last executing test programs: 1m28.471078419s ago: executing program 2 (id=3): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.controllers\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xa, 0x28011, r0, 0x0) statx(0xffffffffffffff9c, &(0x7f0000001980)='./file0\x00', 0x1000, 0x7ff, 0x0) 1m28.295721395s ago: executing program 2 (id=6): syz_usb_connect(0x0, 0x24, &(0x7f0000000380)=ANY=[@ANYBLOB="120100004b41460860163209ea800102030109021e0001000000000904"], 0x0) r0 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402) ioctl$I2C_RDWR(r0, 0x707, &(0x7f0000000040)={&(0x7f0000000100)=[{0x63, 0x6011, 0x0, 0x0}], 0x1}) 1m26.650817631s ago: executing program 2 (id=13): r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bond_slave_0\x00', 0x0}) ioctl$sock_inet6_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000000)={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x1, r1}) 1m26.255540364s ago: executing program 2 (id=15): r0 = socket(0xa, 0x3, 0x3a) setsockopt$MRT6_ADD_MIF(r0, 0x29, 0xca, &(0x7f0000000000)={0x2, 0x1, 0x0, 0x0, 0x9}, 0xc) setsockopt$MRT6_FLUSH(r0, 0x29, 0xd4, &(0x7f0000000080)=0x9, 0x4) 1m24.546449029s ago: executing program 0 (id=24): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0xc70, 0xf00b, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x64, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x3, 0x0, {0x9, 0x21, 0x4, 0x0, 0x1, {0x22, 0x7}}, {{{0x9, 0x5, 0x81, 0x3, 0x400, 0x0, 0x0, 0x4}}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f00000000c0)={0x2c, &(0x7f00000001c0)={0x40, 0x6, 0x13, {0x13, 0xf, "00030000007a5da01de3bf38b57a31e8f4"}}, 0x0, 0x0, 0x0, 0x0}, 0x0) 1m22.12103738s ago: executing program 0 (id=33): r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r1 = gettid() kcmp$KCMP_EPOLL_TFD(r0, r1, 0x7, 0xffffffffffffffff, 0x0) 1m21.399522885s ago: executing program 0 (id=37): mprotect(&(0x7f00003fd000/0xc00000)=nil, 0xc00000, 0x5) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2) 1m19.667432333s ago: executing program 0 (id=41): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000440), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_WIPHY_NETNS(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000180)=ANY=[@ANYBLOB='H\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="77ba00000000000000001f000000080001"], 0x48}}, 0x0) 1m17.241470589s ago: executing program 0 (id=51): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="0f000000040000000400000012"], 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000740)={{r1}, &(0x7f00000006c0)=0x12, &(0x7f0000000700)=r0}, 0x20) 1m16.723205194s ago: executing program 0 (id=53): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000001000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)={{0x14}, [@NFT_MSG_NEWSET={0x3c, 0x12, 0xa, 0x101, 0x0, 0x0, {0x2}, [@NFTA_SET_NAME={0x9, 0x2, 'syz2\x00'}, @NFTA_SET_KEY_TYPE={0x8}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x8}]}], {0x14}}, 0x64}}, 0x0) 1m10.930509314s ago: executing program 32 (id=15): r0 = socket(0xa, 0x3, 0x3a) setsockopt$MRT6_ADD_MIF(r0, 0x29, 0xca, &(0x7f0000000000)={0x2, 0x1, 0x0, 0x0, 0x9}, 0xc) setsockopt$MRT6_FLUSH(r0, 0x29, 0xd4, &(0x7f0000000080)=0x9, 0x4) 1m1.472293253s ago: executing program 33 (id=53): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000001000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)={{0x14}, [@NFT_MSG_NEWSET={0x3c, 0x12, 0xa, 0x101, 0x0, 0x0, {0x2}, [@NFTA_SET_NAME={0x9, 0x2, 'syz2\x00'}, @NFTA_SET_KEY_TYPE={0x8}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x8}]}], {0x14}}, 0x64}}, 0x0) 42.247564283s ago: executing program 3 (id=135): r0 = socket$inet_mptcp(0x2, 0x1, 0x106) setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000100)={0x1, 0x80000001}, 0x8) close(r0) 41.899744995s ago: executing program 3 (id=138): bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[], 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0xd, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bf8100000000000007080000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018210000", @ANYRES32=r0, @ANYBLOB="0000000002000000b705000008000000850000007000000095"], &(0x7f0000000300)='GPL\x00', 0x8, 0xffc, &(0x7f00000014c0)=""/4092, 0x41000}, 0x94) 41.62763391s ago: executing program 1 (id=139): mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) unlinkat(0xffffffffffffff9c, &(0x7f0000000000)='mnt/encrypted_dir\x00', 0x200) 41.578151411s ago: executing program 3 (id=140): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) msgsnd(0x0, 0x0, 0x0, 0x86b44d61cc44911a) setresuid(0x0, 0xee01, 0x0) 41.262154136s ago: executing program 3 (id=141): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000580), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_CHANNELS_SET(r0, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000640)={&(0x7f00000005c0)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000026000000080007000000000018000180140002007465616d5f736c6176655f30"], 0x34}}, 0x4004080) 41.135653587s ago: executing program 1 (id=142): r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/ip_mr_vif\x00') read$FUSE(r0, &(0x7f0000000040)={0x2020}, 0x2020) pread64(r0, &(0x7f0000002080)=""/23, 0x17, 0x9) 40.910158645s ago: executing program 3 (id=143): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-twofish-3way\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00000000c0)="ad56b699f75b62641d884d2e43ca00f58cd2488900630c7e", 0x18) 40.792294092s ago: executing program 1 (id=144): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000700)=ANY=[@ANYBLOB="b80000001300e9990000000000000000e0000001000000000000000000000000ac1e00010000000000000000000000000000fff90001000002000020"], 0xb8}}, 0x0) sendmsg$nl_xfrm(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000002c0)=ANY=[@ANYBLOB="b80000001300e9990000000000000000e0000001000000000000000000000000ac1e0001000000000000000000000000000000000000000002000010"], 0xb8}}, 0x0) 40.612943424s ago: executing program 3 (id=145): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'\x00', 0x2}) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x4801}) 40.482743758s ago: executing program 1 (id=146): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000940)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x0, 0x0, 0x5a1}, 0x9c) getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f00000002c0)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}}, &(0x7f00000003c0)=0x9c) 40.255659341s ago: executing program 1 (id=147): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x16, 0x0, 0x8400, 0x1}, 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000200)={r0}, 0x4) bpf$MAP_DELETE_ELEM(0x15, &(0x7f0000000400)={r0, 0x0, 0x20000000}, 0x20) 40.009370454s ago: executing program 1 (id=148): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x200, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_X86_SET_MSR_FILTER(r1, 0x4188aec6, &(0x7f0000000a40)={0x1, [{0x2, 0x8, 0x106, &(0x7f0000000040)="a9"}, {0x2, 0x8, 0x2, &(0x7f00000003c0)="a1df4b530fbbb20721b3a5ed8cdb557f61f8e6b2496e14a0e739763fee53d25e3a4305647da04a7d"}, {0x2, 0x0, 0x7ff, 0x0}, {0x1, 0x0, 0x912b, 0x0}, {0x3, 0xfffffde2, 0x3cb3, 0x0}, {0x3, 0x0, 0x3fe, 0x0}, {0x4, 0x0, 0xa, 0x0}, {0x3, 0x0, 0xfffffffe, 0x0}, {0x1, 0x0, 0xb, 0x0}, {0x1, 0x0, 0x5, 0x0}, {0x0, 0x0, 0x9, 0x0}, {0x3, 0x0, 0x7, 0x0}, {0x1, 0x0, 0x0, 0x0}, {0x1, 0x0, 0x7ffffffd, 0x0}, {0x1, 0x0, 0x2, 0x0}, {0x1, 0x0, 0x8001, 0x0}]}) 25.242816633s ago: executing program 34 (id=145): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'\x00', 0x2}) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x4801}) 24.096860112s ago: executing program 35 (id=148): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x200, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_X86_SET_MSR_FILTER(r1, 0x4188aec6, &(0x7f0000000a40)={0x1, [{0x2, 0x8, 0x106, &(0x7f0000000040)="a9"}, {0x2, 0x8, 0x2, &(0x7f00000003c0)="a1df4b530fbbb20721b3a5ed8cdb557f61f8e6b2496e14a0e739763fee53d25e3a4305647da04a7d"}, {0x2, 0x0, 0x7ff, 0x0}, {0x1, 0x0, 0x912b, 0x0}, {0x3, 0xfffffde2, 0x3cb3, 0x0}, {0x3, 0x0, 0x3fe, 0x0}, {0x4, 0x0, 0xa, 0x0}, {0x3, 0x0, 0xfffffffe, 0x0}, {0x1, 0x0, 0xb, 0x0}, {0x1, 0x0, 0x5, 0x0}, {0x0, 0x0, 0x9, 0x0}, {0x3, 0x0, 0x7, 0x0}, {0x1, 0x0, 0x0, 0x0}, {0x1, 0x0, 0x7ffffffd, 0x0}, {0x1, 0x0, 0x2, 0x0}, {0x1, 0x0, 0x8001, 0x0}]}) 17.891641108s ago: executing program 4 (id=156): r0 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0x7) ioctl$VT_DISALLOCATE(r0, 0x8925) 16.85691299s ago: executing program 4 (id=157): userfaultfd(0x80801) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='fdinfo/3\x00') read$eventfd(r0, &(0x7f0000000080), 0x8) 16.667515483s ago: executing program 4 (id=158): r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100), 0x20802, 0x0) ppoll(&(0x7f0000000180)=[{r0, 0x2000}], 0x1, 0x0, 0x0, 0x0) ioctl$TCSETSW2(r0, 0x402c542c, &(0x7f0000000000)={0x9, 0x80000001, 0x5, 0x4, 0x9, "a5a214b0cd5bd3e1110df2c80d0bb38f8f3ef4", 0xa2fa, 0x7}) 15.652300628s ago: executing program 4 (id=159): r0 = openat$smackfs_netlabel(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) preadv(r0, &(0x7f0000001100)=[{&(0x7f0000000040)=""/4096, 0x1000}], 0x1, 0x4, 0x400) preadv(r0, &(0x7f00000017c0)=[{&(0x7f0000001140)=""/241, 0xf1}], 0x1, 0xe, 0x5) 15.487529469s ago: executing program 4 (id=160): r0 = syz_init_net_socket$x25(0x9, 0x5, 0x0) listen(r0, 0x0) ioctl$SIOCX25SFACILITIES(r0, 0x89e3, &(0x7f0000000000)={0x4f, 0xabe, 0x8, 0xa}) 15.321588697s ago: executing program 4 (id=161): r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f0000000440)={'sit0\x00', &(0x7f0000000480)={'syztnl0\x00', 0x0, 0x80, 0x80, 0x6, 0x20000008, {{0x5, 0x4, 0x0, 0x20, 0x14, 0x66, 0x0, 0x80, 0x4, 0x0, @remote, @multicast1}}}}) ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r0, 0x89f3, &(0x7f0000000000)={'syztnl0\x00', &(0x7f0000000040)={'ip_vti0\x00', 0x0, 0x0, 0x700, 0x4000000, 0x2, {{0x5, 0x4, 0x0, 0x16, 0x14, 0xfffd, 0x0, 0x19, 0x4, 0x0, @dev={0xac, 0x14, 0x14, 0x3a}, @multicast2}}}}) 0s ago: executing program 36 (id=161): r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f0000000440)={'sit0\x00', &(0x7f0000000480)={'syztnl0\x00', 0x0, 0x80, 0x80, 0x6, 0x20000008, {{0x5, 0x4, 0x0, 0x20, 0x14, 0x66, 0x0, 0x80, 0x4, 0x0, @remote, @multicast1}}}}) ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r0, 0x89f3, &(0x7f0000000000)={'syztnl0\x00', &(0x7f0000000040)={'ip_vti0\x00', 0x0, 0x0, 0x700, 0x4000000, 0x2, {{0x5, 0x4, 0x0, 0x16, 0x14, 0xfffd, 0x0, 0x19, 0x4, 0x0, @dev={0xac, 0x14, 0x14, 0x3a}, @multicast2}}}}) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.244' (ED25519) to the list of known hosts. [ 80.930947][ T5822] cgroup: Unknown subsys name 'net' [ 81.178048][ T5822] cgroup: Unknown subsys name 'cpuset' [ 81.213563][ T5822] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 83.004484][ T5822] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 86.899178][ T31] cfg80211: failed to load regulatory.db [ 87.173105][ T5839] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 87.190590][ T5839] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 87.201167][ T5839] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 87.212476][ T5839] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 87.215972][ T5839] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 87.231378][ T5842] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 87.242313][ T5842] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 87.253659][ T59] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 87.324460][ T5842] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 87.326190][ T5842] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 87.372340][ T5153] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 87.382877][ T59] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 87.391117][ T59] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 87.394378][ T59] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 87.396420][ T59] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 87.426534][ T5842] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 87.428365][ T5842] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 87.429406][ T5842] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 87.430732][ T5842] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 87.431469][ T5842] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 87.471765][ T59] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 87.482545][ T59] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 87.484471][ T59] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 87.485772][ T59] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 87.489254][ T59] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 88.231334][ T5838] chnl_net:caif_netlink_parms(): no params data found [ 88.505533][ T5846] chnl_net:caif_netlink_parms(): no params data found [ 88.559179][ T5851] chnl_net:caif_netlink_parms(): no params data found [ 88.566700][ T5841] chnl_net:caif_netlink_parms(): no params data found [ 88.577550][ T5845] chnl_net:caif_netlink_parms(): no params data found [ 89.205122][ T5838] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.206128][ T5838] bridge0: port 1(bridge_slave_0) entered disabled state [ 89.206725][ T5838] bridge_slave_0: entered allmulticast mode [ 89.209230][ T5838] bridge_slave_0: entered promiscuous mode [ 89.264201][ T5838] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.264350][ T5838] bridge0: port 2(bridge_slave_1) entered disabled state [ 89.264540][ T5838] bridge_slave_1: entered allmulticast mode [ 89.267001][ T5838] bridge_slave_1: entered promiscuous mode [ 89.294392][ T59] Bluetooth: hci0: command tx timeout [ 89.463879][ T5839] Bluetooth: hci2: command tx timeout [ 89.464006][ T5839] Bluetooth: hci1: command tx timeout [ 89.464193][ T59] Bluetooth: hci4: command tx timeout [ 89.533016][ T59] Bluetooth: hci3: command tx timeout [ 89.856515][ T5846] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.856642][ T5846] bridge0: port 1(bridge_slave_0) entered disabled state [ 89.856756][ T5846] bridge_slave_0: entered allmulticast mode [ 89.858264][ T5846] bridge_slave_0: entered promiscuous mode [ 89.867587][ T5838] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 90.084882][ T5846] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.085083][ T5846] bridge0: port 2(bridge_slave_1) entered disabled state [ 90.085260][ T5846] bridge_slave_1: entered allmulticast mode [ 90.087969][ T5846] bridge_slave_1: entered promiscuous mode [ 90.093515][ T5838] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 90.094206][ T5851] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.094337][ T5851] bridge0: port 1(bridge_slave_0) entered disabled state [ 90.094501][ T5851] bridge_slave_0: entered allmulticast mode [ 90.097035][ T5851] bridge_slave_0: entered promiscuous mode [ 90.100285][ T5841] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.100413][ T5841] bridge0: port 1(bridge_slave_0) entered disabled state [ 90.100567][ T5841] bridge_slave_0: entered allmulticast mode [ 90.107818][ T5841] bridge_slave_0: entered promiscuous mode [ 90.183074][ T5845] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.183222][ T5845] bridge0: port 1(bridge_slave_0) entered disabled state [ 90.183935][ T5845] bridge_slave_0: entered allmulticast mode [ 90.186370][ T5845] bridge_slave_0: entered promiscuous mode [ 90.326462][ T5851] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.326601][ T5851] bridge0: port 2(bridge_slave_1) entered disabled state [ 90.326801][ T5851] bridge_slave_1: entered allmulticast mode [ 90.329233][ T5851] bridge_slave_1: entered promiscuous mode [ 90.330357][ T5841] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.330461][ T5841] bridge0: port 2(bridge_slave_1) entered disabled state [ 90.330569][ T5841] bridge_slave_1: entered allmulticast mode [ 90.332024][ T5841] bridge_slave_1: entered promiscuous mode [ 90.347731][ T5845] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.347862][ T5845] bridge0: port 2(bridge_slave_1) entered disabled state [ 90.348369][ T5845] bridge_slave_1: entered allmulticast mode [ 90.351083][ T5845] bridge_slave_1: entered promiscuous mode [ 90.798335][ T5846] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 90.801456][ T5838] team0: Port device team_slave_0 added [ 90.999831][ T5846] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 91.001753][ T5838] team0: Port device team_slave_1 added [ 91.006153][ T5851] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 91.009600][ T5841] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 91.029640][ T5845] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 91.173949][ T5851] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 91.176123][ T5841] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 91.178216][ T5845] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 91.372948][ T59] Bluetooth: hci0: command tx timeout [ 91.506549][ T5846] team0: Port device team_slave_0 added [ 91.508905][ T5838] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 91.508916][ T5838] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 91.508929][ T5838] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 91.532984][ T5842] Bluetooth: hci1: command tx timeout [ 91.533014][ T5842] Bluetooth: hci2: command tx timeout [ 91.533143][ T59] Bluetooth: hci4: command tx timeout [ 91.614132][ T59] Bluetooth: hci3: command tx timeout [ 91.988193][ T5846] team0: Port device team_slave_1 added [ 91.989055][ T5838] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 91.989068][ T5838] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 91.989084][ T5838] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 91.990766][ T5851] team0: Port device team_slave_0 added [ 91.994572][ T5841] team0: Port device team_slave_0 added [ 92.005162][ T5845] team0: Port device team_slave_0 added [ 92.112209][ T5851] team0: Port device team_slave_1 added [ 92.123187][ T5841] team0: Port device team_slave_1 added [ 92.126019][ T5845] team0: Port device team_slave_1 added [ 92.416986][ T5846] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 92.416997][ T5846] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 92.417010][ T5846] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 92.626150][ T5846] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 92.626165][ T5846] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 92.626188][ T5846] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 92.715184][ T5851] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 92.715199][ T5851] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 92.715222][ T5851] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 92.717724][ T5841] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 92.717736][ T5841] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 92.717757][ T5841] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 92.837305][ T5845] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 92.837319][ T5845] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 92.837333][ T5845] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 92.965843][ T5851] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 92.965860][ T5851] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 92.965882][ T5851] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 92.968376][ T5841] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 92.968388][ T5841] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 92.968401][ T5841] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 92.969955][ T5845] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 92.969966][ T5845] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 92.969985][ T5845] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 92.982289][ T5838] hsr_slave_0: entered promiscuous mode [ 92.984513][ T5838] hsr_slave_1: entered promiscuous mode [ 93.453992][ T59] Bluetooth: hci0: command tx timeout [ 93.482580][ T5846] hsr_slave_0: entered promiscuous mode [ 93.484454][ T5846] hsr_slave_1: entered promiscuous mode [ 93.485389][ T5846] debugfs: 'hsr0' already exists in 'hsr' [ 93.485512][ T5846] Cannot create hsr debugfs directory [ 93.614185][ T5839] Bluetooth: hci2: command tx timeout [ 93.614216][ T5839] Bluetooth: hci1: command tx timeout [ 93.614429][ T59] Bluetooth: hci4: command tx timeout [ 93.693194][ T59] Bluetooth: hci3: command tx timeout [ 93.791406][ T5851] hsr_slave_0: entered promiscuous mode [ 93.792189][ T5851] hsr_slave_1: entered promiscuous mode [ 93.794260][ T5851] debugfs: 'hsr0' already exists in 'hsr' [ 93.794284][ T5851] Cannot create hsr debugfs directory [ 93.803953][ T5841] hsr_slave_0: entered promiscuous mode [ 93.805369][ T5841] hsr_slave_1: entered promiscuous mode [ 93.806309][ T5841] debugfs: 'hsr0' already exists in 'hsr' [ 93.806331][ T5841] Cannot create hsr debugfs directory [ 93.873732][ T5845] hsr_slave_0: entered promiscuous mode [ 93.874525][ T5845] hsr_slave_1: entered promiscuous mode [ 93.875069][ T5845] debugfs: 'hsr0' already exists in 'hsr' [ 93.875091][ T5845] Cannot create hsr debugfs directory [ 95.372601][ T5838] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 95.419969][ T5838] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 95.457876][ T5838] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 95.510790][ T5838] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 95.532925][ T59] Bluetooth: hci0: command tx timeout [ 95.648547][ T5846] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 95.678939][ T5846] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 95.692935][ T5842] Bluetooth: hci1: command tx timeout [ 95.692970][ T5842] Bluetooth: hci2: command tx timeout [ 95.693019][ T59] Bluetooth: hci4: command tx timeout [ 95.734300][ T5846] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 95.773186][ T59] Bluetooth: hci3: command tx timeout [ 95.793057][ T5846] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 95.969239][ T5851] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 95.991103][ T5851] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 96.031708][ T5851] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 96.094414][ T5851] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 96.261529][ T5845] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 96.306718][ T5845] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 96.368819][ T5845] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 96.402347][ T5845] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 96.467831][ T5838] 8021q: adding VLAN 0 to HW filter on device bond0 [ 96.547431][ T5841] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 96.602921][ T5841] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 96.642850][ T5841] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 96.672029][ T5841] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 96.715587][ T5838] 8021q: adding VLAN 0 to HW filter on device team0 [ 96.768591][ T982] bridge0: port 1(bridge_slave_0) entered blocking state [ 96.768788][ T982] bridge0: port 1(bridge_slave_0) entered forwarding state [ 96.827298][ T5846] 8021q: adding VLAN 0 to HW filter on device bond0 [ 96.830522][ T1281] bridge0: port 2(bridge_slave_1) entered blocking state [ 96.832305][ T1281] bridge0: port 2(bridge_slave_1) entered forwarding state [ 96.981299][ T5846] 8021q: adding VLAN 0 to HW filter on device team0 [ 97.036915][ T5851] 8021q: adding VLAN 0 to HW filter on device bond0 [ 97.040020][ T1128] bridge0: port 1(bridge_slave_0) entered blocking state [ 97.040217][ T1128] bridge0: port 1(bridge_slave_0) entered forwarding state [ 97.086335][ T1281] bridge0: port 2(bridge_slave_1) entered blocking state [ 97.086564][ T1281] bridge0: port 2(bridge_slave_1) entered forwarding state [ 97.163820][ T5851] 8021q: adding VLAN 0 to HW filter on device team0 [ 97.220730][ T5845] 8021q: adding VLAN 0 to HW filter on device bond0 [ 97.239998][ T982] bridge0: port 1(bridge_slave_0) entered blocking state [ 97.241184][ T982] bridge0: port 1(bridge_slave_0) entered forwarding state [ 97.317669][ T982] bridge0: port 2(bridge_slave_1) entered blocking state [ 97.318080][ T982] bridge0: port 2(bridge_slave_1) entered forwarding state [ 97.435805][ T5845] 8021q: adding VLAN 0 to HW filter on device team0 [ 97.455687][ T5841] 8021q: adding VLAN 0 to HW filter on device bond0 [ 97.507595][ T1281] bridge0: port 1(bridge_slave_0) entered blocking state [ 97.507820][ T1281] bridge0: port 1(bridge_slave_0) entered forwarding state [ 97.561269][ T67] bridge0: port 2(bridge_slave_1) entered blocking state [ 97.563437][ T67] bridge0: port 2(bridge_slave_1) entered forwarding state [ 97.616573][ T5841] 8021q: adding VLAN 0 to HW filter on device team0 [ 97.678297][ T1281] bridge0: port 1(bridge_slave_0) entered blocking state [ 97.678507][ T1281] bridge0: port 1(bridge_slave_0) entered forwarding state [ 97.685807][ T5838] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 97.759010][ T1281] bridge0: port 2(bridge_slave_1) entered blocking state [ 97.761162][ T1281] bridge0: port 2(bridge_slave_1) entered forwarding state [ 98.026179][ T5846] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 98.172127][ T5838] veth0_vlan: entered promiscuous mode [ 98.268892][ T5838] veth1_vlan: entered promiscuous mode [ 98.368384][ T5851] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 98.415402][ T5846] veth0_vlan: entered promiscuous mode [ 98.484884][ T5846] veth1_vlan: entered promiscuous mode [ 98.489402][ T5838] veth0_macvtap: entered promiscuous mode [ 98.515534][ T5845] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 98.580111][ T5838] veth1_macvtap: entered promiscuous mode [ 98.707029][ T5838] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 98.775175][ T5846] veth0_macvtap: entered promiscuous mode [ 98.779159][ T5838] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 98.887211][ T5846] veth1_macvtap: entered promiscuous mode [ 98.924476][ T1128] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.948529][ T1128] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.971563][ T1128] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.008780][ T1128] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.031662][ T5845] veth0_vlan: entered promiscuous mode [ 99.107127][ T5841] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 99.138916][ T5846] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 99.171670][ T5845] veth1_vlan: entered promiscuous mode [ 99.228416][ T5846] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 99.305900][ T57] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.325827][ T57] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.346274][ T57] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.361615][ T57] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.480541][ T67] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.480566][ T67] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 99.623894][ T5851] veth0_vlan: entered promiscuous mode [ 99.722216][ T982] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.722241][ T982] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 99.741711][ T5845] veth0_macvtap: entered promiscuous mode [ 99.828162][ T5841] veth0_vlan: entered promiscuous mode [ 99.829899][ T5851] veth1_vlan: entered promiscuous mode [ 99.834080][ T5845] veth1_macvtap: entered promiscuous mode [ 99.849398][ T67] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.849418][ T67] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 99.939727][ T5841] veth1_vlan: entered promiscuous mode [ 99.985949][ T67] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.985968][ T67] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 100.018772][ T5845] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 100.077253][ T5845] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 100.135606][ T57] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.160209][ T57] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.180432][ T57] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.185007][ T5851] veth0_macvtap: entered promiscuous mode [ 100.187957][ T57] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.286004][ T5851] veth1_macvtap: entered promiscuous mode [ 100.319903][ T5841] veth0_macvtap: entered promiscuous mode [ 100.449219][ T5841] veth1_macvtap: entered promiscuous mode [ 100.571831][ T5851] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 100.686628][ T5851] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 100.694426][ T5841] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 100.773932][ T1128] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 100.773951][ T1128] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 100.796504][ T5841] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 100.802272][ T1281] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.809773][ T1281] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.821219][ T1281] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.825308][ T1281] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.847689][ T1281] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.872387][ T1281] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.903432][ T1563] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 100.930094][ T1281] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.989143][ T1281] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.014289][ T67] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 101.014309][ T67] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 101.064417][ T1563] usb 3-1: Using ep0 maxpacket: 8 [ 101.072369][ T1563] usb 3-1: config index 0 descriptor too short (expected 30, got 18) [ 101.089303][ T1563] usb 3-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea [ 101.089328][ T1563] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 101.089345][ T1563] usb 3-1: Product: syz [ 101.089357][ T1563] usb 3-1: Manufacturer: syz [ 101.089369][ T1563] usb 3-1: SerialNumber: syz [ 101.161489][ T1563] usb 3-1: config 0 descriptor?? [ 101.179962][ T1563] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state. [ 101.180039][ T1563] usb 3-1: setting power ON [ 101.180479][ T1563] dvb-usb: bulk message failed: -22 (2/0) [ 101.218414][ T1563] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 101.243446][ T1563] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID)) [ 101.243530][ T1563] usb 3-1: media controller created [ 101.299785][ T1563] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 101.382269][ T1563] usb 3-1: selecting invalid altsetting 6 [ 101.382290][ T1563] usb 3-1: digital interface selection failed (-22) [ 101.382304][ T1563] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)' [ 101.397130][ T5956] dvb-usb: bulk message failed: -22 (4/0) [ 101.397151][ T5956] cxusb: i2c read failed [ 101.415053][ T1563] usb 3-1: setting power OFF [ 101.415242][ T1563] dvb-usb: bulk message failed: -22 (2/0) [ 101.415258][ T1563] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected. [ 101.415268][ T1563] (NULL device *): no alternate interface [ 101.575575][ T1563] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected. [ 101.623438][ T1563] usb 3-1: USB disconnect, device number 2 [ 101.758473][ T57] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 101.758489][ T57] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 101.932575][ T57] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 101.932593][ T57] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 102.044228][ T983] usb 4-1: new full-speed USB device number 2 using dummy_hcd [ 102.080663][ T67] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 102.080681][ T67] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 102.177536][ T1281] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 102.177555][ T1281] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 102.206206][ T983] usb 4-1: config 0 has an invalid interface number: 1 but max is 0 [ 102.206231][ T983] usb 4-1: config 0 has no interface number 0 [ 102.206278][ T983] usb 4-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e [ 102.206298][ T983] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 102.219367][ T983] usb 4-1: config 0 descriptor?? [ 102.236938][ T5976] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 102.286373][ T983] usb 4-1: selecting invalid altsetting 1 [ 102.293192][ T983] dvb_ttusb_budget: ttusb_init_controller: error [ 102.293209][ T983] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB) [ 102.569614][ T5981] tipc: Invalid UDP bearer configuration [ 102.569664][ T5981] tipc: Enabling of bearer rejected, failed to enable media [ 102.686451][ T983] DVB: Unable to find symbol cx22700_attach() [ 102.838683][ T5983] pim6reg: entered allmulticast mode [ 102.861791][ T983] DVB: Unable to find symbol tda10046_attach() [ 102.861806][ T983] dvb_ttusb_budget: no frontend driver found for device [0b48:1005] [ 102.874869][ T5985] pim6reg: left allmulticast mode [ 102.915570][ T983] usb 4-1: USB disconnect, device number 2 [ 103.050390][ T5989] syz.1.2 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 103.927011][ T6001] mmap: syz.0.22 (6001) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 104.824453][ T9] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 104.960314][ T6013] process 'syz.4.26' launched '/dev/fd/3' with NULL argv: empty string added [ 105.047159][ T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 105.047206][ T9] usb 1-1: New USB device found, idVendor=0c70, idProduct=f00b, bcdDevice= 0.00 [ 105.047226][ T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 105.140757][ T9] usb 1-1: config 0 descriptor?? [ 105.781344][ T9] aquacomputer_d5next 0003:0C70:F00B.0001: unknown main item tag 0x1 [ 105.781390][ T9] aquacomputer_d5next 0003:0C70:F00B.0001: unknown main item tag 0x0 [ 105.781414][ T9] aquacomputer_d5next 0003:0C70:F00B.0001: unknown main item tag 0x0 [ 105.890275][ T9] aquacomputer_d5next 0003:0C70:F00B.0001: hidraw0: USB HID v0.04 Device [HID 0c70:f00b] on usb-dummy_hcd.0-1/input0 [ 106.190974][ T6018] syz.4.29 (6018) used greatest stack depth: 18456 bytes left [ 106.271174][ T9] usb 1-1: USB disconnect, device number 2 [ 107.609063][ T6022] fido_id[6022]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/report_descriptor': No such file or directory [ 109.360980][ T6057] netlink: 44 bytes leftover after parsing attributes in process `syz.0.41'. [ 109.391993][ T6058] nbd: must specify a size in bytes for the device [ 110.523339][ T6066] capability: warning: `syz.3.46' uses 32-bit capabilities (legacy support in use) [ 111.092920][ T9] usb 4-1: new full-speed USB device number 3 using dummy_hcd [ 111.248878][ T9] usb 4-1: config 0 has an invalid interface number: 1 but max is 0 [ 111.248902][ T9] usb 4-1: config 0 has no interface number 0 [ 111.248947][ T9] usb 4-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e [ 111.248967][ T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 111.372046][ T9] usb 4-1: config 0 descriptor?? [ 111.421316][ T9] usb 4-1: selecting invalid altsetting 1 [ 111.421496][ T9] dvb_ttusb_budget: ttusb_init_controller: error [ 111.421510][ T9] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB) [ 111.974345][ T9] DVB: Unable to find symbol cx22700_attach() [ 112.453688][ T6083] netlink: 4 bytes leftover after parsing attributes in process `syz.0.53'. [ 112.506110][ T9] DVB: Unable to find symbol tda10046_attach() [ 112.506124][ T9] dvb_ttusb_budget: no frontend driver found for device [0b48:1005] [ 112.553544][ T9] usb 4-1: USB disconnect, device number 3 [ 112.852824][ T5901] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 113.006590][ T5901] usb 5-1: Using ep0 maxpacket: 16 [ 113.029840][ T5901] usb 5-1: config 0 interface 0 has no altsetting 0 [ 113.029882][ T5901] usb 5-1: New USB device found, idVendor=05ac, idProduct=0250, bcdDevice= 0.00 [ 113.029902][ T5901] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 113.145210][ T5901] usb 5-1: config 0 descriptor?? [ 113.658304][ T5901] apple 0003:05AC:0250.0002: unknown main item tag 0x0 [ 113.658339][ T5901] apple 0003:05AC:0250.0002: unknown main item tag 0x0 [ 113.658363][ T5901] apple 0003:05AC:0250.0002: unknown main item tag 0x0 [ 113.658388][ T5901] apple 0003:05AC:0250.0002: unknown main item tag 0x0 [ 113.658412][ T5901] apple 0003:05AC:0250.0002: unknown main item tag 0x0 [ 113.658435][ T5901] apple 0003:05AC:0250.0002: unknown main item tag 0x0 [ 113.658458][ T5901] apple 0003:05AC:0250.0002: unknown main item tag 0x0 [ 113.658481][ T5901] apple 0003:05AC:0250.0002: unknown main item tag 0x0 [ 113.658505][ T5901] apple 0003:05AC:0250.0002: unknown main item tag 0x0 [ 113.658528][ T5901] apple 0003:05AC:0250.0002: unknown main item tag 0x0 [ 113.912126][ T5901] apple 0003:05AC:0250.0002: hidraw0: USB HID v0.4b Device [HID 05ac:0250] on usb-dummy_hcd.4-1/input0 [ 114.014016][ T5901] usb 5-1: USB disconnect, device number 2 [ 114.511706][ T6096] fido_id[6096]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/report_descriptor': No such file or directory [ 114.824969][ T6101] netlink: 'syz.4.60': attribute type 25 has an invalid length. [ 115.473744][ T9] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 115.633425][ T9] usb 2-1: Using ep0 maxpacket: 32 [ 115.639274][ T9] usb 2-1: config 0 has an invalid interface number: 12 but max is 0 [ 115.639300][ T9] usb 2-1: config 0 has no interface number 0 [ 115.639346][ T9] usb 2-1: config 0 interface 12 has no altsetting 0 [ 115.745520][ T9] usb 2-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40 [ 115.745548][ T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 115.745566][ T9] usb 2-1: Product: syz [ 115.745578][ T9] usb 2-1: Manufacturer: syz [ 115.745590][ T9] usb 2-1: SerialNumber: syz [ 115.846689][ T9] usb 2-1: config 0 descriptor?? [ 116.010649][ T30] sched: DL replenish lagged too much [ 116.584691][ T9] f81534 2-1:0.12: f81534_set_register: reg: 1003 data: b0 failed: -71 [ 116.584747][ T9] f81534 2-1:0.12: f81534_find_config_idx: read failed: -71 [ 116.584762][ T9] f81534 2-1:0.12: f81534_calc_num_ports: find idx failed: -71 [ 116.584878][ T9] f81534 2-1:0.12: probe with driver f81534 failed with error -71 [ 116.709968][ T9] usb 2-1: USB disconnect, device number 2 [ 117.843925][ T9] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 118.045150][ T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 118.045181][ T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 118.045270][ T9] usb 2-1: New USB device found, idVendor=0403, idProduct=97c1, bcdDevice= 0.00 [ 118.045291][ T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 118.076935][ T9] usb 2-1: config 0 descriptor?? [ 118.639618][ T9] hid-retrode 0003:0403:97C1.0003: hidraw0: USB HID v0.00 Device [HID 0403:97c1] on usb-dummy_hcd.1-1/input0 [ 118.821433][ T9] usb 2-1: USB disconnect, device number 3 [ 119.368771][ T6131] fido_id[6131]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory [ 119.812813][ T10] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 119.962807][ T10] usb 4-1: Using ep0 maxpacket: 32 [ 119.970106][ T10] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 119.989702][ T10] usb 4-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 119.989728][ T10] usb 4-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 119.989745][ T10] usb 4-1: Product: syz [ 119.989757][ T10] usb 4-1: Manufacturer: syz [ 119.989769][ T10] usb 4-1: SerialNumber: syz [ 120.049227][ T10] usb 4-1: config 0 descriptor?? [ 120.050415][ T6136] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 120.080755][ T10] hub 4-1:0.0: bad descriptor, ignoring hub [ 120.080794][ T10] hub 4-1:0.0: probe with driver hub failed with error -5 [ 120.207932][ T5839] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 120.224065][ T5839] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 120.225059][ T5839] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 120.232993][ T5839] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 120.234347][ T5839] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 122.586530][ T6143] chnl_net:caif_netlink_parms(): no params data found [ 124.172826][ T5839] Bluetooth: hci5: command tx timeout [ 126.262850][ T5839] Bluetooth: hci5: command tx timeout [ 126.503025][ T6159] netlink: 256 bytes leftover after parsing attributes in process `syz.3.81'. [ 126.503048][ T6159] netlink: 48 bytes leftover after parsing attributes in process `syz.3.81'. [ 127.582872][ T37] audit: type=1326 audit(1756613502.378:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6167 comm="syz.3.86" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f29ba2cebe9 code=0x7ffc0000 [ 127.582931][ T37] audit: type=1326 audit(1756613502.388:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6167 comm="syz.3.86" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f29ba2cebe9 code=0x7ffc0000 [ 127.586623][ T37] audit: type=1326 audit(1756613502.398:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6167 comm="syz.3.86" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f29ba2cebe9 code=0x7ffc0000 [ 127.586672][ T37] audit: type=1326 audit(1756613502.398:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6167 comm="syz.3.86" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f29ba2cebe9 code=0x7ffc0000 [ 127.586711][ T37] audit: type=1326 audit(1756613502.398:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6167 comm="syz.3.86" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f29ba2cebe9 code=0x7ffc0000 [ 127.674480][ T37] audit: type=1326 audit(1756613502.488:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6167 comm="syz.3.86" exe="/root/syz-executor" sig=0 arch=c000003e syscall=75 compat=0 ip=0x7f29ba2cebe9 code=0x7ffc0000 [ 127.674530][ T37] audit: type=1326 audit(1756613502.488:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6167 comm="syz.3.86" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f29ba2cebe9 code=0x7ffc0000 [ 127.674571][ T37] audit: type=1326 audit(1756613502.488:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6167 comm="syz.3.86" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f29ba2cebe9 code=0x7ffc0000 [ 127.945091][ T6170] program syz.1.87 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 128.332873][ T5839] Bluetooth: hci5: command tx timeout [ 129.485352][ T59] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 129.505249][ T59] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 129.506302][ T59] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 129.507839][ T59] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 129.539393][ T59] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 130.422934][ T59] Bluetooth: hci5: command tx timeout [ 131.625887][ T59] Bluetooth: hci6: command tx timeout [ 132.506349][ T6205] Bluetooth: MGMT ver 1.23 [ 133.693079][ T59] Bluetooth: hci6: command tx timeout [ 133.726752][ T1324] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.726854][ T1324] ieee802154 phy1 wpan1: encryption failed: -22 [ 135.773310][ T59] Bluetooth: hci6: command tx timeout [ 137.853111][ T59] Bluetooth: hci6: command tx timeout [ 141.135568][ T6237] use of bytesused == 0 is deprecated and will be removed in the future, [ 141.135584][ T6237] use the actual size instead. [ 142.601376][ T6261] netlink: 44 bytes leftover after parsing attributes in process `syz.4.123'. [ 142.601403][ T6261] netlink: 'syz.4.123': attribute type 6 has an invalid length. [ 142.601415][ T6261] netlink: 'syz.4.123': attribute type 5 has an invalid length. [ 142.601426][ T6261] netlink: 'syz.4.123': attribute type 4 has an invalid length. [ 144.460308][ T6247] bridge: RTM_NEWNEIGH with unconfigured vlan 3 on bridge0 [ 146.520774][ T6281] netlink: 8 bytes leftover after parsing attributes in process `syz.1.133'. [ 148.934306][ T6313] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 150.878371][ T31] usb 4-1: USB disconnect, device number 4 [ 164.504928][ T5839] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 164.531571][ T5839] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 164.545752][ T5839] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 164.566759][ T5839] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 164.567794][ T5839] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 165.572107][ T59] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 165.587607][ T59] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 165.589714][ T59] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 165.591239][ T59] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 165.592388][ T59] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 166.652881][ T5839] Bluetooth: hci0: command tx timeout [ 167.692857][ T5839] Bluetooth: hci7: command tx timeout [ 168.733177][ T5839] Bluetooth: hci0: command tx timeout [ 169.772875][ T5839] Bluetooth: hci7: command tx timeout [ 170.812885][ T5839] Bluetooth: hci0: command tx timeout [ 171.853481][ T5839] Bluetooth: hci7: command tx timeout [ 171.860619][ T6336] Falling back ldisc for ttyprintk. [ 172.892910][ T5839] Bluetooth: hci0: command tx timeout [ 173.936134][ T5839] Bluetooth: hci7: command tx timeout [ 179.683761][ T59] Bluetooth: hci8: unexpected cc 0x0c03 length: 249 > 1 [ 179.691825][ T59] Bluetooth: hci8: unexpected cc 0x1003 length: 249 > 9 [ 179.715073][ T59] Bluetooth: hci8: unexpected cc 0x1001 length: 249 > 9 [ 179.716450][ T59] Bluetooth: hci8: unexpected cc 0x0c23 length: 249 > 4 [ 179.717253][ T59] Bluetooth: hci8: unexpected cc 0x0c38 length: 249 > 2 [ 182.013102][ T5839] Bluetooth: hci8: command tx timeout [ 184.092887][ T5839] Bluetooth: hci8: command tx timeout [ 186.172989][ T5839] Bluetooth: hci8: command tx timeout [ 188.257466][ T5839] Bluetooth: hci8: command tx timeout [ 188.596702][ T59] Bluetooth: hci9: unexpected cc 0x0c03 length: 249 > 1 [ 188.615110][ T59] Bluetooth: hci9: unexpected cc 0x1003 length: 249 > 9 [ 188.617154][ T59] Bluetooth: hci9: unexpected cc 0x1001 length: 249 > 9 [ 188.618976][ T59] Bluetooth: hci9: unexpected cc 0x0c23 length: 249 > 4 [ 188.620166][ T59] Bluetooth: hci9: unexpected cc 0x0c38 length: 249 > 2 [ 189.020826][ T6143] bridge0: port 1(bridge_slave_0) entered blocking state [ 189.020968][ T6143] bridge0: port 1(bridge_slave_0) entered disabled state [ 189.021213][ T6143] bridge_slave_0: entered allmulticast mode [ 189.067964][ T6143] bridge_slave_0: entered promiscuous mode [ 189.707884][ T5839] Bluetooth: hci10: unexpected cc 0x0c03 length: 249 > 1 [ 189.725374][ T5839] Bluetooth: hci10: unexpected cc 0x1003 length: 249 > 9 [ 189.726418][ T5839] Bluetooth: hci10: unexpected cc 0x1001 length: 249 > 9 [ 189.730146][ T5839] Bluetooth: hci10: unexpected cc 0x0c23 length: 249 > 4 [ 189.731070][ T5839] Bluetooth: hci10: unexpected cc 0x0c38 length: 249 > 2 [ 190.652887][ T5839] Bluetooth: hci9: command tx timeout [ 191.773008][ T5839] Bluetooth: hci10: command tx timeout [ 192.732991][ T5839] Bluetooth: hci9: command tx timeout [ 193.862907][ T5839] Bluetooth: hci10: command tx timeout [ 194.427921][ T1324] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.427996][ T1324] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.812892][ T5839] Bluetooth: hci9: command tx timeout [ 195.932998][ T5839] Bluetooth: hci10: command tx timeout [ 196.892879][ T5839] Bluetooth: hci9: command tx timeout [ 198.013020][ T5839] Bluetooth: hci10: command tx timeout [ 211.853060][ T6374] Bluetooth: hci3: command 0x0406 tx timeout [ 211.853297][ T6374] Bluetooth: hci4: command 0x0406 tx timeout [ 211.853426][ T6374] Bluetooth: hci1: command 0x0406 tx timeout [ 211.853524][ T6374] Bluetooth: hci2: command 0x0406 tx timeout [ 225.111761][ T6378] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 225.127657][ T6378] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 225.128707][ T6378] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 225.130009][ T6378] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 225.183031][ T6378] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 226.119142][ T6384] Bluetooth: hci11: unexpected cc 0x0c03 length: 249 > 1 [ 226.138297][ T6384] Bluetooth: hci11: unexpected cc 0x1003 length: 249 > 9 [ 226.140394][ T6384] Bluetooth: hci11: unexpected cc 0x1001 length: 249 > 9 [ 226.142300][ T6384] Bluetooth: hci11: unexpected cc 0x0c23 length: 249 > 4 [ 226.171223][ T6384] Bluetooth: hci11: unexpected cc 0x0c38 length: 249 > 2 [ 236.253970][ T59] Bluetooth: hci5: command tx timeout [ 236.255878][ T5849] Bluetooth: hci11: command tx timeout [ 238.341998][ T59] Bluetooth: hci5: command tx timeout [ 238.353387][ T5849] Bluetooth: hci11: command tx timeout [ 240.168487][ T59] Bluetooth: hci12: unexpected cc 0x0c03 length: 249 > 1 [ 240.201571][ T59] Bluetooth: hci12: unexpected cc 0x1003 length: 249 > 9 [ 240.210643][ T59] Bluetooth: hci12: unexpected cc 0x1001 length: 249 > 9 [ 240.212218][ T59] Bluetooth: hci12: unexpected cc 0x0c23 length: 249 > 4 [ 240.228966][ T59] Bluetooth: hci12: unexpected cc 0x0c38 length: 249 > 2 [ 240.413133][ T6378] Bluetooth: hci5: command tx timeout [ 240.414617][ T5849] Bluetooth: hci11: command tx timeout [ 242.492885][ T5849] Bluetooth: hci5: command tx timeout [ 242.492936][ T59] Bluetooth: hci11: command tx timeout [ 243.692932][ T59] Bluetooth: hci12: command tx timeout [ 245.772847][ T59] Bluetooth: hci12: command tx timeout [ 247.852952][ T59] Bluetooth: hci12: command tx timeout [ 249.932960][ T59] Bluetooth: hci12: command tx timeout [ 250.214027][ T5849] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 250.237453][ T5849] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 250.238505][ T5849] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 250.240066][ T5849] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 250.252664][ T5849] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 250.398406][ T59] Bluetooth: hci13: unexpected cc 0x0c03 length: 249 > 1 [ 250.415042][ T59] Bluetooth: hci13: unexpected cc 0x1003 length: 249 > 9 [ 250.416144][ T59] Bluetooth: hci13: unexpected cc 0x1001 length: 249 > 9 [ 250.417695][ T59] Bluetooth: hci13: unexpected cc 0x0c23 length: 249 > 4 [ 250.419371][ T59] Bluetooth: hci13: unexpected cc 0x0c38 length: 249 > 2 [ 252.332994][ T59] Bluetooth: hci4: command tx timeout [ 252.502105][ T59] Bluetooth: hci13: command tx timeout [ 252.823152][ T59] Bluetooth: hci6: command 0x0406 tx timeout [ 254.412820][ T59] Bluetooth: hci4: command tx timeout [ 254.573361][ T59] Bluetooth: hci13: command tx timeout [ 255.870777][ T1324] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.870847][ T1324] ieee802154 phy1 wpan1: encryption failed: -22 [ 256.492806][ T59] Bluetooth: hci4: command tx timeout [ 256.652961][ T59] Bluetooth: hci13: command tx timeout [ 258.574459][ T59] Bluetooth: hci4: command tx timeout [ 258.742708][ T59] Bluetooth: hci13: command tx timeout [ 264.812915][ T38] INFO: task kworker/u8:7:1128 blocked for more than 143 seconds. [ 264.812954][ T38] Not tainted syzkaller #0 [ 264.812965][ T38] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 264.812977][ T38] task:kworker/u8:7 state:D stack:20408 pid:1128 tgid:1128 ppid:2 task_flags:0x4208060 flags:0x00004000 [ 264.813150][ T38] Workqueue: events_unbound bpf_map_free_deferred [ 264.813191][ T38] Call Trace: [ 264.813197][ T38] [ 264.813210][ T38] __schedule+0x16f3/0x4c20 [ 264.813267][ T38] ? __pfx___schedule+0x10/0x10 [ 264.813312][ T38] rt_mutex_schedule+0x77/0xf0 [ 264.813330][ T38] rt_mutex_slowlock_block+0x5ba/0x6d0 [ 264.813363][ T38] ? rt_mutex_slowlock_block+0x351/0x6d0 [ 264.813385][ T38] rt_mutex_slowlock+0x2b1/0x6e0 [ 264.813407][ T38] ? rt_mutex_slowlock+0x1c9/0x6e0 [ 264.813426][ T38] ? __pfx_rt_mutex_slowlock+0x10/0x10 [ 264.813442][ T38] ? __lock_acquire+0xab9/0xd20 [ 264.813474][ T38] ? rcu_barrier+0x4c/0x570 [ 264.813494][ T38] ? __lock_acquire+0xab9/0xd20 [ 264.813530][ T38] ? rcu_barrier+0x4c/0x570 [ 264.813545][ T38] mutex_lock_nested+0x16a/0x1d0 [ 264.813562][ T38] ? synchronize_rcu+0x11a/0x310 [ 264.813583][ T38] rcu_barrier+0x4c/0x570 [ 264.813611][ T38] dev_map_free+0x11f/0x6a0 [ 264.813644][ T38] bpf_map_free_deferred+0x110/0x140 [ 264.813661][ T38] ? process_scheduled_works+0x9ef/0x17b0 [ 264.813684][ T38] process_scheduled_works+0xade/0x17b0 [ 264.813735][ T38] ? __pfx_process_scheduled_works+0x10/0x10 [ 264.813773][ T38] worker_thread+0x8a0/0xda0 [ 264.813796][ T38] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 264.813827][ T38] ? __kthread_parkme+0x7b/0x200 [ 264.813858][ T38] kthread+0x711/0x8a0 [ 264.813885][ T38] ? __pfx_worker_thread+0x10/0x10 [ 264.813905][ T38] ? __pfx_kthread+0x10/0x10 [ 264.813937][ T38] ? __pfx_kthread+0x10/0x10 [ 264.813962][ T38] ret_from_fork+0x3f9/0x770 [ 264.813984][ T38] ? __pfx_ret_from_fork+0x10/0x10 [ 264.814012][ T38] ? __switch_to_asm+0x39/0x70 [ 264.814028][ T38] ? __switch_to_asm+0x33/0x70 [ 264.814043][ T38] ? __pfx_kthread+0x10/0x10 [ 264.814067][ T38] ret_from_fork_asm+0x1a/0x30 [ 264.814101][ T38] [ 264.814193][ T38] INFO: task syz.2.15:5985 blocked for more than 143 seconds. [ 264.814206][ T38] Not tainted syzkaller #0 [ 264.814215][ T38] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 264.814235][ T38] task:syz.2.15 state:D stack:25064 pid:5985 tgid:5982 ppid:5846 task_flags:0x400140 flags:0x00004006 [ 264.814284][ T38] Call Trace: [ 264.814290][ T38] [ 264.814301][ T38] __schedule+0x16f3/0x4c20 [ 264.814332][ T38] ? validate_chain+0x897/0x2140 [ 264.814365][ T38] ? __lock_acquire+0xab9/0xd20 [ 264.814386][ T38] ? __pfx___schedule+0x10/0x10 [ 264.814423][ T38] ? schedule+0x91/0x360 [ 264.814447][ T38] schedule+0x165/0x360 [ 264.814468][ T38] schedule_timeout+0x9a/0x270 [ 264.814488][ T38] ? __pfx_schedule_timeout+0x10/0x10 [ 264.814520][ T38] ? _raw_spin_unlock_irq+0x23/0x50 [ 264.814540][ T38] ? lockdep_hardirqs_on+0x9c/0x150 [ 264.814559][ T38] ? wait_for_completion+0x267/0x5d0 [ 264.814582][ T38] wait_for_completion+0x2bf/0x5d0 [ 264.814622][ T38] ? __pfx_wait_for_completion+0x10/0x10 [ 264.814650][ T38] ? __init_swait_queue_head+0xa9/0x150 [ 264.814675][ T38] rcu_barrier+0x463/0x570 [ 264.814703][ T38] netdev_run_todo+0x327/0xea0 [ 264.814735][ T38] ? __pfx_netdev_run_todo+0x10/0x10 [ 264.814768][ T38] ? mutex_lock_nested+0x16a/0x1d0 [ 264.814783][ T38] ? _copy_from_user+0x94/0xb0 [ 264.814807][ T38] ip6_mroute_setsockopt+0x866/0xf00 [ 264.814837][ T38] ? __pfx_ip6_mroute_setsockopt+0x10/0x10 [ 264.814889][ T38] do_ipv6_setsockopt+0x35a/0x2eb0 [ 264.814916][ T38] ? lockdep_hardirqs_on+0x9c/0x150 [ 264.814938][ T38] ? __pfx_do_ipv6_setsockopt+0x10/0x10 [ 264.814955][ T38] ? css_rstat_updated+0x23a/0x4f0 [ 264.815027][ T38] ? __pfx_css_rstat_updated+0x10/0x10 [ 264.815073][ T38] ? count_memcg_event_mm+0x21/0x260 [ 264.815100][ T38] ? count_memcg_event_mm+0x21/0x260 [ 264.815119][ T38] ? count_memcg_event_mm+0x21/0x260 [ 264.815145][ T38] ? handle_mm_fault+0x30eb/0x3400 [ 264.815166][ T38] ? reacquire_held_locks+0x127/0x1d0 [ 264.815200][ T38] ? __lock_acquire+0xab9/0xd20 [ 264.815229][ T38] ipv6_setsockopt+0x59/0x170 [ 264.815253][ T38] rawv6_setsockopt+0x23b/0x5b0 [ 264.815276][ T38] ? __pfx_rawv6_setsockopt+0x10/0x10 [ 264.815307][ T38] ? sock_common_setsockopt+0x36/0xc0 [ 264.815327][ T38] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 264.815348][ T38] do_sock_setsockopt+0x17c/0x1b0 [ 264.815376][ T38] __x64_sys_setsockopt+0x145/0x1b0 [ 264.815403][ T38] do_syscall_64+0xfa/0x3b0 [ 264.815424][ T38] ? lockdep_hardirqs_on+0x9c/0x150 [ 264.815445][ T38] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 264.815463][ T38] ? clear_bhb_loop+0x60/0xb0 [ 264.815484][ T38] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 264.815502][ T38] RIP: 0033:0x7f034874ebe9 [ 264.815527][ T38] RSP: 002b:00007f034698d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 264.815546][ T38] RAX: ffffffffffffffda RBX: 00007f0348986090 RCX: 00007f034874ebe9 [ 264.815559][ T38] RDX: 00000000000000d4 RSI: 0000000000000029 RDI: 0000000000000003 [ 264.815570][ T38] RBP: 00007f03487d1e19 R08: 0000000000000004 R09: 0000000000000000 [ 264.815581][ T38] R10: 0000200000000080 R11: 0000000000000246 R12: 0000000000000000 [ 264.815593][ T38] R13: 00007f0348986128 R14: 00007f0348986090 R15: 00007ffe56b4cc88 [ 264.815623][ T38] [ 264.815658][ T38] [ 264.815658][ T38] Showing all locks held in the system: [ 264.815668][ T38] 2 locks held by kworker/0:1/10: [ 264.815679][ T38] #0: ffff888019898538 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 264.815727][ T38] #1: ffffc900000f7bc0 (free_ipc_work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 264.815771][ T38] 3 locks held by kworker/u8:1/13: [ 264.815781][ T38] #0: ffff88814cc60938 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 264.815824][ T38] #1: ffffc90000127bc0 ((work_completion)(&(&net->ipv6.addr_chk_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 264.815869][ T38] #2: ffffffff8ecd22b8 (rtnl_mutex){+.+.}-{4:4}, at: addrconf_verify_work+0x19/0x30 [ 264.815913][ T38] 2 locks held by ktimers/1/29: [ 264.815922][ T38] #0: ffffffff8d84a760 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 264.815965][ T38] #1: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 264.816020][ T38] 2 locks held by ksoftirqd/1/30: [ 264.816029][ T38] #0: ffffffff8d84a760 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 264.816071][ T38] #1: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 264.816115][ T38] 1 lock held by khungtaskd/38: [ 264.816125][ T38] #0: ffffffff8d9a8b80 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180 [ 264.816167][ T38] 3 locks held by kworker/u8:2/43: [ 264.816176][ T38] #0: ffff888019881138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 264.816221][ T38] #1: ffffc90000b47bc0 ((work_completion)(&map->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 264.816265][ T38] #2: ffffffff8d9ae530 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570 [ 264.816344][ T38] 3 locks held by kworker/u8:7/1128: [ 264.816355][ T38] #0: ffff888019881138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 264.816398][ T38] #1: ffffc90004b57bc0 ((work_completion)(&map->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 264.816441][ T38] #2: ffffffff8d9ae530 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570 [ 264.816480][ T38] 3 locks held by kworker/u8:8/1174: [ 264.816490][ T38] #0: ffff888019881138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 264.816531][ T38] #1: ffffc90004b67bc0 ((linkwatch_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 264.816567][ T38] #2: ffffffff8ecd22b8 (rtnl_mutex){+.+.}-{4:4}, at: linkwatch_event+0xe/0x60 [ 264.816609][ T38] 3 locks held by kworker/u8:9/1281: [ 264.816618][ T38] #0: ffff888019881138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 264.816658][ T38] #1: ffffc900050d7bc0 ((work_completion)(©->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 264.816698][ T38] #2: ffffffff8d9ae530 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570 [ 264.816738][ T38] 4 locks held by kworker/1:2/1563: [ 264.816748][ T38] #0: ffff88805bcc7938 ((wq_completion)wg-crypt-wg0#2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 264.816794][ T38] #1: ffffc90005347bc0 ((work_completion)(&peer->transmit_packet_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 264.816837][ T38] #2: ffffffff8d84a760 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 264.816876][ T38] #3: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 264.816929][ T38] 2 locks held by kworker/u8:10/4055: [ 264.816941][ T38] 2 locks held by getty/5593: [ 264.816951][ T38] #0: ffff88823bf388a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 264.816993][ T38] #1: ffffc90003e832e0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x444/0x1410 [ 264.817036][ T38] 1 lock held by syz-executor/5838: [ 264.817045][ T38] #0: ffffffff8d9ae530 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570 [ 264.817091][ T38] 2 locks held by kworker/1:4/5920: [ 264.817101][ T38] 3 locks held by kworker/1:5/5921: [ 264.817111][ T38] #0: ffff888019898538 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 264.817153][ T38] #1: ffffc90005b87bc0 (reg_work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 264.817196][ T38] #2: ffffffff8ecd22b8 (rtnl_mutex){+.+.}-{4:4}, at: reg_todo+0x1c/0x8c0 [ 264.817241][ T38] 1 lock held by syz.2.15/5985: [ 264.817251][ T38] #0: ffffffff8d9ae530 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570 [ 264.817297][ T38] 4 locks held by kworker/1:6/6034: [ 264.817307][ T38] 2 locks held by kworker/1:7/6036: [ 264.817317][ T38] 2 locks held by kworker/1:9/6038: [ 264.817328][ T38] 2 locks held by kworker/1:12/6053: [ 264.817338][ T38] 2 locks held by kworker/1:13/6054: [ 264.817348][ T38] 1 lock held by syz-executor/6143: [ 264.817357][ T38] #0: ffffffff8d9ae530 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570 [ 264.817398][ T38] 2 locks held by syz-executor/6185: [ 264.817407][ T38] #0: ffffffff8ecc53c0 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x304/0x4d0 [ 264.817447][ T38] #1: ffffffff8ecd22b8 (rtnl_mutex){+.+.}-{4:4}, at: wg_netns_pre_exit+0x1c/0x1d0 [ 264.817494][ T38] 1 lock held by syz.3.145/6308: [ 264.817504][ T38] #0: ffffffff8d9ae530 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570 [ 264.817543][ T38] 1 lock held by syz.1.148/6312: [ 264.817553][ T38] #0: ffffffff8d9ae530 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570 [ 264.817592][ T38] 2 locks held by syz-executor/6326: [ 264.817601][ T38] #0: ffff888068e60e80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_unregister_dev+0x212/0x510 [ 264.817642][ T38] #1: ffff888068e600a8 (&hdev->lock){+.+.}-{4:4}, at: hci_dev_close_sync+0x66a/0x1330 [ 264.817685][ T38] 3 locks held by syz-executor/6330: [ 264.817695][ T38] #0: ffff88804ee98e80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_unregister_dev+0x212/0x510 [ 264.817741][ T38] #1: ffff88804ee980a8 (&hdev->lock){+.+.}-{4:4}, at: hci_dev_close_sync+0x66a/0x1330 [ 264.817782][ T38] #2: ffffffff8ee39c38 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_hash_flush+0xa1/0x230 [ 264.817828][ T38] 1 lock held by syz.4.161/6350: [ 264.817838][ T38] #0: ffffffff8ecd22b8 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x41/0x1c0 [ 264.817882][ T38] 3 locks held by syz-executor/6354: [ 264.817891][ T38] #0: ffff8880369a8e80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_unregister_dev+0x212/0x510 [ 264.817931][ T38] #1: ffff8880369a80a8 (&hdev->lock){+.+.}-{4:4}, at: hci_dev_close_sync+0x66a/0x1330 [ 264.817973][ T38] #2: ffffffff8ee39c38 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_hash_flush+0xa1/0x230 [ 264.818018][ T38] 4 locks held by syz-executor/6365: [ 264.818028][ T38] #0: ffff888066f48e80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_unregister_dev+0x212/0x510 [ 264.818066][ T38] #1: ffff888066f480a8 (&hdev->lock){+.+.}-{4:4}, at: hci_dev_close_sync+0x66a/0x1330 [ 264.818107][ T38] #2: ffffffff8ee39c38 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_hash_flush+0xa1/0x230 [ 264.818152][ T38] #3: ffff888050d2cb58 (&conn->lock#2){+.+.}-{4:4}, at: l2cap_conn_del+0x70/0x680 [ 264.818201][ T38] 3 locks held by syz-executor/6370: [ 264.818210][ T38] #0: ffff888050f7ce80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_unregister_dev+0x212/0x510 [ 264.818256][ T38] #1: ffff888050f7c0a8 (&hdev->lock){+.+.}-{4:4}, at: hci_dev_close_sync+0x66a/0x1330 [ 264.818304][ T38] #2: ffffffff8ee39c38 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_hash_flush+0xa1/0x230 [ 264.818349][ T38] 1 lock held by syz-executor/6377: [ 264.818359][ T38] #0: ffffffff8ecd22b8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x8db/0x1c70 [ 264.818400][ T38] 1 lock held by syz-executor/6383: [ 264.818410][ T38] #0: ffffffff8ecd22b8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x8db/0x1c70 [ 264.818452][ T38] 1 lock held by syz-executor/6389: [ 264.818461][ T38] #0: ffffffff8ecd22b8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x8db/0x1c70 [ 264.818501][ T38] 1 lock held by syz-executor/6400: [ 264.818510][ T38] #0: ffffffff8ecd22b8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 264.818557][ T38] 1 lock held by syz-executor/6404: [ 264.818566][ T38] #0: ffffffff8ecd22b8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 264.818619][ T38] [ 264.818624][ T38] ============================================= [ 264.818624][ T38] [ 264.818644][ T38] NMI backtrace for cpu 0 [ 264.818673][ T38] CPU: 0 UID: 0 PID: 38 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 264.818703][ T38] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 264.818713][ T38] Call Trace: [ 264.818721][ T38] [ 264.818728][ T38] dump_stack_lvl+0x189/0x250 [ 264.818755][ T38] ? __pfx_dump_stack_lvl+0x10/0x10 [ 264.818777][ T38] ? __pfx__printk+0x10/0x10 [ 264.818808][ T38] nmi_cpu_backtrace+0x39e/0x3d0 [ 264.818829][ T38] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 264.818850][ T38] ? __pfx__printk+0x10/0x10 [ 264.818871][ T38] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 264.818894][ T38] nmi_trigger_cpumask_backtrace+0x17a/0x300 [ 264.818915][ T38] watchdog+0xf93/0xfe0 [ 264.818941][ T38] ? watchdog+0x1de/0xfe0 [ 264.818966][ T38] kthread+0x711/0x8a0 [ 264.818993][ T38] ? __pfx_watchdog+0x10/0x10 [ 264.819012][ T38] ? __pfx_kthread+0x10/0x10 [ 264.819038][ T38] ? __pfx_kthread+0x10/0x10 [ 264.819061][ T38] ret_from_fork+0x3f9/0x770 [ 264.819085][ T38] ? __pfx_ret_from_fork+0x10/0x10 [ 264.819111][ T38] ? __switch_to_asm+0x39/0x70 [ 264.819126][ T38] ? __switch_to_asm+0x33/0x70 [ 264.819140][ T38] ? __pfx_kthread+0x10/0x10 [ 264.819164][ T38] ret_from_fork_asm+0x1a/0x30 [ 264.819200][ T38] [ 264.819207][ T38] Sending NMI from CPU 0 to CPUs 1: [ 264.819231][ C1] NMI backtrace for cpu 1 [ 264.819248][ C1] CPU: 1 UID: 0 PID: 29 Comm: ktimers/1 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 264.819278][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 264.819287][ C1] RIP: 0010:__sanitizer_cov_trace_const_cmp8+0x2b/0xa0 [ 264.819310][ C1] Code: 0f 1e fa 48 8b 04 24 65 48 8b 0c 25 08 e0 f5 91 65 44 8b 05 67 7e 37 10 41 81 e0 00 00 ff 00 ba 00 01 00 00 23 91 0c 0b 00 00 <41> 89 d1 45 09 c1 74 12 45 85 c0 75 5b 85 d2 74 57 83 b9 d4 15 00 [ 264.819323][ C1] RSP: 0018:ffffc90000a3edc0 EFLAGS: 00000206 [ 264.819338][ C1] RAX: ffffffff84ed9d29 RBX: 0000000000000000 RCX: ffff88801cac1dc0 [ 264.819350][ C1] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000000 [ 264.819360][ C1] RBP: 0000000000000014 R08: 0000000000000000 R09: 0000000000000100 [ 264.819370][ C1] R10: dffffc0000000000 R11: ffffed1004a7c801 R12: dffffc0000000000 [ 264.819382][ C1] R13: ffff888069ae8b0a R14: ffff888069ae8b00 R15: 0000000000000000 [ 264.819394][ C1] FS: 0000000000000000(0000) GS:ffff8881269c2000(0000) knlGS:0000000000000000 [ 264.819407][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 264.819418][ C1] CR2: 00007f2926a58590 CR3: 000000000d7a6000 CR4: 00000000003526f0 [ 264.819433][ C1] Call Trace: [ 264.819438][ C1] [ 264.819444][ C1] ip_fast_csum+0x49/0x2b0 [ 264.819462][ C1] __ip_local_out+0x12c/0x600 [ 264.819486][ C1] ip_local_out+0x26/0x70 [ 264.819507][ C1] synproxy_send_client_synack+0x8bb/0xe20 [ 264.819535][ C1] ? __pfx_synproxy_send_client_synack+0x10/0x10 [ 264.819555][ C1] ? nft_osf_dump+0x98/0x220 [ 264.819575][ C1] ? synproxy_pernet+0x45/0x270 [ 264.819600][ C1] nft_synproxy_eval_v4+0x36e/0x560 [ 264.819625][ C1] ? __pfx_nft_synproxy_eval_v4+0x10/0x10 [ 264.819649][ C1] ? nf_ip_checksum+0x13c/0x510 [ 264.819674][ C1] nft_synproxy_do_eval+0x345/0x570 [ 264.819704][ C1] ? __pfx_nft_synproxy_do_eval+0x10/0x10 [ 264.819726][ C1] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 264.819752][ C1] nft_do_chain+0x409/0x1920 [ 264.819781][ C1] ? __pfx_nft_do_chain+0x10/0x10 [ 264.819816][ C1] ? try_to_take_rt_mutex+0x840/0xb00 [ 264.819837][ C1] nft_do_chain_inet+0x25d/0x340 [ 264.819858][ C1] ? __pfx_nft_do_chain_inet+0x10/0x10 [ 264.819879][ C1] ? __lock_acquire+0xab9/0xd20 [ 264.819904][ C1] ? NF_HOOK+0x9a/0x3a0 [ 264.819921][ C1] ? __pfx_nft_do_chain_inet+0x10/0x10 [ 264.819943][ C1] nf_hook_slow+0xc5/0x220 [ 264.819964][ C1] NF_HOOK+0x206/0x3a0 [ 264.819983][ C1] ? __pfx_ip_local_deliver_finish+0x10/0x10 [ 264.820001][ C1] ? NF_HOOK+0x9a/0x3a0 [ 264.820018][ C1] ? __pfx_NF_HOOK+0x10/0x10 [ 264.820039][ C1] ? ip_rcv_finish_core+0xda3/0x1c00 [ 264.820059][ C1] ? __pfx_ip_local_deliver_finish+0x10/0x10 [ 264.820078][ C1] ? skb_dst+0x4f/0xd0 [ 264.820096][ C1] ? ip_local_deliver+0x12a/0x1b0 [ 264.820116][ C1] NF_HOOK+0x30c/0x3a0 [ 264.820134][ C1] ? __pfx_ip_rcv_finish+0x10/0x10 [ 264.820151][ C1] ? NF_HOOK+0x9a/0x3a0 [ 264.820168][ C1] ? __pfx_NF_HOOK+0x10/0x10 [ 264.820186][ C1] ? __pfx_ip_rcv_finish+0x10/0x10 [ 264.820209][ C1] ? __pfx_ip_rcv+0x10/0x10 [ 264.820225][ C1] __netif_receive_skb+0x143/0x380 [ 264.820242][ C1] ? rt_spin_unlock+0x65/0x80 [ 264.820260][ C1] ? process_backlog+0x27b/0x900 [ 264.820276][ C1] process_backlog+0x31e/0x900 [ 264.820299][ C1] __napi_poll+0xb6/0x540 [ 264.820317][ C1] net_rx_action+0x707/0xe00 [ 264.820343][ C1] ? __pfx_net_rx_action+0x10/0x10 [ 264.820377][ C1] handle_softirqs+0x22c/0x710 [ 264.820400][ C1] ? __pfx_handle_softirqs+0x10/0x10 [ 264.820424][ C1] run_ktimerd+0xcf/0x190 [ 264.820443][ C1] ? __pfx_run_ktimerd+0x10/0x10 [ 264.820462][ C1] ? schedule+0x91/0x360 [ 264.820484][ C1] ? smpboot_thread_fn+0x4d/0xa60 [ 264.820501][ C1] smpboot_thread_fn+0x542/0xa60 [ 264.820526][ C1] ? smpboot_thread_fn+0x4d/0xa60 [ 264.820548][ C1] kthread+0x711/0x8a0 [ 264.820570][ C1] ? __pfx_smpboot_thread_fn+0x10/0x10 [ 264.820588][ C1] ? __pfx_kthread+0x10/0x10 [ 264.820612][ C1] ? __pfx_kthread+0x10/0x10 [ 264.820633][ C1] ret_from_fork+0x3f9/0x770 [ 264.820653][ C1] ? __pfx_ret_from_fork+0x10/0x10 [ 264.820674][ C1] ? __switch_to_asm+0x39/0x70 [ 264.820688][ C1] ? __switch_to_asm+0x33/0x70 [ 264.820702][ C1] ? __pfx_kthread+0x10/0x10 [ 264.820723][ C1] ret_from_fork_asm+0x1a/0x30 [ 264.820745][ C1] [ 264.821234][ T38] Kernel panic - not syncing: hung_task: blocked tasks [ 264.821247][ T38] CPU: 0 UID: 0 PID: 38 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 264.821265][ T38] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 264.821274][ T38] Call Trace: [ 264.821286][ T38] [ 264.821293][ T38] dump_stack_lvl+0x99/0x250 [ 264.821317][ T38] ? __asan_memcpy+0x40/0x70 [ 264.821336][ T38] ? __pfx_dump_stack_lvl+0x10/0x10 [ 264.821359][ T38] ? __pfx__printk+0x10/0x10 [ 264.821389][ T38] vpanic+0x281/0x750 [ 264.821414][ T38] ? __pfx_vpanic+0x10/0x10 [ 264.821433][ T38] ? __x2apic_send_IPI_mask+0x1e4/0x260 [ 264.821451][ T38] ? lockdep_hardirqs_on+0x9c/0x150 [ 264.821481][ T38] panic+0xb9/0xc0 [ 264.821502][ T38] ? __pfx_panic+0x10/0x10 [ 264.821527][ T38] ? irq_work_queue+0xc3/0x140 [ 264.821552][ T38] ? nmi_trigger_cpumask_backtrace+0x234/0x300 [ 264.821573][ T38] watchdog+0xfd2/0xfe0 [ 264.821598][ T38] ? watchdog+0x1de/0xfe0 [ 264.821623][ T38] kthread+0x711/0x8a0 [ 264.821649][ T38] ? __pfx_watchdog+0x10/0x10 [ 264.821668][ T38] ? __pfx_kthread+0x10/0x10 [ 264.821694][ T38] ? __pfx_kthread+0x10/0x10 [ 264.821718][ T38] ret_from_fork+0x3f9/0x770 [ 264.821741][ T38] ? __pfx_ret_from_fork+0x10/0x10 [ 264.821767][ T38] ? __switch_to_asm+0x39/0x70 [ 264.821782][ T38] ? __switch_to_asm+0x33/0x70 [ 264.821797][ T38] ? __pfx_kthread+0x10/0x10 [ 264.821820][ T38] ret_from_fork_asm+0x1a/0x30 [ 264.821851][ T38] [ 264.822161][ T38] Kernel Offset: disabled