAX: 000000000000003d [ 1120.025635][ T30] RAX: fffffffffffffe00 RBX: 0000000000000100 RCX: 00007f617d374157 [ 1120.025654][ T30] RDX: 0000000040000000 RSI: 00007ffebe70034c RDI: 00000000ffffffff [ 1120.025672][ T30] RBP: 00007ffebe70034c R08: 0000000000000000 R09: 7fffffffffffffff [ 1120.025691][ T30] R10: 0000000000000000 R11: 0000000000000293 R12: 00005555588915eb [ 1120.025709][ T30] R13: 0000555558891590 R14: 00000000000ea8a4 R15: 00007ffebe7003a0 [ 1120.025749][ T30] [ 1120.025766][ T30] INFO: task syz-executor:1178 blocked for more than 143 seconds. [ 1120.025785][ T30] Not tainted 6.11.0-rc7-syzkaller-00020-g8d8d276ba2fb #0 [ 1120.025800][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1120.025813][ T30] task:syz-executor state:D stack:21728 pid:1178 tgid:1178 ppid:1 flags:0x00004006 [ 1120.025855][ T30] Call Trace: [ 1120.025865][ T30] [ 1120.025882][ T30] __schedule+0x17ae/0x4a10 [ 1120.025946][ T30] ? __pfx___schedule+0x10/0x10 [ 1120.025988][ T30] ? __pfx_lock_release+0x10/0x10 [ 1120.026024][ T30] ? __mutex_trylock_common+0x92/0x2e0 [ 1120.026065][ T30] ? schedule+0x90/0x320 [ 1120.026099][ T30] schedule+0x14b/0x320 [ 1120.026139][ T30] schedule_preempt_disabled+0x13/0x30 [ 1120.026175][ T30] __mutex_lock+0x6a4/0xd70 [ 1120.026207][ T30] ? __mutex_lock+0x527/0xd70 [ 1120.026237][ T30] ? register_netdevice_notifier_net+0x1a/0xa0 [ 1120.026268][ T30] ? __pfx___mutex_lock+0x10/0x10 [ 1120.026311][ T30] ? do_raw_spin_unlock+0x13c/0x8b0 [ 1120.046615][ T30] ? __raw_spin_lock_init+0x45/0x100 [ 1120.046671][ T30] register_netdevice_notifier_net+0x1a/0xa0 [ 1120.046706][ T30] nsim_dev_hwstats_init+0xc8/0x3d0 [ 1120.046748][ T30] nsim_drv_probe+0x817/0xb80 [ 1120.046796][ T30] ? __pfx_nsim_drv_probe+0x10/0x10 [ 1120.046836][ T30] ? kernfs_create_link+0x187/0x1f0 [ 1120.046867][ T30] ? sysfs_do_create_link_sd+0xdd/0x110 [ 1120.046902][ T30] ? driver_sysfs_add+0x1de/0x1f0 [ 1120.046927][ T30] ? really_probe+0x147/0xad0 [ 1120.046958][ T30] ? __pfx_nsim_bus_probe+0x10/0x10 [ 1120.046987][ T30] really_probe+0x2b8/0xad0 [ 1120.047026][ T30] __driver_probe_device+0x1a2/0x390 [ 1120.047060][ T30] driver_probe_device+0x50/0x430 [ 1120.047094][ T30] __device_attach_driver+0x2d6/0x530 [ 1120.047128][ T30] bus_for_each_drv+0x24e/0x2e0 [ 1120.047163][ T30] ? __pfx___device_attach_driver+0x10/0x10 [ 1120.047193][ T30] ? __pfx_bus_for_each_drv+0x10/0x10 [ 1120.047232][ T30] ? __pfx_lock_acquire+0x10/0x10 [ 1120.047272][ T30] __device_attach+0x333/0x520 [ 1120.047307][ T30] ? __pfx___device_attach+0x10/0x10 [ 1120.047347][ T30] bus_probe_device+0x189/0x260 [ 1120.047387][ T30] device_add+0x856/0xbf0 [ 1120.047426][ T30] new_device_store+0x3f3/0x890 [ 1120.047458][ T30] ? kernfs_fop_write_iter+0x1eb/0x500 [ 1120.047490][ T30] ? __pfx_new_device_store+0x10/0x10 [ 1120.047530][ T30] ? sysfs_kf_write+0x182/0x2a0 [ 1120.047558][ T30] ? bus_attr_store+0x4f/0xa0 [ 1120.047596][ T30] ? __pfx_sysfs_kf_write+0x10/0x10 [ 1120.047624][ T30] kernfs_fop_write_iter+0x3a1/0x500 [ 1120.047659][ T30] vfs_write+0xa72/0xc90 [ 1120.047700][ T30] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 1120.047730][ T30] ? __pfx_vfs_write+0x10/0x10 [ 1120.047777][ T30] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 1120.047824][ T30] ksys_write+0x1a0/0x2c0 [ 1120.047866][ T30] ? __pfx_ksys_write+0x10/0x10 [ 1120.047902][ T30] ? do_syscall_64+0x100/0x230 [ 1120.047935][ T30] ? do_syscall_64+0xb6/0x230 [ 1120.047967][ T30] do_syscall_64+0xf3/0x230 [ 1120.047996][ T30] ? clear_bhb_loop+0x35/0x90 [ 1120.048033][ T30] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1120.048064][ T30] RIP: 0033:0x7f4043b7c9df [ 1120.048087][ T30] RSP: 002b:00007ffc813bd1b0 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 1120.048118][ T30] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00007f4043b7c9df [ 1120.048138][ T30] RDX: 0000000000000003 RSI: 00007ffc813bd200 RDI: 0000000000000005 [ 1120.048156][ T30] RBP: 00007f4043bf1ab9 R08: 0000000000000000 R09: 00007ffc813bd007 [ 1120.048175][ T30] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003 [ 1120.048192][ T30] R13: 00007ffc813bd200 R14: 00007f4044864620 R15: 0000000000000003 [ 1120.048232][ T30] [ 1120.048247][ T30] INFO: task syz-executor:1293 blocked for more than 143 seconds. [ 1120.048267][ T30] Not tainted 6.11.0-rc7-syzkaller-00020-g8d8d276ba2fb #0 [ 1120.048284][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1120.048297][ T30] task:syz-executor state:D stack:21360 pid:1293 tgid:1293 ppid:1 flags:0x00000004 [ 1120.048341][ T30] Call Trace: [ 1120.048351][ T30] [ 1120.048368][ T30] __schedule+0x17ae/0x4a10 [ 1120.048440][ T30] ? __pfx___schedule+0x10/0x10 [ 1120.048482][ T30] ? __pfx_lock_release+0x10/0x10 [ 1120.048518][ T30] ? __mutex_trylock_common+0x92/0x2e0 [ 1120.048560][ T30] ? schedule+0x90/0x320 [ 1120.048595][ T30] schedule+0x14b/0x320 [ 1120.048635][ T30] schedule_preempt_disabled+0x13/0x30 [ 1120.048671][ T30] __mutex_lock+0x6a4/0xd70 [ 1120.048704][ T30] ? __mutex_lock+0x527/0xd70 [ 1120.048734][ T30] ? rtnetlink_rcv_msg+0x6e6/0xcf0 [ 1120.048762][ T30] ? __pfx___mutex_lock+0x10/0x10 [ 1120.048810][ T30] rtnetlink_rcv_msg+0x6e6/0xcf0 [ 1120.048834][ T30] ? rtnetlink_rcv_msg+0x1a7/0xcf0 [ 1120.048861][ T30] ? __lock_acquire+0x137a/0x2040 [ 1120.048895][ T30] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 1120.048940][ T30] netlink_rcv_skb+0x1e3/0x430 [ 1120.048971][ T30] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 1120.048999][ T30] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1120.049055][ T30] ? netlink_deliver_tap+0x2e/0x1b0 [ 1120.049087][ T30] netlink_unicast+0x7f6/0x990 [ 1120.049135][ T30] ? __pfx_netlink_unicast+0x10/0x10 [ 1120.049170][ T30] ? __virt_addr_valid+0x183/0x530 [ 1120.049200][ T30] ? __check_object_size+0x49c/0x900 [ 1120.049228][ T30] ? bpf_lsm_netlink_send+0x9/0x10 [ 1120.049264][ T30] netlink_sendmsg+0x8e4/0xcb0 [ 1120.049309][ T30] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1120.049334][ T30] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 1120.049377][ T30] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 1120.049410][ T30] ? security_socket_sendmsg+0x87/0xb0 [ 1120.049449][ T30] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1120.049475][ T30] __sock_sendmsg+0x221/0x270 [ 1120.049505][ T30] __sys_sendto+0x3a4/0x4f0 [ 1120.049544][ T30] ? __pfx___sys_sendto+0x10/0x10 [ 1120.049607][ T30] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 1120.049645][ T30] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 1120.049689][ T30] __x64_sys_sendto+0xde/0x100 [ 1120.049725][ T30] do_syscall_64+0xf3/0x230 [ 1120.049753][ T30] ? clear_bhb_loop+0x35/0x90 [ 1120.049788][ T30] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1120.049818][ T30] RIP: 0033:0x7ff575d7fd8c [ 1120.049840][ T30] RSP: 002b:00007ffd5f740650 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 1120.049868][ T30] RAX: ffffffffffffffda RBX: 00007ff576a64620 RCX: 00007ff575d7fd8c [ 1120.049887][ T30] RDX: 0000000000000064 RSI: 00007ff576a64670 RDI: 0000000000000003 [ 1120.049905][ T30] RBP: 0000000000000000 R08: 00007ffd5f7406a4 R09: 000000000000000c [ 1120.049923][ T30] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003 [ 1120.049940][ T30] R13: 0000000000000000 R14: 00007ff576a64670 R15: 0000000000000000 [ 1120.049978][ T30] [ 1120.049991][ T30] INFO: task syz-executor:1341 blocked for more than 143 seconds. [ 1120.050009][ T30] Not tainted 6.11.0-rc7-syzkaller-00020-g8d8d276ba2fb #0 [ 1120.050026][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1120.050038][ T30] task:syz-executor state:D stack:21696 pid:1341 tgid:1341 ppid:1 flags:0x00000004 [ 1120.050080][ T30] Call Trace: [ 1120.050091][ T30] [ 1120.050107][ T30] __schedule+0x17ae/0x4a10 [ 1120.050173][ T30] ? __pfx___schedule+0x10/0x10 [ 1120.050214][ T30] ? __pfx_lock_release+0x10/0x10 [ 1120.050250][ T30] ? __mutex_trylock_common+0x92/0x2e0 [ 1120.050291][ T30] ? schedule+0x90/0x320 [ 1120.050326][ T30] schedule+0x14b/0x320 [ 1120.050365][ T30] schedule_preempt_disabled+0x13/0x30 [ 1120.050402][ T30] __mutex_lock+0x6a4/0xd70 [ 1120.050440][ T30] ? __mutex_lock+0x527/0xd70 [ 1120.050471][ T30] ? rtnetlink_rcv_msg+0x6e6/0xcf0 [ 1120.050498][ T30] ? __pfx___mutex_lock+0x10/0x10 [ 1120.050546][ T30] rtnetlink_rcv_msg+0x6e6/0xcf0 [ 1120.050570][ T30] ? rtnetlink_rcv_msg+0x1a7/0xcf0 [ 1120.050598][ T30] ? __lock_acquire+0x137a/0x2040 [ 1120.050635][ T30] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 1120.050682][ T30] netlink_rcv_skb+0x1e3/0x430 [ 1120.050710][ T30] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 1120.050739][ T30] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1120.050795][ T30] ? netlink_deliver_tap+0x2e/0x1b0 [ 1120.050827][ T30] netlink_unicast+0x7f6/0x990 [ 1120.050875][ T30] ? __pfx_netlink_unicast+0x10/0x10 [ 1120.050910][ T30] ? __virt_addr_valid+0x183/0x530 [ 1120.050939][ T30] ? __check_object_size+0x49c/0x900 [ 1120.050967][ T30] ? bpf_lsm_netlink_send+0x9/0x10 [ 1120.051002][ T30] netlink_sendmsg+0x8e4/0xcb0 [ 1120.051046][ T30] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1120.051073][ T30] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 1120.051116][ T30] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 1120.051148][ T30] ? security_socket_sendmsg+0x87/0xb0 [ 1120.051180][ T30] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1120.051205][ T30] __sock_sendmsg+0x221/0x270 [ 1120.051236][ T30] __sys_sendto+0x3a4/0x4f0 [ 1120.051273][ T30] ? __pfx___sys_sendto+0x10/0x10 [ 1120.051336][ T30] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 1120.051375][ T30] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 1120.051424][ T30] __x64_sys_sendto+0xde/0x100 [ 1120.051460][ T30] do_syscall_64+0xf3/0x230 [ 1120.051489][ T30] ? clear_bhb_loop+0x35/0x90 [ 1120.051523][ T30] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1120.051554][ T30] RIP: 0033:0x7f8310b7fd8c [ 1120.051575][ T30] RSP: 002b:00007ffecc140610 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 1120.051602][ T30] RAX: ffffffffffffffda RBX: 00007f8311864620 RCX: 00007f8310b7fd8c [ 1120.051622][ T30] RDX: 0000000000000054 RSI: 00007f8311864670 RDI: 0000000000000003 [ 1120.051639][ T30] RBP: 0000000000000000 R08: 00007ffecc140664 R09: 000000000000000c [ 1120.051657][ T30] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003 [ 1120.051674][ T30] R13: 0000000000000000 R14: 00007f8311864670 R15: 0000000000000000 [ 1120.051712][ T30] [ 1120.051731][ T30] INFO: task syz.1.8968:2478 blocked for more than 143 seconds. [ 1120.051749][ T30] Not tainted 6.11.0-rc7-syzkaller-00020-g8d8d276ba2fb #0 [ 1120.051765][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1120.051777][ T30] task:syz.1.8968 state:D stack:24672 pid:2478 tgid:2478 ppid:16434 flags:0x00004004 [ 1120.051820][ T30] Call Trace: [ 1120.051831][ T30] [ 1120.051847][ T30] __schedule+0x17ae/0x4a10 [ 1120.051913][ T30] ? __pfx___schedule+0x10/0x10 [ 1120.051955][ T30] ? __pfx_lock_release+0x10/0x10 [ 1120.052008][ T30] ? schedule+0x90/0x320 [ 1120.052043][ T30] schedule+0x14b/0x320 [ 1120.052083][ T30] schedule_timeout+0xb0/0x310 [ 1120.052117][ T30] ? __pfx_schedule_timeout+0x10/0x10 [ 1120.052149][ T30] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 1120.052195][ T30] ? wait_for_completion+0x2fe/0x620 [ 1120.052221][ T30] ? wait_for_completion+0x2fe/0x620 [ 1120.052244][ T30] ? _raw_spin_unlock_irq+0x23/0x50 [ 1120.052279][ T30] ? lockdep_hardirqs_on+0x99/0x150 [ 1120.052305][ T30] ? wait_for_completion+0x2fe/0x620 [ 1120.052332][ T30] wait_for_completion+0x355/0x620 [ 1120.052377][ T30] ? __pfx_wait_for_completion+0x10/0x10 [ 1120.052413][ T30] ? __init_swait_queue_head+0xae/0x150 [ 1120.052458][ T30] __synchronize_srcu+0x357/0x400 [ 1120.052496][ T30] ? __pfx___synchronize_srcu+0x10/0x10 [ 1120.052529][ T30] ? __pfx_wakeme_after_rcu+0x10/0x10 [ 1120.052575][ T30] ? ktime_get_mono_fast_ns+0x303/0x320 [ 1120.052613][ T30] ? synchronize_srcu+0x2c3/0x2e0 [ 1120.052649][ T30] mmu_notifier_unregister+0x2ca/0x3c0 [ 1120.052679][ T30] ? mmu_notifier_unregister+0xab/0x3c0 [ 1120.052712][ T30] kvm_put_kvm+0xca1/0x1300 [ 1120.052751][ T30] kvm_vm_release+0x46/0x50 [ 1120.052777][ T30] ? __pfx_kvm_vm_release+0x10/0x10 [ 1120.052802][ T30] __fput+0x24a/0x8a0 [ 1120.052848][ T30] task_work_run+0x24f/0x310 [ 1120.052884][ T30] ? __pfx_task_work_run+0x10/0x10 [ 1120.052916][ T30] ? syscall_exit_to_user_mode+0xa3/0x370 [ 1120.052948][ T30] syscall_exit_to_user_mode+0x168/0x370 [ 1120.052981][ T30] do_syscall_64+0x100/0x230 [ 1120.053009][ T30] ? clear_bhb_loop+0x35/0x90 [ 1120.053045][ T30] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1120.053075][ T30] RIP: 0033:0x7f7d6d57def9 [ 1120.053096][ T30] RSP: 002b:00007ffc458d8548 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 1120.053123][ T30] RAX: 0000000000000000 RBX: 00007f7d6d737a80 RCX: 00007f7d6d57def9 [ 1120.053141][ T30] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 1120.053158][ T30] RBP: 00007f7d6d737a80 R08: 00007f7d6d722000 R09: 00007ffc458d883f [ 1120.053178][ T30] R10: 00000000005fc2cc R11: 0000000000000246 R12: 00000000000ea751 [ 1120.053196][ T30] R13: 00007ffc458d8650 R14: 0000000000000032 R15: ffffffffffffffff [ 1120.053236][ T30] [ 1120.053249][ T30] INFO: task syz.0.8971:2493 blocked for more than 143 seconds. [ 1120.053266][ T30] Not tainted 6.11.0-rc7-syzkaller-00020-g8d8d276ba2fb #0 [ 1120.053282][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1120.053294][ T30] task:syz.0.8971 state:D stack:25952 pid:2493 tgid:2492 ppid:30170 flags:0x00004004 [ 1120.053338][ T30] Call Trace: [ 1120.053348][ T30] [ 1120.053365][ T30] __schedule+0x17ae/0x4a10 [ 1120.053434][ T30] ? __pfx___schedule+0x10/0x10 [ 1120.053477][ T30] ? __pfx_lock_release+0x10/0x10 [ 1120.053530][ T30] ? schedule+0x90/0x320 [ 1120.053565][ T30] schedule+0x14b/0x320 [ 1120.053604][ T30] schedule_timeout+0xb0/0x310 [ 1120.053638][ T30] ? __pfx_schedule_timeout+0x10/0x10 [ 1120.053670][ T30] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 1120.053716][ T30] ? wait_for_completion+0x2fe/0x620 [ 1120.053742][ T30] ? wait_for_completion+0x2fe/0x620 [ 1120.053766][ T30] ? _raw_spin_unlock_irq+0x23/0x50 [ 1120.053801][ T30] ? lockdep_hardirqs_on+0x99/0x150 [ 1120.053826][ T30] ? wait_for_completion+0x2fe/0x620 [ 1120.053853][ T30] wait_for_completion+0x355/0x620 [ 1120.053898][ T30] ? __pfx_wait_for_completion+0x10/0x10 [ 1120.053933][ T30] ? __init_swait_queue_head+0xae/0x150 [ 1120.053971][ T30] __synchronize_srcu+0x357/0x400 [ 1120.054007][ T30] ? __pfx___synchronize_srcu+0x10/0x10 [ 1120.054039][ T30] ? __pfx_wakeme_after_rcu+0x10/0x10 [ 1120.054086][ T30] ? kvm_io_bus_register_dev+0x13f/0x570 [ 1120.054120][ T30] ? kvm_io_bus_register_dev+0x13f/0x570 [ 1120.054154][ T30] ? rcu_is_watching+0x15/0xb0 [ 1120.054188][ T30] ? kvm_io_bus_register_dev+0x13f/0x570 [ 1120.054221][ T30] ? kvm_io_bus_register_dev+0x13f/0x570 [ 1120.054255][ T30] ? trace_kmalloc+0x1f/0xd0 [ 1120.054296][ T30] kvm_io_bus_register_dev+0x41c/0x570 [ 1120.054339][ T30] ? __raw_spin_lock_init+0x45/0x100 [ 1120.054373][ T30] kvm_pic_init+0x1ad/0x2f0 [ 1120.054403][ T30] kvm_arch_vm_ioctl+0x11b7/0x17b0 [ 1120.054434][ T30] ? mark_lock+0x9a/0x350 [ 1120.054472][ T30] ? __pfx_kvm_arch_vm_ioctl+0x10/0x10 [ 1120.054497][ T30] ? __lock_acquire+0x137a/0x2040 [ 1120.054568][ T30] ? __pfx_lock_acquire+0x10/0x10 [ 1120.054603][ T30] ? is_bpf_text_address+0x26/0x2a0 [ 1120.054640][ T30] ? __pfx_lock_release+0x10/0x10 [ 1120.054676][ T30] ? deref_stack_reg+0x1c7/0x260 [ 1120.054722][ T30] ? 0xffffffffa0000958 [ 1120.054745][ T30] ? 0xffffffffa0000958 [ 1120.054768][ T30] ? is_bpf_text_address+0x285/0x2a0 [ 1120.054801][ T30] ? is_bpf_text_address+0x26/0x2a0 [ 1120.054837][ T30] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 1120.054871][ T30] ? kernel_text_address+0xa7/0xe0 [ 1120.054900][ T30] ? __kernel_text_address+0xd/0x40 [ 1120.054926][ T30] ? unwind_get_return_address+0x91/0xc0 [ 1120.054961][ T30] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1120.054993][ T30] ? arch_stack_walk+0x16d/0x1b0 [ 1120.055036][ T30] ? stack_trace_save+0x118/0x1d0 [ 1120.055071][ T30] ? __pfx_stack_trace_save+0x10/0x10 [ 1120.055110][ T30] ? stack_depot_save_flags+0x29/0x830 [ 1120.055147][ T30] ? kasan_save_track+0x51/0x80 [ 1120.055173][ T30] ? kasan_save_track+0x3f/0x80 [ 1120.055197][ T30] ? kasan_save_free_info+0x40/0x50 [ 1120.055231][ T30] ? poison_slab_object+0xe0/0x150 [ 1120.055258][ T30] ? __kasan_slab_free+0x37/0x60 [ 1120.055284][ T30] ? kfree+0x149/0x360 [ 1120.055314][ T30] ? tomoyo_path_number_perm+0x68d/0x880 [ 1120.055341][ T30] ? security_file_ioctl+0x75/0xb0 [ 1120.055371][ T30] ? __se_sys_ioctl+0x47/0x170 [ 1120.055402][ T30] ? do_syscall_64+0xf3/0x230 [ 1120.055448][ T30] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1120.055485][ T30] ? do_vfs_ioctl+0xf0e/0x2e50 [ 1120.055532][ T30] kvm_vm_ioctl+0x84c/0xd30 [ 1120.055566][ T30] ? __pfx_kvm_vm_ioctl+0x10/0x10 [ 1120.055602][ T30] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 1120.055638][ T30] ? tomoyo_path_number_perm+0x208/0x880 [ 1120.055669][ T30] ? __pfx_lock_release+0x10/0x10 [ 1120.055715][ T30] ? kfree+0x149/0x360 [ 1120.055753][ T30] ? tomoyo_path_number_perm+0x71a/0x880 [ 1120.055790][ T30] ? tomoyo_path_number_perm+0x208/0x880 [ 1120.055820][ T30] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 1120.055883][ T30] ? smack_file_ioctl+0x356/0x3a0 [ 1120.055915][ T30] ? __pfx_smack_file_ioctl+0x10/0x10 [ 1120.055949][ T30] ? __fget_files+0x29/0x470 [ 1120.055978][ T30] ? __fget_files+0x3f6/0x470 [ 1120.056001][ T30] ? __fget_files+0x29/0x470 [ 1120.056033][ T30] ? bpf_lsm_file_ioctl+0x9/0x10 [ 1120.056067][ T30] ? security_file_ioctl+0x87/0xb0 [ 1120.056097][ T30] ? __pfx_kvm_vm_ioctl+0x10/0x10 [ 1120.056126][ T30] __se_sys_ioctl+0xfc/0x170 [ 1120.056165][ T30] do_syscall_64+0xf3/0x230 [ 1120.056194][ T30] ? clear_bhb_loop+0x35/0x90 [ 1120.056229][ T30] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1120.056259][ T30] RIP: 0033:0x7f617d37def9 [ 1120.056280][ T30] RSP: 002b:00007f617cdff038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1120.076649][ T30] RAX: ffffffffffffffda RBX: 00007f617d535f80 RCX: 00007f617d37def9 [ 1120.076684][ T30] RDX: 0000000000000000 RSI: 000000000000ae60 RDI: 0000000000000004 [ 1120.076702][ T30] RBP: 00007f617d3f09f6 R08: 0000000000000000 R09: 0000000000000000 [ 1120.076721][ T30] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1120.076738][ T30] R13: 0000000000000000 R14: 00007f617d535f80 R15: 00007ffebe6fff88 [ 1120.076779][ T30] [ 1120.076791][ T30] Future hung task reports are suppressed, see sysctl kernel.hung_task_warnings [ 1120.076805][ T30] INFO: task syz.0.8971:2496 blocked for more than 143 seconds. [ 1120.076826][ T30] Not tainted 6.11.0-rc7-syzkaller-00020-g8d8d276ba2fb #0 [ 1120.076842][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1120.076856][ T30] task:syz.0.8971 state:D stack:26864 pid:2496 tgid:2492 ppid:30170 flags:0x00000004 [ 1120.076903][ T30] Call Trace: [ 1120.076913][ T30] [ 1120.076931][ T30] __schedule+0x17ae/0x4a10 [ 1120.077001][ T30] ? __pfx___schedule+0x10/0x10 [ 1120.077043][ T30] ? __pfx_lock_release+0x10/0x10 [ 1120.077080][ T30] ? __mutex_trylock_common+0x92/0x2e0 [ 1120.077120][ T30] ? schedule+0x90/0x320 [ 1120.077156][ T30] schedule+0x14b/0x320 [ 1120.077196][ T30] schedule_preempt_disabled+0x13/0x30 [ 1120.077232][ T30] __mutex_lock+0x6a4/0xd70 [ 1120.077265][ T30] ? __mutex_lock+0x527/0xd70 [ 1120.077295][ T30] ? kvm_arch_vm_ioctl+0xd67/0x17b0 [ 1120.077323][ T30] ? __pfx___mutex_lock+0x10/0x10 [ 1120.077360][ T30] ? __might_fault+0xc6/0x120 [ 1120.077398][ T30] kvm_arch_vm_ioctl+0xd67/0x17b0 [ 1120.077429][ T30] ? mark_lock+0x9a/0x350 [ 1120.077467][ T30] ? __pfx_kvm_arch_vm_ioctl+0x10/0x10 [ 1120.077493][ T30] ? __lock_acquire+0x137a/0x2040 [ 1120.077563][ T30] ? __pfx_lock_acquire+0x10/0x10 [ 1120.077598][ T30] ? is_bpf_text_address+0x26/0x2a0 [ 1120.077634][ T30] ? __pfx_lock_release+0x10/0x10 [ 1120.077670][ T30] ? deref_stack_reg+0x1c7/0x260 [ 1120.077716][ T30] ? 0xffffffffa0000958 [ 1120.077739][ T30] ? 0xffffffffa0000958 [ 1120.077763][ T30] ? is_bpf_text_address+0x285/0x2a0 [ 1120.077795][ T30] ? is_bpf_text_address+0x26/0x2a0 [ 1120.077831][ T30] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 1120.077864][ T30] ? kernel_text_address+0xa7/0xe0 [ 1120.077894][ T30] ? __kernel_text_address+0xd/0x40 [ 1120.077920][ T30] ? unwind_get_return_address+0x91/0xc0 [ 1120.077955][ T30] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1120.077989][ T30] ? arch_stack_walk+0x16d/0x1b0 [ 1120.078032][ T30] ? stack_trace_save+0x118/0x1d0 [ 1120.078066][ T30] ? __pfx_stack_trace_save+0x10/0x10 [ 1120.078105][ T30] ? stack_depot_save_flags+0x29/0x830 [ 1120.078142][ T30] ? kasan_save_track+0x51/0x80 [ 1120.078167][ T30] ? kasan_save_track+0x3f/0x80 [ 1120.078192][ T30] ? kasan_save_free_info+0x40/0x50 [ 1120.078226][ T30] ? poison_slab_object+0xe0/0x150 [ 1120.078253][ T30] ? __kasan_slab_free+0x37/0x60 [ 1120.078278][ T30] ? kfree+0x149/0x360 [ 1120.078307][ T30] ? tomoyo_path_number_perm+0x68d/0x880 [ 1120.078335][ T30] ? security_file_ioctl+0x75/0xb0 [ 1120.078366][ T30] ? __se_sys_ioctl+0x47/0x170 [ 1120.078397][ T30] ? do_syscall_64+0xf3/0x230 [ 1120.078429][ T30] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1120.078465][ T30] ? do_vfs_ioctl+0xf0e/0x2e50 [ 1120.078512][ T30] kvm_vm_ioctl+0x84c/0xd30 [ 1120.078546][ T30] ? __pfx_kvm_vm_ioctl+0x10/0x10 [ 1120.078580][ T30] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 1120.078616][ T30] ? tomoyo_path_number_perm+0x208/0x880 [ 1120.078645][ T30] ? __pfx_lock_release+0x10/0x10 [ 1120.078692][ T30] ? kfree+0x149/0x360 [ 1120.078729][ T30] ? tomoyo_path_number_perm+0x71a/0x880 [ 1120.078766][ T30] ? tomoyo_path_number_perm+0x208/0x880 [ 1120.078797][ T30] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 1120.078860][ T30] ? smack_file_ioctl+0x356/0x3a0 [ 1120.078891][ T30] ? __pfx_smack_file_ioctl+0x10/0x10 [ 1120.078926][ T30] ? __fget_files+0x29/0x470 [ 1120.078953][ T30] ? __fget_files+0x3f6/0x470 [ 1120.078977][ T30] ? __fget_files+0x29/0x470 [ 1120.079009][ T30] ? bpf_lsm_file_ioctl+0x9/0x10 [ 1120.079044][ T30] ? security_file_ioctl+0x87/0xb0 [ 1120.079074][ T30] ? __pfx_kvm_vm_ioctl+0x10/0x10 [ 1120.079103][ T30] __se_sys_ioctl+0xfc/0x170 [ 1120.079142][ T30] do_syscall_64+0xf3/0x230 [ 1120.079170][ T30] ? clear_bhb_loop+0x35/0x90 [ 1120.079206][ T30] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1120.079235][ T30] RIP: 0033:0x7f617d37def9 [ 1120.079257][ T30] RSP: 002b:00007f617cdde038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1120.079285][ T30] RAX: ffffffffffffffda RBX: 00007f617d536058 RCX: 00007f617d37def9 [ 1120.079306][ T30] RDX: 0000000020000040 RSI: 000000004040ae77 RDI: 0000000000000004 [ 1120.079323][ T30] RBP: 00007f617d3f09f6 R08: 0000000000000000 R09: 0000000000000000 [ 1120.079341][ T30] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1120.079358][ T30] R13: 0000000000000001 R14: 00007f617d536058 R15: 00007ffebe6fff88 [ 1120.079397][ T30] [ 1120.079408][ T30] Future hung task reports are suppressed, see sysctl kernel.hung_task_warnings [ 1120.079429][ T30] INFO: task syz-executor:2499 blocked for more than 143 seconds. [ 1120.079448][ T30] Not tainted 6.11.0-rc7-syzkaller-00020-g8d8d276ba2fb #0 [ 1120.079464][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1120.079476][ T30] task:syz-executor state:D stack:24992 pid:2499 tgid:2499 ppid:1 flags:0x00000004 [ 1120.079519][ T30] Call Trace: [ 1120.079529][ T30] [ 1120.079546][ T30] __schedule+0x17ae/0x4a10 [ 1120.079611][ T30] ? __pfx___schedule+0x10/0x10 [ 1120.079652][ T30] ? __pfx_lock_release+0x10/0x10 [ 1120.079689][ T30] ? __mutex_trylock_common+0x92/0x2e0 [ 1120.079730][ T30] ? schedule+0x90/0x320 [ 1120.079765][ T30] schedule+0x14b/0x320 [ 1120.079805][ T30] schedule_preempt_disabled+0x13/0x30 [ 1120.079842][ T30] __mutex_lock+0x6a4/0xd70 [ 1120.079874][ T30] ? __mutex_lock+0x527/0xd70 [ 1120.079904][ T30] ? rtnetlink_rcv_msg+0x6e6/0xcf0 [ 1120.079933][ T30] ? __pfx___mutex_lock+0x10/0x10 [ 1120.079981][ T30] rtnetlink_rcv_msg+0x6e6/0xcf0 [ 1120.080006][ T30] ? rtnetlink_rcv_msg+0x1a7/0xcf0 [ 1120.080033][ T30] ? __lock_acquire+0x137a/0x2040 [ 1120.080069][ T30] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 1120.080117][ T30] netlink_rcv_skb+0x1e3/0x430 [ 1120.080147][ T30] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 1120.080176][ T30] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1120.080232][ T30] ? netlink_deliver_tap+0x2e/0x1b0 [ 1120.080264][ T30] netlink_unicast+0x7f6/0x990 [ 1120.080313][ T30] ? __pfx_netlink_unicast+0x10/0x10 [ 1120.080347][ T30] ? __virt_addr_valid+0x183/0x530 [ 1120.080377][ T30] ? __check_object_size+0x49c/0x900 [ 1120.080406][ T30] ? bpf_lsm_netlink_send+0x9/0x10 [ 1120.080456][ T30] netlink_sendmsg+0x8e4/0xcb0 [ 1120.080500][ T30] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1120.080538][ T30] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 1120.080570][ T30] ? security_socket_sendmsg+0x87/0xb0 [ 1120.080602][ T30] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1120.080628][ T30] __sock_sendmsg+0x221/0x270 [ 1120.080659][ T30] __sys_sendto+0x3a4/0x4f0 [ 1120.080697][ T30] ? __pfx___sys_sendto+0x10/0x10 [ 1120.080761][ T30] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 1120.080799][ T30] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 1120.080835][ T30] ? exc_page_fault+0x590/0x8c0 [ 1120.080863][ T30] __x64_sys_sendto+0xde/0x100 [ 1120.080898][ T30] do_syscall_64+0xf3/0x230 [ 1120.080927][ T30] ? clear_bhb_loop+0x35/0x90 [ 1120.080962][ T30] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1120.080992][ T30] RIP: 0033:0x7f285237fd8c [ 1120.081013][ T30] RSP: 002b:00007ffe6f013ce0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 1120.081041][ T30] RAX: ffffffffffffffda RBX: 00007f2853064620 RCX: 00007f285237fd8c [ 1120.081061][ T30] RDX: 0000000000000028 RSI: 00007f2853064670 RDI: 0000000000000003 [ 1120.081079][ T30] RBP: 0000000000000000 R08: 00007ffe6f013d34 R09: 000000000000000c [ 1120.081097][ T30] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003 [ 1120.081114][ T30] R13: 0000000000000000 R14: 00007f2853064670 R15: 0000000000000000 [ 1120.081153][ T30] [ 1120.081164][ T30] Future hung task reports are suppressed, see sysctl kernel.hung_task_warnings [ 1120.081177][ T30] INFO: task syz-executor:2506 blocked for more than 143 seconds. [ 1120.081195][ T30] Not tainted 6.11.0-rc7-syzkaller-00020-g8d8d276ba2fb #0 [ 1120.081211][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1120.081223][ T30] task:syz-executor state:D stack:24992 pid:2506 tgid:2506 ppid:1 flags:0x00000004 [ 1120.081263][ T30] Call Trace: [ 1120.081273][ T30] [ 1120.081290][ T30] __schedule+0x17ae/0x4a10 [ 1120.081354][ T30] ? __pfx___schedule+0x10/0x10 [ 1120.081395][ T30] ? __pfx_lock_release+0x10/0x10 [ 1120.081438][ T30] ? __mutex_trylock_common+0x92/0x2e0 [ 1120.081480][ T30] ? schedule+0x90/0x320 [ 1120.081515][ T30] schedule+0x14b/0x320 [ 1120.081554][ T30] schedule_preempt_disabled+0x13/0x30 [ 1120.081591][ T30] __mutex_lock+0x6a4/0xd70 [ 1120.081623][ T30] ? __mutex_lock+0x527/0xd70 [ 1120.081653][ T30] ? rtnetlink_rcv_msg+0x6e6/0xcf0 [ 1120.081681][ T30] ? __pfx___mutex_lock+0x10/0x10 [ 1120.081730][ T30] rtnetlink_rcv_msg+0x6e6/0xcf0 [ 1120.081754][ T30] ? rtnetlink_rcv_msg+0x1a7/0xcf0 [ 1120.081781][ T30] ? __lock_acquire+0x137a/0x2040 [ 1120.081818][ T30] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 1120.081865][ T30] netlink_rcv_skb+0x1e3/0x430 [ 1120.081894][ T30] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 1120.081923][ T30] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1120.081979][ T30] ? netlink_deliver_tap+0x2e/0x1b0 [ 1120.082011][ T30] netlink_unicast+0x7f6/0x990 [ 1120.082059][ T30] ? __pfx_netlink_unicast+0x10/0x10 [ 1120.082093][ T30] ? __virt_addr_valid+0x183/0x530 [ 1120.082122][ T30] ? __check_object_size+0x49c/0x900 [ 1120.082151][ T30] ? bpf_lsm_netlink_send+0x9/0x10 [ 1120.082186][ T30] netlink_sendmsg+0x8e4/0xcb0 [ 1120.082229][ T30] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1120.082268][ T30] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 1120.082300][ T30] ? security_socket_sendmsg+0x87/0xb0 [ 1120.082331][ T30] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1120.082358][ T30] __sock_sendmsg+0x221/0x270 [ 1120.082405][ T30] __sys_sendto+0x3a4/0x4f0 [ 1120.082449][ T30] ? __pfx___sys_sendto+0x10/0x10 [ 1120.082512][ T30] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 1120.082550][ T30] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 1120.082586][ T30] ? exc_page_fault+0x590/0x8c0 [ 1120.082615][ T30] __x64_sys_sendto+0xde/0x100 [ 1120.082651][ T30] do_syscall_64+0xf3/0x230 [ 1120.082680][ T30] ? clear_bhb_loop+0x35/0x90 [ 1120.082715][ T30] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1120.082745][ T30] RIP: 0033:0x7fb51cd7fd8c [ 1120.082767][ T30] RSP: 002b:00007ffcaab90570 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 1120.082794][ T30] RAX: ffffffffffffffda RBX: 00007fb51da64620 RCX: 00007fb51cd7fd8c [ 1120.082813][ T30] RDX: 0000000000000028 RSI: 00007fb51da64670 RDI: 0000000000000003 [ 1120.082830][ T30] RBP: 0000000000000000 R08: 00007ffcaab905c4 R09: 000000000000000c [ 1120.082848][ T30] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003 [ 1120.082865][ T30] R13: 0000000000000000 R14: 00007fb51da64670 R15: 0000000000000000 [ 1120.082904][ T30] [ 1120.082915][ T30] Future hung task reports are suppressed, see sysctl kernel.hung_task_warnings [ 1120.082948][ T30] [ 1120.082948][ T30] Showing all locks held in the system: [ 1120.082962][ T30] 3 locks held by kworker/u8:0/11: [ 1120.082978][ T30] #0: ffff88801a889148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 1120.083053][ T30] #1: ffffc90000107d00 ((linkwatch_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 1120.083125][ T30] #2: ffffffff8fa79e08 (rtnl_mutex){+.+.}-{3:3}, at: linkwatch_event+0xe/0x60 [ 1120.083194][ T30] 3 locks held by kworker/1:0/25: [ 1120.083209][ T30] #0: ffff88801a881948 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 1120.083282][ T30] #1: ffffc900001f7d00 ((reg_check_chans).work){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 1120.083355][ T30] #2: ffffffff8fa79e08 (rtnl_mutex){+.+.}-{3:3}, at: reg_check_chans_work+0x99/0xfd0 [ 1120.083438][ T30] 1 lock held by khungtaskd/30: [ 1120.083454][ T30] #0: ffffffff8e738320 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x55/0x2a0 [ 1120.083531][ T30] 3 locks held by kworker/u8:2/35: [ 1120.083546][ T30] #0: ffff88801a889148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 1120.083619][ T30] #1: ffffc90000ab7d00 ((work_completion)(&rdev->wiphy_work)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 1120.083692][ T30] #2: ffff888071f68768 (&rdev->wiphy.mtx){+.+.}-{3:3}, at: cfg80211_wiphy_work+0xd9/0x490 [ 1120.083768][ T30] 3 locks held by kworker/u8:3/53: [ 1120.083783][ T30] #0: ffff88802fed3148 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 1120.083856][ T30] #1: ffffc90000bd7d00 ((work_completion)(&(&net->ipv6.addr_chk_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 1120.083930][ T30] #2: ffffffff8fa79e08 (rtnl_mutex){+.+.}-{3:3}, at: addrconf_verify_work+0x19/0x30 [ 1120.083995][ T30] 4 locks held by kworker/u9:0/55: [ 1120.084011][ T30] #0: ffff888023e53948 ((wq_completion)hci8#2){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 1120.084090][ T30] #1: ffffc90000bf7d00 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 1120.084162][ T30] #2: ffff88802473c078 (&hdev->lock){+.+.}-{3:3}, at: hci_remote_features_evt+0x97/0xaf0 [ 1120.084235][ T30] #3: ffffffff8fbe5928 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_remote_features_evt+0x4c3/0xaf0 [ 1120.084318][ T30] 5 locks held by kworker/0:2/943: [ 1120.084337][ T30] 3 locks held by kworker/u8:6/1105: [ 1120.084353][ T30] #0: ffff88801a889148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 1120.084433][ T30] #1: ffffc900040e7d00 ((work_completion)(&rdev->wiphy_work)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 1120.084506][ T30] #2: ffff888068370768 (&rdev->wiphy.mtx){+.+.}-{3:3}, at: cfg80211_wiphy_work+0xd9/0x490 [ 1120.084600][ T30] 2 locks held by getty/4983: [ 1120.084615][ T30] #0: ffff8880305720a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 1120.084689][ T30] #1: ffffc90002f062f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x6ac/0x1e00 [ 1120.084757][ T30] 4 locks held by kworker/u9:2/5229: [ 1120.084773][ T30] #0: ffff888032381948 ((wq_completion)hci9#2){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 1120.084853][ T30] #1: ffffc90003a0fd00 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 1120.084925][ T30] #2: ffff888059550078 (&hdev->lock){+.+.}-{3:3}, at: hci_remote_features_evt+0x97/0xaf0 [ 1120.084997][ T30] #3: ffffffff8fbe5928 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_remote_features_evt+0x4c3/0xaf0 [ 1120.085072][ T30] 3 locks held by kworker/1:6/5333: [ 1120.085088][ T30] #0: ffff88801a880948 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 1120.085161][ T30] #1: ffffc90004277d00 (deferred_process_work){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 1120.085233][ T30] #2: ffffffff8fa79e08 (rtnl_mutex){+.+.}-{3:3}, at: switchdev_deferred_process_work+0xe/0x20 [ 1120.085305][ T30] 1 lock held by syz.4.3402/13150: [ 1120.085322][ T30] 5 locks held by kworker/u8:1/14350: [ 1120.085338][ T30] #0: ffff88801b6e3148 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 1120.085409][ T30] #1: ffffc900047e7d00 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 1120.085511][ T30] #2: ffffffff8fa6d250 (pernet_ops_rwsem){++++}-{3:3}, at: cleanup_net+0x16a/0xcc0 [ 1120.085579][ T30] #3: ffffffff8fa79e08 (rtnl_mutex){+.+.}-{3:3}, at: cleanup_net+0x6af/0xcc0 [ 1120.085644][ T30] #4: ffffffff8e73d6f8 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x381/0x830 [ 1120.085728][ T30] 4 locks held by kworker/u9:1/21981: [ 1120.085744][ T30] #0: ffff88807ceb3948 ((wq_completion)hci12#2){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 1120.085823][ T30] #1: ffffc9000b4ffd00 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 1120.085895][ T30] #2: ffff888031bc4078 (&hdev->lock){+.+.}-{3:3}, at: hci_remote_features_evt+0x97/0xaf0 [ 1120.085968][ T30] #3: ffffffff8fbe5928 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_remote_features_evt+0x4c3/0xaf0 [ 1120.086041][ T30] 3 locks held by kworker/u8:7/23875: [ 1120.086057][ T30] #0: ffff88801a889148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 1120.086130][ T30] #1: ffffc9000a237d00 ((work_completion)(&rdev->wiphy_work)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 1120.086202][ T30] #2: ffff888071480768 (&rdev->wiphy.mtx){+.+.}-{3:3}, at: cfg80211_wiphy_work+0xd9/0x490 [ 1120.086275][ T30] 3 locks held by kworker/u8:9/23901: [ 1120.086291][ T30] #0: ffff88801a889148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 1120.115661][ T30] #1: ffffc90009857d00 ((work_completion)(&rdev->wiphy_work)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 1120.115738][ T30] #2: ffff8880790b8768 (&rdev->wiphy.mtx){+.+.}-{3:3}, at: cfg80211_wiphy_work+0xd9/0x490 [ 1120.115816][ T30] 8 locks held by kworker/0:4/26681: [ 1120.115834][ T30] 4 locks held by syz-executor/30170: [ 1120.115850][ T30] #0: ffff88805fc48d80 (&hdev->req_lock){+.+.}-{3:3}, at: hci_unregister_dev+0x203/0x510 [ 1120.115924][ T30] #1: ffff88805fc48078 (&hdev->lock){+.+.}-{3:3}, at: hci_dev_close_sync+0x572/0x11a0 [ 1120.115998][ T30] #2: ffffffff8fbe5928 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_conn_hash_flush+0xa6/0x240 [ 1120.116067][ T30] #3: ffffffff8e73d6f8 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x451/0x830 [ 1120.116148][ T30] 7 locks held by syz-executor/1178: [ 1120.116163][ T30] #0: ffff88803020a420 (sb_writers#8){.+.+}-{0:0}, at: vfs_write+0x227/0xc90 [ 1120.116243][ T30] #1: ffff88807e505c88 (&of->mutex){+.+.}-{3:3}, at: kernfs_fop_write_iter+0x1eb/0x500 [ 1120.117563][ T30] #2: ffff888028524b48 (kn->active#51){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x20f/0x500 [ 1120.117643][ T30] #3: ffffffff8f314108 (nsim_bus_dev_list_lock){+.+.}-{3:3}, at: new_device_store+0x1b4/0x890 [ 1120.117716][ T30] #4: ffff888012b070e8 (&dev->mutex){....}-{3:3}, at: __device_attach+0x8e/0x520 [ 1120.117784][ T30] #5: ffff888012b05250 (&devlink->lock_key#29){+.+.}-{3:3}, at: nsim_drv_probe+0xcb/0xb80 [ 1120.117867][ T30] #6: ffffffff8fa79e08 (rtnl_mutex){+.+.}-{3:3}, at: register_netdevice_notifier_net+0x1a/0xa0 [ 1120.117937][ T30] 1 lock held by syz-executor/1293: [ 1120.117953][ T30] #0: ffffffff8fa79e08 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6e6/0xcf0 [ 1120.118019][ T30] 1 lock held by syz-executor/1341: [ 1120.118035][ T30] #0: ffffffff8fa79e08 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6e6/0xcf0 [ 1120.118102][ T30] 2 locks held by syz.0.8971/2493: [ 1120.118118][ T30] #0: ffffc90003076b58 (&kvm->lock){+.+.}-{3:3}, at: kvm_arch_vm_ioctl+0x888/0x17b0 [ 1120.118184][ T30] #1: ffffc900030760a8 (&kvm->slots_lock){+.+.}-{3:3}, at: kvm_pic_init+0x193/0x2f0 [ 1120.118251][ T30] 1 lock held by syz.0.8971/2496: [ 1120.118266][ T30] #0: ffffc90003076b58 (&kvm->lock){+.+.}-{3:3}, at: kvm_arch_vm_ioctl+0xd67/0x17b0 [ 1120.118331][ T30] 1 lock held by syz-executor/2499: [ 1120.118347][ T30] #0: ffffffff8fa79e08 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6e6/0xcf0 [ 1120.118418][ T30] 1 lock held by syz-executor/2506: [ 1120.118433][ T30] #0: ffffffff8fa79e08 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6e6/0xcf0 [ 1120.118498][ T30] 1 lock held by syz-executor/2512: [ 1120.118514][ T30] #0: ffffffff8fa79e08 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6e6/0xcf0 [ 1120.118579][ T30] 1 lock held by dhcpcd/2518: [ 1120.118595][ T30] #0: ffff888062ce6258 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x32/0xcb0 [ 1120.118672][ T30] 1 lock held by syz-executor/2520: [ 1120.118688][ T30] #0: ffffffff8fa79e08 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6e6/0xcf0 [ 1120.118754][ T30] 4 locks held by kworker/u9:4/2523: [ 1120.118769][ T30] #0: ffff88802dcea148 ((wq_completion)hci10#2){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 1120.118851][ T30] #1: ffffc9000344fd00 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 1120.118924][ T30] #2: ffff88807b438078 (&hdev->lock){+.+.}-{3:3}, at: hci_remote_features_evt+0x97/0xaf0 [ 1120.118998][ T30] #3: ffffffff8fbe5928 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_remote_features_evt+0x4c3/0xaf0 [ 1120.119072][ T30] 1 lock held by dhcpcd/2527: [ 1120.119087][ T30] #0: ffff88802d116258 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x32/0xcb0 [ 1120.119164][ T30] 1 lock held by syz-executor/2528: [ 1120.119179][ T30] #0: ffffffff8fa79e08 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6e6/0xcf0 [ 1120.119244][ T30] 4 locks held by kworker/u9:5/2530: [ 1120.119260][ T30] #0: ffff88807a2f9148 ((wq_completion)hci11#2){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 1120.119341][ T30] #1: ffffc900033cfd00 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 1120.119419][ T30] #2: ffff888057258078 (&hdev->lock){+.+.}-{3:3}, at: hci_remote_features_evt+0x97/0xaf0 [ 1120.119492][ T30] #3: ffffffff8fbe5928 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_remote_features_evt+0x4c3/0xaf0 [ 1120.119566][ T30] 1 lock held by dhcpcd/2534: [ 1120.119582][ T30] #0: ffff888061336258 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x32/0xcb0 [ 1120.119659][ T30] 1 lock held by syz-executor/2536: [ 1120.119675][ T30] #0: ffffffff8fa79e08 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6e6/0xcf0 [ 1120.119741][ T30] 4 locks held by kworker/u9:6/2540: [ 1120.119757][ T30] #0: ffff888067c35948 ((wq_completion)hci13#2){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 1120.119836][ T30] #1: ffffc90002e4fd00 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 1120.119909][ T30] #2: ffff88807eeec078 (&hdev->lock){+.+.}-{3:3}, at: hci_remote_features_evt+0x97/0xaf0 [ 1120.119982][ T30] #3: ffffffff8fbe5928 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_remote_features_evt+0x4c3/0xaf0 [ 1120.120056][ T30] 1 lock held by syz-executor/2543: [ 1120.120072][ T30] #0: ffffffff8fa79e08 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6e6/0xcf0 [ 1120.120137][ T30] 5 locks held by kworker/u9:7/2545: [ 1120.120153][ T30] #0: ffff88805d3a2148 ((wq_completion)hci3){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 1120.120226][ T30] #1: ffffc90003d3fd00 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 1120.120300][ T30] #2: ffff888067590d80 (&hdev->req_lock){+.+.}-{3:3}, at: hci_cmd_sync_work+0x1ec/0x400 [ 1120.120367][ T30] #3: ffff888067590078 (&hdev->lock){+.+.}-{3:3}, at: hci_abort_conn_sync+0x1ea/0xde0 [ 1120.120446][ T30] #4: ffffffff8fbe5928 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_conn_failed+0x185/0x340 [ 1120.120512][ T30] 1 lock held by syz-executor/2551: [ 1120.120528][ T30] #0: ffffffff8fa79e08 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6e6/0xcf0 [ 1120.120594][ T30] 4 locks held by kworker/u9:8/2553: [ 1120.120609][ T30] #0: ffff88805fc10148 ((wq_completion)hci14#2){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 1120.120690][ T30] #1: ffffc90002dafd00 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 1120.120763][ T30] #2: ffff888034dd8078 (&hdev->lock){+.+.}-{3:3}, at: hci_remote_features_evt+0x97/0xaf0 [ 1120.120836][ T30] #3: ffffffff8fbe5928 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_remote_features_evt+0x4c3/0xaf0 [ 1120.120910][ T30] 5 locks held by kworker/u9:9/2557: [ 1120.120925][ T30] #0: ffff8880317fc948 ((wq_completion)hci1){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 1120.120997][ T30] #1: ffffc900034afd00 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 1120.121070][ T30] #2: ffff888050690d80 (&hdev->req_lock){+.+.}-{3:3}, at: hci_cmd_sync_work+0x1ec/0x400 [ 1120.121136][ T30] #3: ffff888050690078 (&hdev->lock){+.+.}-{3:3}, at: hci_abort_conn_sync+0x1ea/0xde0 [ 1120.121208][ T30] #4: ffffffff8fbe5928 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_conn_failed+0x185/0x340 [ 1120.121274][ T30] 5 locks held by kworker/u9:10/2559: [ 1120.121291][ T30] #0: ffff88807b4b4948 ((wq_completion)hci7){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 1120.121363][ T30] #1: ffffc90000b27d00 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 1120.121443][ T30] #2: ffff88807e86cd80 (&hdev->req_lock){+.+.}-{3:3}, at: hci_cmd_sync_work+0x1ec/0x400 [ 1120.121508][ T30] #3: ffff88807e86c078 (&hdev->lock){+.+.}-{3:3}, at: hci_abort_conn_sync+0x1ea/0xde0 [ 1120.121580][ T30] #4: ffffffff8fbe5928 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_conn_failed+0x185/0x340 [ 1120.121646][ T30] 4 locks held by kworker/u9:11/2560: [ 1120.121662][ T30] #0: ffff888079502148 ((wq_completion)hci15#2){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 1120.121741][ T30] #1: ffffc9000352fd00 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 1120.121813][ T30] #2: ffff88806df40078 (&hdev->lock){+.+.}-{3:3}, at: hci_remote_features_evt+0x97/0xaf0 [ 1120.121886][ T30] #3: ffffffff8fbe5928 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_remote_features_evt+0x4c3/0xaf0 [ 1120.121959][ T30] 1 lock held by syz-executor/2561: [ 1120.121975][ T30] #0: ffffffff8fa79e08 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6e6/0xcf0 [ 1120.122041][ T30] 4 locks held by kworker/u9:12/2564: [ 1120.122056][ T30] #0: ffff888030669148 ((wq_completion)hci16#2){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 1120.122137][ T30] #1: ffffc90003ef7d00 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 1120.122209][ T30] #2: ffff888058888078 (&hdev->lock){+.+.}-{3:3}, at: hci_remote_features_evt+0x97/0xaf0 [ 1120.122281][ T30] #3: ffffffff8fbe5928 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_remote_features_evt+0x4c3/0xaf0 [ 1120.122353][ T30] 1 lock held by syz-executor/2568: [ 1120.122369][ T30] #0: ffffffff8fa79e08 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6e6/0xcf0 [ 1120.122458][ T30] 4 locks held by kworker/u9:13/2571: [ 1120.122474][ T30] #0: ffff88807e891148 ((wq_completion)hci18#2){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 1120.122555][ T30] #1: ffffc90003cb7d00 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 1120.122628][ T30] #2: ffff88806adc8078 (&hdev->lock){+.+.}-{3:3}, at: hci_remote_features_evt+0x97/0xaf0 [ 1120.122701][ T30] #3: ffffffff8fbe5928 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_remote_features_evt+0x4c3/0xaf0 [ 1120.122774][ T30] 1 lock held by syz-executor/2575: [ 1120.122790][ T30] #0: ffffffff8fa79e08 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6e6/0xcf0 [ 1120.122856][ T30] 4 locks held by kworker/u9:14/2577: [ 1120.122872][ T30] #0: ffff8880250fc148 ((wq_completion)hci17#2){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 1120.122951][ T30] #1: ffffc90003f27d00 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 1120.123024][ T30] #2: ffff8880118cc078 (&hdev->lock){+.+.}-{3:3}, at: hci_remote_features_evt+0x97/0xaf0 [ 1120.123097][ T30] #3: ffffffff8fbe5928 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_remote_features_evt+0x4c3/0xaf0 [ 1120.123172][ T30] 1 lock held by syz-executor/2582: [ 1120.123187][ T30] #0: ffffffff8fa79e08 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6e6/0xcf0 [ 1120.123252][ T30] 5 locks held by kworker/u9:15/2583: [ 1120.123268][ T30] #0: ffff888033c12148 ((wq_completion)hci2){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 1120.123341][ T30] #1: ffffc90003f5fd00 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 1120.123421][ T30] #2: ffff88802a6f4d80 (&hdev->req_lock){+.+.}-{3:3}, at: hci_cmd_sync_work+0x1ec/0x400 [ 1120.123488][ T30] #3: ffff88802a6f4078 (&hdev->lock){+.+.}-{3:3}, at: hci_abort_conn_sync+0x1ea/0xde0 [ 1120.123561][ T30] #4: ffffffff8fbe5928 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_conn_failed+0x185/0x340 [ 1120.123630][ T30] [ 1120.123639][ T30] ============================================= [ 1120.123639][ T30] [ 1120.123652][ T30] NMI backtrace for cpu 1 [ 1120.123666][ T30] CPU: 1 UID: 0 PID: 30 Comm: khungtaskd Not tainted 6.11.0-rc7-syzkaller-00020-g8d8d276ba2fb #0 [ 1120.123693][ T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 1120.123709][ T30] Call Trace: [ 1120.123719][ T30] [ 1120.123733][ T30] dump_stack_lvl+0x241/0x360 [ 1120.123766][ T30] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1120.123794][ T30] ? __pfx__printk+0x10/0x10 [ 1120.123816][ T30] ? vprintk_emit+0x667/0x7c0 [ 1120.123845][ T30] ? __pfx_vprintk_emit+0x10/0x10 [ 1120.123878][ T30] nmi_cpu_backtrace+0x49c/0x4d0 [ 1120.123919][ T30] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 1120.123948][ T30] ? _printk+0xd5/0x120 [ 1120.123971][ T30] ? __pfx__printk+0x10/0x10 [ 1120.123996][ T30] ? __wake_up_klogd+0xcc/0x110 [ 1120.124025][ T30] ? __pfx__printk+0x10/0x10 [ 1120.124051][ T30] ? __rcu_read_unlock+0xa1/0x110 [ 1120.124081][ T30] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 1120.124113][ T30] nmi_trigger_cpumask_backtrace+0x198/0x320 [ 1120.124151][ T30] watchdog+0xff4/0x1040 [ 1120.124186][ T30] ? watchdog+0x1ea/0x1040 [ 1120.124228][ T30] ? __pfx_watchdog+0x10/0x10 [ 1120.124262][ T30] kthread+0x2f0/0x390 [ 1120.124297][ T30] ? __pfx_watchdog+0x10/0x10 [ 1120.124330][ T30] ? __pfx_kthread+0x10/0x10 [ 1120.124367][ T30] ret_from_fork+0x4b/0x80 [ 1120.124399][ T30] ? __pfx_kthread+0x10/0x10 [ 1120.124440][ T30] ret_from_fork_asm+0x1a/0x30 [ 1120.124493][ T30] [ 1120.124503][ T30] Sending NMI from CPU 1 to CPUs 0: [ 1120.124534][ C0] NMI backtrace for cpu 0 [ 1120.124548][ C0] CPU: 0 UID: 0 PID: 26681 Comm: kworker/0:4 Not tainted 6.11.0-rc7-syzkaller-00020-g8d8d276ba2fb #0 [ 1120.124570][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 1120.124582][ C0] Workqueue: events request_firmware_work_func [ 1120.124607][ C0] RIP: 0010:__sanitizer_cov_trace_const_cmp8+0x8/0x90 [ 1120.124635][ C0] Code: 44 0a 20 c3 cc cc cc cc 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 4c 8b 04 24 <65> 48 8b 0c 25 c0 d6 03 00 65 8b 05 70 45 70 7e 25 00 01 ff 00 74 [ 1120.124651][ C0] RSP: 0018:ffffc90000006fd8 EFLAGS: 00000046 [ 1120.124679][ C0] RAX: ffffffff877b8c3e RBX: ffffffff877b8c3e RCX: ffff88802dda3c00 [ 1120.124694][ C0] RDX: 0000000000010100 RSI: ffffffff877b8c3e RDI: 0000000000000000 [ 1120.124706][ C0] RBP: ffffc90000007070 R08: ffffffff81378a22 R09: ffffffff814140bf [ 1120.124721][ C0] R10: 0000000000000003 R11: ffff88802dda3c00 R12: ffff88802dda3c00 [ 1120.124734][ C0] R13: ffffffff817f2f30 R14: ffffc900000070c0 R15: ffffc90000006fe0 [ 1120.124748][ C0] FS: 0000000000000000(0000) GS:ffff8880b8800000(0000) knlGS:0000000000000000 [ 1120.124763][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1120.124776][ C0] CR2: 0000001b31113ff8 CR3: 000000000e534000 CR4: 00000000003526f0 [ 1120.124792][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 1120.124803][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 1120.124815][ C0] Call Trace: [ 1120.124821][ C0] [ 1120.124829][ C0] ? nmi_cpu_backtrace+0x3c2/0x4d0 [ 1120.124854][ C0] ? __pfx_lock_acquire+0x10/0x10 [ 1120.124882][ C0] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 1120.124905][ C0] ? nmi_handle+0x2a/0x5a0 [ 1120.124934][ C0] ? nmi_cpu_backtrace_handler+0xc/0x20 [ 1120.124956][ C0] ? nmi_handle+0x14f/0x5a0 [ 1120.124973][ C0] ? nmi_handle+0x2a/0x5a0 [ 1120.124992][ C0] ? __sanitizer_cov_trace_const_cmp8+0x8/0x90 [ 1120.125016][ C0] ? unwind_next_frame+0x50b/0x2a00 [ 1120.125043][ C0] ? default_do_nmi+0x63/0x160 [ 1120.125069][ C0] ? exc_nmi+0x123/0x1f0 [ 1120.125092][ C0] ? end_repeat_nmi+0xf/0x53 [ 1120.125117][ C0] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 1120.125141][ C0] ? dummy_timer+0x7ce/0x45a0 [ 1120.125162][ C0] ? unwind_next_frame+0x196f/0x2a00 [ 1120.125187][ C0] ? arch_stack_walk+0x132/0x1b0 [ 1120.125204][ C0] ? dummy_timer+0x7ce/0x45a0 [ 1120.125224][ C0] ? dummy_timer+0x7ce/0x45a0 [ 1120.125244][ C0] ? __sanitizer_cov_trace_const_cmp8+0x8/0x90 [ 1120.125270][ C0] ? __sanitizer_cov_trace_const_cmp8+0x8/0x90 [ 1120.125298][ C0] ? __sanitizer_cov_trace_const_cmp8+0x8/0x90 [ 1120.125325][ C0] [ 1120.125331][ C0] [ 1120.125337][ C0] arch_stack_walk+0x132/0x1b0 [ 1120.125359][ C0] ? dummy_timer+0x7ce/0x45a0 [ 1120.125383][ C0] stack_trace_save+0x118/0x1d0 [ 1120.125407][ C0] ? __pfx_stack_trace_save+0x10/0x10 [ 1120.125435][ C0] ? debug_check_no_obj_freed+0x561/0x580 [ 1120.125454][ C0] ? do_raw_spin_lock+0x14f/0x370 [ 1120.125475][ C0] ? __pfx_lock_release+0x10/0x10 [ 1120.125502][ C0] kasan_save_track+0x3f/0x80 [ 1120.125520][ C0] ? kasan_save_track+0x3f/0x80 [ 1120.125538][ C0] ? kasan_save_free_info+0x40/0x50 [ 1120.125563][ C0] ? poison_slab_object+0xe0/0x150 [ 1120.125582][ C0] ? __kasan_slab_free+0x37/0x60 [ 1120.125601][ C0] ? kfree+0x149/0x360 [ 1120.125657][ C0] ? dummy_timer+0x7ce/0x45a0 [ 1120.125681][ C0] kasan_save_free_info+0x40/0x50 [ 1120.125707][ C0] poison_slab_object+0xe0/0x150 [ 1120.125728][ C0] __kasan_slab_free+0x37/0x60 [ 1120.125747][ C0] ? dummy_timer+0x7ce/0x45a0 [ 1120.125766][ C0] kfree+0x149/0x360 [ 1120.125791][ C0] dummy_timer+0x7ce/0x45a0 [ 1120.125818][ C0] ? __pfx_lock_release+0x10/0x10 [ 1120.125855][ C0] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 1120.125884][ C0] ? __hrtimer_run_queues+0x477/0xd50 [ 1120.125903][ C0] ? __pfx_lock_release+0x10/0x10 [ 1120.125932][ C0] ? do_raw_spin_unlock+0x13c/0x8b0 [ 1120.125960][ C0] ? __pfx_dummy_timer+0x10/0x10 [ 1120.125985][ C0] ? __pfx_dummy_timer+0x10/0x10 [ 1120.126006][ C0] __hrtimer_run_queues+0x59b/0xd50 [ 1120.126025][ C0] ? ktime_get_update_offsets_now+0x3c/0x250 [ 1120.126062][ C0] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 1120.126089][ C0] hrtimer_interrupt+0x396/0x990 [ 1120.126125][ C0] __sysvec_apic_timer_interrupt+0x110/0x3f0 [ 1120.126156][ C0] sysvec_apic_timer_interrupt+0x52/0xc0 [ 1120.126185][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 1120.126207][ C0] RIP: 0010:pie_calculate_probability+0x3aa/0x820 [ 1120.126234][ C0] Code: 5c d2 dd f7 49 01 dc 49 81 ff cb 9a 3b 00 4c 0f 42 e3 4b 8d 1c 2c 49 be 00 00 00 00 00 fc ff df 48 8b 44 24 28 42 80 3c 30 00 <48> 8b 6c 24 30 74 08 48 89 ef e8 77 f1 41 f8 48 89 5d 00 31 ff 4c [ 1120.126249][ C0] RSP: 0018:ffffc90000007aa0 EFLAGS: 00000246 [ 1120.126264][ C0] RAX: 1ffff1100da703d8 RBX: fffffff0a3da8872 RCX: ffff88802dda3c00