last executing test programs: 10m50.846183905s ago: executing program 3 (id=7): bpf$PROG_LOAD(0x5, 0x0, 0x0) syz_emit_ethernet(0x2a, &(0x7f0000000000)={@link_local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, @void, {@ipv4={0x800, @igmp={{0x5, 0x4, 0x0, 0x6, 0x1c, 0x67, 0x0, 0x0, 0x2, 0x0, @loopback, @initdev={0xac, 0x1e, 0x1, 0x0}}, {0x22, 0x0, 0x0, @empty}}}}}, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000001c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) mkdir(&(0x7f0000000040)='./file1\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000340)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@xino_on}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) socket(0x1e, 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) chdir(&(0x7f00000003c0)='./bus\x00') r3 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000580)={&(0x7f0000000280)='kfree\x00'}, 0x18) getdents(r3, &(0x7f0000001fc0)=""/184, 0x20002078) syz_open_procfs(0x0, &(0x7f00000001c0)='personality\x00') seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0xe, 0x7fff0000}]}) 10m49.528963278s ago: executing program 3 (id=8): syz_usb_connect(0x4, 0x24, 0x0, 0x0) r0 = socket(0xa, 0x5, 0x0) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000040)={0x0, 0x0}, 0x10) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, 0x0, 0x0) sendto$inet6(r0, &(0x7f0000000040), 0x0, 0x44004, &(0x7f0000000100)={0xa, 0x4e24, 0xb, @loopback, 0xc5f}, 0x1c) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000300)=@abs={0x0, 0x0, 0xce20}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r5 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r5}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) ioctl$HCIINQUIRY(r4, 0x400448ca, 0x0) openat$autofs(0xffffff9c, &(0x7f0000000000), 0x0, 0x0) r6 = openat$mixer(0xffffffffffffff9c, &(0x7f00000018c0), 0x0, 0x0) ioctl$mixer_OSS_GETVERSION(r6, 0x40086602, 0x0) ioctl$DRM_IOCTL_ADD_MAP(0xffffffffffffffff, 0xc0186415, &(0x7f0000000100)={&(0x7f0000ffa000/0x4000)=nil, 0x10000, 0x0, 0x50}) ioctl$sock_bt_hci(r4, 0x400448c9, 0x0) ioctl$BLKZEROOUT(0xffffffffffffffff, 0x127f, &(0x7f00000000c0)={0x0, 0x80600}) socket$inet_smc(0x2b, 0x1, 0x0) 10m44.761665461s ago: executing program 3 (id=10): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000050000000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x2, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='contention_begin\x00', r0, 0x0, 0xd}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8d}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000540)=0x4) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r2 = socket(0x40000000015, 0x5, 0x0) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) r4 = dup(r3) write$UHID_INPUT(r4, &(0x7f0000001040)={0xe, {"a2e3ad21ed6b0af9fcfbf4c087f74f9b3e096eff7fc6e5539b9b18098b9b4a1b2352091b080d29428f0e1ac6e7049b3468959b189a242a9b60f3988f7ef319520100ffe8d178708c523c921b1b25380a169b63d336cd3b78130daa61d8e81aea882f5802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f309f4cff7738596ecae8707ce065cd5b91cd0ae193973735b36d5b1b63e91c00305d3f46635eb016d5b1dda98e2d749be7bd1d020000000000000075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecd03aded6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801000000005b6bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27afc953854a642c57519544ae15a7e454dea05918b412435111c8f11baa500a3621c56cea8d20ff911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269caf12c31357c8219793e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a687974e7b4ab01b7f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a60560a22f1fca567e65d5e880572286522449df466c632b3570243f989cce3803f465e41e610c20d80421d653a5120000008213b704c7fb082ff27590678ef9f190bae979babc7041d860420c5664ba7921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da3710ac000000001a527777a5371f87d0d4aa202fd28f28381aab144a5d429a04a689b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2f05dd3318271a1f5f8528f227e79c1388dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eefc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f103000000416d59fdee5325928974d12dad99dac44c3f0008047096a44060bebc2420aed92fa9b6578b4779415d97b9a6d601005c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac292d9e53803ed000000009737d214060005ea6f1783e287b3bee96e3a7288afe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f48fe4eae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf02b98a269b891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efedfd71af9444e197f47e866101496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441984cb51682a8ae4d24ad0465f3927f889b09114edb8e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615f7084a607a7eceb6243378e0610060f02cca4051c2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c4e15a7b6eb65ca8104e1b4da1fbb67ab2fc043aead87c32ab875ee7c2e7b7019c902cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe529003d1802d5676d95f160ec97b1ad948741b2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd73643de50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c1023bf70cc77737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f236c6b9990ae71806f2c00b4025c48b75c0f73c497579773767075428067e7f16f4dde374f8211fef42cb468e623daf60b3569d462f4f19eacdb3ed70eeebb4483f070077d443e8b40426db6fe29068c0ca3d3414442e863a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae44369ddb4581c55925d0f6f1ba471eba281f259152f85e654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b405177548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd84e935e00785ec27e923911fab964c271556527697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9ddbfb96d6144345f48843dd014e5c5ad8fe995754bd9cf32fce1e7027132f2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afae5336651b1b9bd522d60399473296b831dbd933d93994ba30b4279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee29165895ac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463181f4b87c10772d2b13f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76d57227edff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f84fad6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b30f0b932a4d02da711b757fe43c06d21e759595e4e98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d0000010000000000fcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4908b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cb0b3e35cb80dd349e891aef595dc4d080e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c60edddab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec014508e5247d33ae6c962d35603ff8454c16f8342856935125102bb784ed704887071f3d998efdd9923c954ab6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6ff7ffb1d62458d0741a12830052fcc460db043afe525629b40d7cee65802cb5e930ed624806c43a006dc9336d07c2b8081c188d26558f48261f7897084c2a1a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da3932ba5c04c24a560ad80a3ce654578376e599aff3565b1d531f30912b99e6619ebe93cc0b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c0ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e6491953264c7b34252600c9654e502dcea39cb0800eb69992e234b4ca7db2f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc640df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c6000064b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c7e36bb2fc4c40e9cf96f06817fb903729a7db6ff957697c9ede7885d94ff1aa7082ead01a9b03c37b0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058093fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0x1000}}, 0x1006) setsockopt$SO_RDS_TRANSPORT(r2, 0x114, 0x8, &(0x7f00000008c0)=0x2, 0x4) syz_open_dev$sndpcmc(&(0x7f0000000000), 0x6e0447cf, 0x940) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4000c2, 0x1ff) r6 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r6, 0x3b81, &(0x7f00000003c0)={0xffffffffffffff55, 0x0, 0x0}) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r6, 0x3ba0, &(0x7f0000000200)={0x48, 0x2, r7, 0x0, 0x0, 0x0}) ioctl$IOMMU_IOAS_ALLOC(r6, 0x3b81, &(0x7f0000000280)={0xc, 0x0, 0x0}) r10 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000002500), r10) sendmsg$NLBL_UNLABEL_C_STATICREMOVEDEF(r10, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000002600)={&(0x7f0000000580)=ANY=[@ANYRESHEX=r5, @ANYRES16=r8, @ANYBLOB="010027bd7000fcdbdf2507000000050001000000000059fc0200fe8000000000000000000000000000aa14000300ff0100000000000000000000000000012a00070073797374656d5f753a6f626a6563745f723a7572616e646f6d5f6465766963655f743a7330000000"], 0x70}, 0x1, 0x0, 0x0, 0x4008040}, 0x4040) ioctl$IOMMU_IOAS_MAP$PAGES(r6, 0x3b85, &(0x7f0000000480)={0x28, 0x4, r9, 0x0, &(0x7f0000fff000/0x1000)=nil, 0x1000, 0x4}) ioctl$IOMMU_HWPT_SET_DIRTY_TRACKING(r6, 0x3b8b, &(0x7f0000000080)={0x10, 0x1}) ioctl$IOMMU_HWPT_SET_DIRTY_TRACKING(r6, 0x3b8b, &(0x7f0000000040)={0x10, 0x1}) inotify_add_watch(0xffffffffffffffff, &(0x7f0000000000)='.\x00', 0x100007c8) write$binfmt_elf64(r5, &(0x7f0000000340)=ANY=[@ANYBLOB="7f454c460d04000c028000000000000003003e00ecffffff940200000000000040000000000000004d020000000000000000000000003800010001017f00080003000000"], 0x78) close(r5) 10m42.851408934s ago: executing program 1 (id=2): r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x0, 0x0, &(0x7f00000001c0)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x94) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000000)={r1, 0x0, 0x0}, 0x10) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r2}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0xf, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000ecb5f9f500ab00000008004112040000000808950000000000000000"], &(0x7f0000000040)='syzkaller\x00', 0x8, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @cgroup_device, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) r6 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0) r7 = fanotify_init(0x8, 0x80000) fanotify_mark(r7, 0x105, 0x4800003a, r6, 0x0) mkdir(&(0x7f0000000100)='./file1\x00', 0x13b) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x5020, &(0x7f0000000480)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './file0'}}], [{@uid_eq={'uid', 0x3d, 0xffffffffffffffff}}, {@dont_measure}, {@smackfsfloor={'smackfsfloor', 0x3d, 'upperdir'}}]}) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mount$afs(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='dyn']) chdir(&(0x7f0000000340)='./file0\x00') mount$nfs(&(0x7f0000000540)='\xb2\x83\x87J9I\xc3i\xe4\x81\xc5:\xccLD\x9d\xd8\xc7\x90v\x8b\x82\x90\xa4\xdd\x98\xb8\rQh#\xfacl\x01\x8cC\x1f|\xa5\xcb\x8f\xe5WJ\x00>\xf2\xd6\t\xf4IE\xcb\x15A\xb5\xbbG\xa0\xea\xc4\x03\xf2\xf5\xf4\xa1\x98', &(0x7f0000000240)='./file0\x00', 0x0, 0x201008, 0x0) r8 = fanotify_init(0x18, 0x0) fanotify_mark(r8, 0x105, 0x4800003a, r0, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 10m42.626814356s ago: executing program 3 (id=12): socket$inet6(0xa, 0x1, 0xfffffff9) ioctl$DRM_IOCTL_SET_CLIENT_CAP(0xffffffffffffffff, 0x4010640d, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94) ioctl$SNDRV_CTL_IOCTL_ELEM_READ(0xffffffffffffffff, 0xc4c85512, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x4, &(0x7f00000002c0)={@local={0xac, 0x2, 0x44, 0xa}, @private=0x5000000}, 0xc) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000300)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r4 = socket(0x10, 0x803, 0x0) r5 = userfaultfd(0x80001) ioctl$UFFDIO_API(r5, 0xc018aa3f, &(0x7f0000000080)={0xaa, 0x1}) ioctl$UFFDIO_REGISTER(r5, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000ff2000/0xe000)=nil, 0xe000}, 0x3}) ioctl$UFFDIO_WRITEPROTECT(r5, 0xc020aa08, &(0x7f0000000100)={{&(0x7f0000ffb000/0x4000)=nil, 0x4000}, 0x1}) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000180)={&(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ff9000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x7000)=nil, &(0x7f0000ffb000/0x3000)=nil, 0x0}, 0x68) brk(0x200000ffa000) ioctl$UFFDIO_COPY(r5, 0xc028aa05, &(0x7f00000000c0)={&(0x7f0000ff9000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x2000, 0x2}) syz_genetlink_get_family_id$ethtool(0x0, r4) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r4, 0x89f1, 0x0) syslog(0x4, 0x0, 0x0) shmat(0x0, &(0x7f0000ffc000/0x4000)=nil, 0x2000) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) 10m40.35787639s ago: executing program 3 (id=14): syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) sendmsg$AUDIT_USER_AVC(0xffffffffffffffff, 0x0, 0x4004004) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x10000, 0x0) ioctl$SNAPSHOT_CREATE_IMAGE(r1, 0x40043311, &(0x7f00000000c0)) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r2 = syz_clone(0x99a1cfb1edd42446, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup\x00', 0x0, 0x0) lstat(&(0x7f0000000400)='./cgroup\x00', &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) stat(&(0x7f0000000580)='./cgroup\x00', &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0}) lstat(&(0x7f0000000180)='./cgroup\x00', &(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000740)={{0x0, 0x0, r4, r5, r6, 0x13, 0x6}, 0x0, 0x0, 0x4, 0x9, 0x0, 0x1, 0xeb4f, 0xff, 0x4, 0x8, r2, r2}) r7 = syz_open_dev$vbi(&(0x7f00000001c0), 0x3, 0x2) capset(&(0x7f0000000040)={0x20071026}, 0x0) r8 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1f, 0x10, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0x6}, [@snprintf={{}, {0x3, 0x3, 0x6, 0xa, 0xa, 0xfff8, 0xf1}, {0x5}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r8}, {}, {0x85, 0x0, 0x0, 0x6a}}]}, &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x10, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r9 = socket$inet6_mptcp(0xa, 0x1, 0x106) setsockopt$sock_linger(r9, 0x1, 0xd, &(0x7f0000000000)={0x1}, 0x8) setsockopt$sock_int(r9, 0x1, 0x21, &(0x7f0000000100), 0x4) getsockopt$inet6_tcp_buf(r9, 0x6, 0x1a, 0x0, &(0x7f0000000040)) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r7, 0xc100565c, &(0x7f00000013c0)={0x3, 0x2, 0x2, {0x5, @vbi={0xb5, 0x0, 0x3, 0x3131354f, [0x400, 0x8000000], [0x8200, 0x1]}}}) ioctl$VIDIOC_QBUF(r7, 0xc058565d, &(0x7f0000000200)=@fd={0x0, 0x5, 0x4, 0x10, 0x2, {}, {0x0, 0x8, 0xfd, 0x0, 0x0, 0x0, "001500"}, 0x0, 0x2, {}, 0xfffffffd}) r10 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/profiling', 0xa0042, 0x0) write$tcp_mem(r10, &(0x7f0000000280)={0x7, 0x2d, 0xffffffffffffffff, 0x3a, 0x0, 0x2c}, 0x48) 10m40.154191847s ago: executing program 1 (id=15): r0 = openat$comedi(0xffffff9c, &(0x7f0000000040)='/dev/comedi1\x00', 0x2180, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="98549c4e16001d8cb60000000000000000000000120003006269746d61703a69702c6d61630000004c00078008000a400000002008001740000000000800124000000401080013400000000e080013400000010108001340000000071800018014000240fc0100000000000000000000000000011400078005001500fe000000080011400000009c050005000a00000005000100060000008fcc010f7b0e9d8bf1cc340ee6776f57e4e62aa8a665526de4b92e0c02a6b50b5b18ce65bad98be37dc7d9bff69fab7ce85ebb8c5b276fefac6769d15be591a2dd0d4afb06693e8ca7a39008321786d7cca3deb558148f001b02de"], 0x98}, 0x1, 0x0, 0x0, 0x80}, 0x4004804) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000b40)=@newqdisc={0x2c4, 0x24, 0x200, 0x70bd28, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, {0xfff3, 0x3}, {0x8, 0x4}, {0xffff, 0x3}}, [@TCA_RATE={0x6, 0x5, {0x0, 0xff}}, @TCA_RATE={0x6, 0x5, {0x80, 0xc}}, @TCA_RATE={0x6, 0x5, {0x80, 0x8}}, @TCA_STAB={0x80, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x1, 0x2, 0xdf, 0x19767fdc, 0x1, 0x8, 0xe79, 0x6}}, {0x10, 0x2, [0x0, 0x8001, 0x10, 0x0, 0x4, 0x81]}}, {{0x1c, 0x1, {0xc3, 0x7f, 0x1, 0x2, 0x0, 0x3, 0x7ff, 0x4}}, {0xc, 0x2, [0x100, 0x5, 0x6, 0x4]}}, {{0x1c, 0x1, {0x7, 0x6, 0x7ff, 0xfffffffb, 0x3, 0x8, 0x2, 0x4}}, {0xc, 0x2, [0x1, 0x8, 0xa9b8, 0xfff8]}}]}, @qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_USC={0x10, 0x3, {0xea5, 0xee99, 0xfff}}}}, @TCA_STAB={0x1a8, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0xd8, 0x1a, 0x55d6, 0x819d, 0x1, 0x2, 0x2, 0x5}}, {0xe, 0x2, [0xfff, 0x10, 0x100, 0xfc00, 0xfca]}}, {{0x1c, 0x1, {0x2, 0x8, 0x6, 0x1, 0x5, 0x3, 0x4, 0x4}}, {0xc, 0x2, [0x3, 0x8c, 0x4, 0x9]}}, {{0x1c, 0x1, {0x9, 0x80, 0x11e, 0x6, 0x1, 0x4, 0x6, 0x2}}, {0x8, 0x2, [0x2, 0xf]}}, {{0x1c, 0x1, {0x8, 0x4, 0xd87, 0x2, 0x2, 0x401, 0x6, 0x1}}, {0x6, 0x2, [0x101]}}, {{0x1c, 0x1, {0xe8, 0x6, 0x8bbf, 0x5, 0x2, 0x7fff, 0x8001, 0x8}}, {0x14, 0x2, [0x2, 0xc, 0xe618, 0xb, 0x3, 0x6, 0x2, 0x1]}}, {{0x1c, 0x1, {0xfb, 0xf4, 0x4, 0x224, 0x2, 0x3, 0x1fde62ee, 0x3}}, {0xa, 0x2, [0x1, 0x2, 0x4]}}, {{0x1c, 0x1, {0xb, 0x3f, 0xfff7, 0x7, 0x0, 0x6, 0x5, 0x6}}, {0x10, 0x2, [0x2, 0x7, 0x8, 0x9, 0x40, 0x9]}}, {{0x1c, 0x1, {0xf, 0x93, 0xc, 0x6, 0x4c27345c60f4ea1a, 0xd, 0x80000000, 0xa}}, {0x18, 0x2, [0x4, 0x1, 0x400, 0x401, 0x0, 0x6, 0x5, 0xf351, 0x1f, 0xcebf]}}, {{0x1c, 0x1, {0x0, 0x9, 0x200, 0x1, 0x2, 0x80000001, 0x75, 0x3}}, {0xa, 0x2, [0x3, 0x3, 0x8]}}, {{0x1c, 0x1, {0xe, 0xa, 0x8000, 0x4, 0x0, 0x808, 0x1, 0x3}}, {0xa, 0x2, [0xfd, 0x5, 0x2]}}]}, @TCA_INGRESS_BLOCK={0x8, 0xd, 0x9}, @qdisc_kind_options=@q_fq_pie={{0xb}, {0x2c, 0x2, [@TCA_FQ_PIE_FLOWS={0x8, 0x2, 0xc94d}, @TCA_FQ_PIE_FLOWS={0x8, 0x2, 0xf028}, @TCA_FQ_PIE_ALPHA={0x8, 0x5, 0x15}, @TCA_FQ_PIE_MEMORY_LIMIT={0x8}, @TCA_FQ_PIE_TARGET={0x8, 0x3, 0x4000}]}}]}, 0x2c4}, 0x1, 0x0, 0x0, 0xc8a5}, 0x0) r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0) mkdir(&(0x7f0000000140)='./file0\x00', 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000200)='sched_switch\x00'}, 0x10) openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x7, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r4 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r4, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) syz_open_dev$tty1(0xc, 0x4, 0x1) r5 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f00000000c0)="d800000018008103e00312ba0d8105040a600300ff0f040b067c55a1bc000900b80006990700000015000500fef32702d3001500030001400200000901ac040098007f6f94007100a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4b11602b2a10c11ce1b14d6d930dfe1d9d322fe04000000730d7a5025ccca262f3d40fad95667e04adcdf634c1f215ce3bb9ad809d5e1cace81ed0b66bce0b42a9ecbee5de6ccd40dd6e4edef3d93452a92307f00000e970300"/216, 0xd8}], 0x1}, 0x48002) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000080)=0x7) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) getsockopt$netlink(r2, 0x10e, 0x8, &(0x7f00000001c0)=""/42, &(0x7f0000000280)=0x2a) ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000b00)={&(0x7f0000000540)='afs_get_tree\x00'}, 0x10) mount$afs(0x0, &(0x7f0000002840)='./file0\x00', &(0x7f0000002880), 0x0, &(0x7f0000000000)={[{@dyn}]}) ioctl$TCSETSF(r3, 0x5404, &(0x7f0000000000)={0xffffffff, 0xc9a, 0xfffff001, 0x6, 0x18, "5cadf0fa59ebc3cef90ac43c5c135252e5d962"}) ioctl$COMEDI_SETRSUBD(r0, 0x6410) r6 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt(r6, 0x84, 0x7c, &(0x7f00000002c0)="010000000980ffff", 0x8) ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, &(0x7f0000000080)={'pcl812\x00', [0x2f00, 0x5, 0xd09a, 0x2, 0x0, 0x1, 0x1, 0x9, 0xffe, 0x1, 0xc, 0x1, 0x4, 0x4, 0xffff, 0x6, 0xffffffa7, 0x0, 0x832, 0x30000, 0x3ff, 0x9, 0x800, 0xe2df, 0x2, 0x1, 0x9, 0x3, 0x4, 0x5, 0x70f]}) 10m29.357085503s ago: executing program 3 (id=20): r0 = socket$pptp(0x18, 0x1, 0x2) bind$pptp(r0, &(0x7f0000000000)={0x18, 0x2, {0x0, @dev}}, 0x1e) connect$pptp(r0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff}, 0x94) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="0e000000040000000400000002"], 0x50) bpf$MAP_GET_NEXT_KEY(0x3, &(0x7f00000001c0)={r1, &(0x7f0000000240), 0x0}, 0x20) r2 = openat$ppp(0xffffffffffffff9c, 0x0, 0x1a01, 0x0) ioctl$EVIOCGPROP(r2, 0x40047438, &(0x7f0000000180)=""/246) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r4 = getpid() sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=@encrypted_load={'load ', 'default', 0x20, 'trusted:', 's}z', 0x20, 0xfcd}, 0x2f, 0xfffffffffffffffa) msync(&(0x7f0000580000/0x2000)=nil, 0x2000, 0x5) add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180), &(0x7f0000000100), 0xca, 0xfffffffffffffffe) shutdown(r6, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x1c, &(0x7f00000001c0)=[@in6={0xa, 0x4e20, 0x0, @private1, 0x85bad93}]}, &(0x7f0000000080)=0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000080)={0x3, 0x6, &(0x7f0000000140)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x2, 0x92, &(0x7f0000000240)=""/146}, 0x94) r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) write$cgroup_subtree(r7, &(0x7f0000000080)=ANY=[], 0x10448) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r7, 0x0) 10m23.526126251s ago: executing program 32 (id=15): r0 = openat$comedi(0xffffff9c, &(0x7f0000000040)='/dev/comedi1\x00', 0x2180, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="98549c4e16001d8cb60000000000000000000000120003006269746d61703a69702c6d61630000004c00078008000a400000002008001740000000000800124000000401080013400000000e080013400000010108001340000000071800018014000240fc0100000000000000000000000000011400078005001500fe000000080011400000009c050005000a00000005000100060000008fcc010f7b0e9d8bf1cc340ee6776f57e4e62aa8a665526de4b92e0c02a6b50b5b18ce65bad98be37dc7d9bff69fab7ce85ebb8c5b276fefac6769d15be591a2dd0d4afb06693e8ca7a39008321786d7cca3deb558148f001b02de"], 0x98}, 0x1, 0x0, 0x0, 0x80}, 0x4004804) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000b40)=@newqdisc={0x2c4, 0x24, 0x200, 0x70bd28, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, {0xfff3, 0x3}, {0x8, 0x4}, {0xffff, 0x3}}, [@TCA_RATE={0x6, 0x5, {0x0, 0xff}}, @TCA_RATE={0x6, 0x5, {0x80, 0xc}}, @TCA_RATE={0x6, 0x5, {0x80, 0x8}}, @TCA_STAB={0x80, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x1, 0x2, 0xdf, 0x19767fdc, 0x1, 0x8, 0xe79, 0x6}}, {0x10, 0x2, [0x0, 0x8001, 0x10, 0x0, 0x4, 0x81]}}, {{0x1c, 0x1, {0xc3, 0x7f, 0x1, 0x2, 0x0, 0x3, 0x7ff, 0x4}}, {0xc, 0x2, [0x100, 0x5, 0x6, 0x4]}}, {{0x1c, 0x1, {0x7, 0x6, 0x7ff, 0xfffffffb, 0x3, 0x8, 0x2, 0x4}}, {0xc, 0x2, [0x1, 0x8, 0xa9b8, 0xfff8]}}]}, @qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_USC={0x10, 0x3, {0xea5, 0xee99, 0xfff}}}}, @TCA_STAB={0x1a8, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0xd8, 0x1a, 0x55d6, 0x819d, 0x1, 0x2, 0x2, 0x5}}, {0xe, 0x2, [0xfff, 0x10, 0x100, 0xfc00, 0xfca]}}, {{0x1c, 0x1, {0x2, 0x8, 0x6, 0x1, 0x5, 0x3, 0x4, 0x4}}, {0xc, 0x2, [0x3, 0x8c, 0x4, 0x9]}}, {{0x1c, 0x1, {0x9, 0x80, 0x11e, 0x6, 0x1, 0x4, 0x6, 0x2}}, {0x8, 0x2, [0x2, 0xf]}}, {{0x1c, 0x1, {0x8, 0x4, 0xd87, 0x2, 0x2, 0x401, 0x6, 0x1}}, {0x6, 0x2, [0x101]}}, {{0x1c, 0x1, {0xe8, 0x6, 0x8bbf, 0x5, 0x2, 0x7fff, 0x8001, 0x8}}, {0x14, 0x2, [0x2, 0xc, 0xe618, 0xb, 0x3, 0x6, 0x2, 0x1]}}, {{0x1c, 0x1, {0xfb, 0xf4, 0x4, 0x224, 0x2, 0x3, 0x1fde62ee, 0x3}}, {0xa, 0x2, [0x1, 0x2, 0x4]}}, {{0x1c, 0x1, {0xb, 0x3f, 0xfff7, 0x7, 0x0, 0x6, 0x5, 0x6}}, {0x10, 0x2, [0x2, 0x7, 0x8, 0x9, 0x40, 0x9]}}, {{0x1c, 0x1, {0xf, 0x93, 0xc, 0x6, 0x4c27345c60f4ea1a, 0xd, 0x80000000, 0xa}}, {0x18, 0x2, [0x4, 0x1, 0x400, 0x401, 0x0, 0x6, 0x5, 0xf351, 0x1f, 0xcebf]}}, {{0x1c, 0x1, {0x0, 0x9, 0x200, 0x1, 0x2, 0x80000001, 0x75, 0x3}}, {0xa, 0x2, [0x3, 0x3, 0x8]}}, {{0x1c, 0x1, {0xe, 0xa, 0x8000, 0x4, 0x0, 0x808, 0x1, 0x3}}, {0xa, 0x2, [0xfd, 0x5, 0x2]}}]}, @TCA_INGRESS_BLOCK={0x8, 0xd, 0x9}, @qdisc_kind_options=@q_fq_pie={{0xb}, {0x2c, 0x2, [@TCA_FQ_PIE_FLOWS={0x8, 0x2, 0xc94d}, @TCA_FQ_PIE_FLOWS={0x8, 0x2, 0xf028}, @TCA_FQ_PIE_ALPHA={0x8, 0x5, 0x15}, @TCA_FQ_PIE_MEMORY_LIMIT={0x8}, @TCA_FQ_PIE_TARGET={0x8, 0x3, 0x4000}]}}]}, 0x2c4}, 0x1, 0x0, 0x0, 0xc8a5}, 0x0) r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0) mkdir(&(0x7f0000000140)='./file0\x00', 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000200)='sched_switch\x00'}, 0x10) openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x7, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r4 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r4, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) syz_open_dev$tty1(0xc, 0x4, 0x1) r5 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f00000000c0)="d800000018008103e00312ba0d8105040a600300ff0f040b067c55a1bc000900b80006990700000015000500fef32702d3001500030001400200000901ac040098007f6f94007100a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4b11602b2a10c11ce1b14d6d930dfe1d9d322fe04000000730d7a5025ccca262f3d40fad95667e04adcdf634c1f215ce3bb9ad809d5e1cace81ed0b66bce0b42a9ecbee5de6ccd40dd6e4edef3d93452a92307f00000e970300"/216, 0xd8}], 0x1}, 0x48002) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000080)=0x7) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) getsockopt$netlink(r2, 0x10e, 0x8, &(0x7f00000001c0)=""/42, &(0x7f0000000280)=0x2a) ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000b00)={&(0x7f0000000540)='afs_get_tree\x00'}, 0x10) mount$afs(0x0, &(0x7f0000002840)='./file0\x00', &(0x7f0000002880), 0x0, &(0x7f0000000000)={[{@dyn}]}) ioctl$TCSETSF(r3, 0x5404, &(0x7f0000000000)={0xffffffff, 0xc9a, 0xfffff001, 0x6, 0x18, "5cadf0fa59ebc3cef90ac43c5c135252e5d962"}) ioctl$COMEDI_SETRSUBD(r0, 0x6410) r6 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt(r6, 0x84, 0x7c, &(0x7f00000002c0)="010000000980ffff", 0x8) ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, &(0x7f0000000080)={'pcl812\x00', [0x2f00, 0x5, 0xd09a, 0x2, 0x0, 0x1, 0x1, 0x9, 0xffe, 0x1, 0xc, 0x1, 0x4, 0x4, 0xffff, 0x6, 0xffffffa7, 0x0, 0x832, 0x30000, 0x3ff, 0x9, 0x800, 0xe2df, 0x2, 0x1, 0x9, 0x3, 0x4, 0x5, 0x70f]}) 10m13.883985004s ago: executing program 33 (id=20): r0 = socket$pptp(0x18, 0x1, 0x2) bind$pptp(r0, &(0x7f0000000000)={0x18, 0x2, {0x0, @dev}}, 0x1e) connect$pptp(r0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff}, 0x94) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="0e000000040000000400000002"], 0x50) bpf$MAP_GET_NEXT_KEY(0x3, &(0x7f00000001c0)={r1, &(0x7f0000000240), 0x0}, 0x20) r2 = openat$ppp(0xffffffffffffff9c, 0x0, 0x1a01, 0x0) ioctl$EVIOCGPROP(r2, 0x40047438, &(0x7f0000000180)=""/246) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r4 = getpid() sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=@encrypted_load={'load ', 'default', 0x20, 'trusted:', 's}z', 0x20, 0xfcd}, 0x2f, 0xfffffffffffffffa) msync(&(0x7f0000580000/0x2000)=nil, 0x2000, 0x5) add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180), &(0x7f0000000100), 0xca, 0xfffffffffffffffe) shutdown(r6, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x1c, &(0x7f00000001c0)=[@in6={0xa, 0x4e20, 0x0, @private1, 0x85bad93}]}, &(0x7f0000000080)=0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000080)={0x3, 0x6, &(0x7f0000000140)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x2, 0x92, &(0x7f0000000240)=""/146}, 0x94) r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) write$cgroup_subtree(r7, &(0x7f0000000080)=ANY=[], 0x10448) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r7, 0x0) 5m53.905462597s ago: executing program 2 (id=285): r0 = syz_open_procfs(0x0, &(0x7f0000000040)='map_files\x00') r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1, 0x0, 0xfffffffffffffffc}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) write$binfmt_aout(0xffffffffffffffff, 0x0, 0xa20) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) r5 = openat$kvm(0x0, 0x0, 0x2382, 0x0) ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) socket$rxrpc(0x21, 0x2, 0xa) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000380)=@generic={&(0x7f0000000340)='./file0\x00', 0x0, 0x18}, 0x18) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r6 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) ioctl$vim2m_VIDIOC_S_FMT(r6, 0xc0d05605, &(0x7f0000000240)={0x1, @pix_mp={0x0, 0x0, 0x50424752, 0x0, 0xd, [{}, {}, {}, {0xf, 0xd}, {}, {0x0, 0xfffffffe}, {0x7}], 0x0, 0x0, 0x0, 0x0, 0x6}}) bpf$PROG_LOAD(0x5, 0x0, 0x0) syz_open_dev$rtc(&(0x7f00000004c0), 0x0, 0x0) syz_io_uring_setup(0x1e1e, &(0x7f00000003c0)={0x0, 0x3da2, 0x4, 0x3, 0xdd}, &(0x7f0000000440)=0x0, 0x0) syz_io_uring_submit(r7, 0x0, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x22}) sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0xc040) mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='nfsd\x00', 0x10, 0x0) chroot(&(0x7f0000000180)='./file0\x00') umount2(&(0x7f00000001c0)='./file0\x00', 0x0) sendmmsg$inet6(r0, &(0x7f0000000340), 0x0, 0x10000055) 5m50.962209628s ago: executing program 2 (id=287): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) openat$dsp(0xffffffffffffff9c, 0x0, 0xa8202, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) io_uring_enter(0xffffffffffffffff, 0x5441, 0xaecd, 0x5, &(0x7f0000000480)={[0x3]}, 0x8) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x3c1, 0x3, 0x2d8, 0x180, 0x0, 0x200, 0x0, 0x0, 0x250, 0x2e8, 0x2e8, 0x250, 0x2e8, 0x3, 0x0, {[{{@uncond, 0x0, 0xd0, 0x138, 0x0, {}, [@inet=@rpfilter={{0x28}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'syz1\x00', 'syz0\x00'}}}, {{@ipv6={@local, @empty, [], [], 'ip6_vti0\x00', 'veth0\x00', {}, {}, 0x21}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE1={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x338) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NLBL_CIPSOV4_C_ADD(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)=ANY=[@ANYBLOB="f80000003e000701feffffff00000000017c0000040042800c00018006000600800a0000d1000280cb00148008000d"], 0xf8}, 0x1, 0x0, 0x0, 0x8890}, 0xc000) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(0xffffffffffffffff, 0x3ba0, 0x0) ioctl$IOMMU_IOAS_MAP$PAGES(0xffffffffffffffff, 0x3b85, &(0x7f0000000180)={0x28, 0x2, 0x0, 0x0, &(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x100000000}) r5 = add_key$user(&(0x7f0000002100), &(0x7f0000002180)={'syz', 0x1}, &(0x7f00000021c0)='b', 0x1, 0xfffffffffffffffe) r6 = add_key$user(&(0x7f0000002300), &(0x7f0000002340)={'syz', 0x3}, &(0x7f0000001180)="370c099069effa43de3e1404db09b4ce1ef77bde4b371532dd16447c1b13403656c86711f6e750026f23029a50d44299c7bf5c78dc5efae2d041016160e8bef7b30c05e298aa9572540dd950307987eef2115e1bcf512bea3410ca5a9e9f827e4b", 0x61, 0xffffffffffffffff) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_GET(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000340)=ANY=[@ANYBLOB="240000000408010800000000000000000500000806000240fbfb000005000300110099b2"], 0x24}, 0x1, 0x0, 0x0, 0x20040081}, 0x4000) keyctl$dh_compute(0x17, &(0x7f0000000380)={r5, r6, r5}, &(0x7f0000000280)=""/190, 0xbe, &(0x7f00000003c0)={&(0x7f0000000340)={'xxhash64-generic\x00'}}) keyctl$setperm(0x5, r6, 0x2000) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) write$P9_RVERSION(0xffffffffffffffff, &(0x7f00000000c0)=ANY=[], 0x15) write$P9_RLERRORu(0xffffffffffffffff, &(0x7f0000000040)=ANY=[@ANYBLOB="8b"], 0x53) openat$pidfd(0xffffffffffffff9c, &(0x7f0000000400), 0x2083, 0x0) 5m49.034608381s ago: executing program 2 (id=289): r0 = socket$inet6_icmp(0xa, 0x2, 0x3a) setsockopt$inet6_buf(r0, 0x29, 0x4, &(0x7f00000004c0)="9bb9bb65cedfbf4f1b49a037e8ca58a2a3932e4d8662c8d00fd82bac59985169f6e1472aee233478d2449763ccbb92a1ca69afe835a4faf947a62cf61afec25e4d29afbcaadd61deb97fcc2e978f2e3538ace7a2d13cebda74d7e89bbea78eddfde3f93869dab2ef89468e925441ad466992ef4de40a6447ada9db7bf0286dbea29f", 0x4d) ioctl$VIDIOC_S_AUDIO(0xffffffffffffffff, 0x40345622, &(0x7f00000001c0)={0x0, "9800003de8f644ad6c8a55930700", 0x3}) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r1, &(0x7f0000000040)={0x1f, 0xffffffffffffffff, 0x3}, 0x6) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x3, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0, r2}, 0x18) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7) openat$iommufd(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r4, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f00000004c0)=@updpolicy={0xfc, 0x19, 0x1, 0x0, 0x0, {{@in6=@rand_addr=' \x01\x00', @in=@local, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xa9, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xa00, 0x40800000000000, 0x800000000000000}}, [@tmpl={0x44, 0x5, [{{@in6=@private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x3c}, 0x0, @in=@broadcast, 0x0, 0x0, 0x3}]}]}, 0xfc}}, 0x0) r5 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r5, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000640)=@migrate={0xec, 0x21, 0x1, 0xfffffffc, 0x0, {{@in=@private=0xa010101, @in6=@private2, 0x0, 0x0, 0x0, 0x0, 0xa}, 0x100000}, [@migrate={0x9c, 0x11, [{@in6=@ipv4={'\x00', '\xff\xff', @local}, @in6=@mcast1, @in=@private=0xa010102, @in6=@private2, 0x3c, 0x0, 0x0, 0x0, 0x2, 0x2}, {@in6=@ipv4={'\x00', '\xff\xff', @multicast1}, @in6=@mcast1, @in=@private=0xa010102, @in=@loopback, 0x33, 0x1, 0x0, 0x3506, 0xa, 0x8}]}]}, 0xec}}, 0x0) r6 = socket$inet_mptcp(0x2, 0x1, 0x106) setsockopt$inet_tcp_int(r6, 0x6, 0x19, &(0x7f00000001c0)=0x1, 0x4) mknod$loop(&(0x7f0000000140)='./file0\x00', 0x40, 0x0) execve(0x0, 0x0, 0x0) r7 = syz_open_dev$sndctrl(&(0x7f0000001ac0), 0x0, 0x0) r8 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_LOCK(r7, 0x40405514, &(0x7f0000000200)={0x9, 0x2, 0x80000000, 0x5, '\x00', 0x13}) ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(r8, 0xc1105511, &(0x7f0000000040)={0x9, 0x0, 0x40, 0x10000, 'syz1\x00', 0x4000000}) execve(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) execve(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000280)={[0x0]}, 0x0) 5m45.993721434s ago: executing program 2 (id=295): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000003c0)={'wlan0\x00'}) openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, 0x0, 0x0, 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x39}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x0, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_emit_ethernet(0x42, &(0x7f0000000040)=ANY=[@ANYBLOB="ffffffffffffaaaaa8aaaabb86dd0001"], 0x0) ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r2, 0x8983, 0x0) r4 = memfd_create(0x0, 0x2) fcntl$addseals(r4, 0x409, 0x8) r5 = socket$inet_smc(0x2b, 0x1, 0x0) r6 = mq_open(&(0x7f0000000180)='\r\x00elinu\xef\xe3elinux\x00\x96\xf6\x92\n#*\xac\x05\xce\xf8D\\\x9a\xe6[]L+\xf6\v\xe8\xf2\xd3\b\x15\n\xb8F!Q9o\x1f#\xbdt\r\xfb\"\x18%\xfdM\xaf_t\xd2\xdcJ\x10\a\xbab\x1a\xdf\xb1\xbdU\xd7Lo\xe7\xac\x81\x10k\xce-\xf5@\xbb\x9d;\xe8\xf6\xffQ\x04\xaai\x92k\x1b;\xddM\xa2\xe1-\x0e\xd8\xde\x00\xff\x18\xdd\bL\xfb\xa2.\xb6{\xb5\x85#\x88\xdc\xf0\x0f\x05\xf1\xc4 \xdeV\x80q\xf7\x04\xf5\x85T\x1f\xc2S]*\xc9lw\xd3J\xc5\xe8\x02\xcb\xbbAHxr\xac\xb77F\xdf\x1c\xcb\xd4\xce\x88L\xf1\xf9[\x98\xd4+pTx\x95\xb5\x1b]x\x1a\x95\xe1c6\xe7`83\xb7n#\xe0\xc1_\xec\xba\xde\a\x8b\xc5\x86woo\xbc\x1c\xa3r\x82\xf3enq-\x90/\xed\xff\xad+\x03\x10\t\xda\xfd\xa2\xd0\xef4\n%\xf1\xd8', 0x6e93ebbbcc0884f2, 0x0, &(0x7f0000000040)={0x0, 0x1, 0x4}) mq_getsetattr(r6, &(0x7f0000000700)={0x800, 0x10, 0x9}, 0x0) mq_timedreceive(r6, &(0x7f0000000340)=""/195, 0xc3, 0x0, 0x0) connect$inet(r5, &(0x7f0000000000)={0x2, 0x4001, @remote}, 0x10) r7 = syz_open_dev$usbfs(&(0x7f0000000180), 0x205, 0x2581) r8 = fcntl$dupfd(r7, 0x0, r7) ioctl$USBDEVFS_SUBMITURB(r8, 0x8038550a, &(0x7f0000000000)=@urb_type_control={0x2, {}, 0x0, 0x0, &(0x7f0000000080)={0x80, 0xf, 0x0, 0x0, 0x7995}, 0x10007, 0x0, 0x0, 0x48000000, 0x0, 0x40000000, 0x0}) ioctl$USBDEVFS_REAPURB(r7, 0x4008550c, &(0x7f00000011c0)) setsockopt$SO_BINDTODEVICE_wg(r5, 0x1, 0x19, &(0x7f0000000080)='wg1\x00', 0x4) sendto$inet(r5, &(0x7f0000000040)="e5", 0xffffffe4, 0x0, 0x0, 0x0) 5m42.896660179s ago: executing program 2 (id=297): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000400)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f0000000100)) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0xe, 0x16, &(0x7f0000000780)=ANY=[@ANYBLOB="61124c00000000006113500000000000bf2000000000000007000000080000003d030100000000009500000c000000006926000000000000bf67000000000000150600000fff070067060000200000006a0200000ee60000bf050000000000003d350000000000006507000002000000070700004a0000000f75000000000000bf54000000000000070400000400f9ff4e53010000000000840400000000000073720000000000009500000000000000db13d5d8b741f2cdaabc8383caf56b8c2b84a8d09535a1574aefc97d8addaa65b925cd3ded25b8b9e2a095d2c51ef45c5588ec78c7f32946b17cecfe54c53ab530c58b67851b7e0e82452a083b98a6aa766401047d150203b0417edef332233b081df18961d6822d133bf73b18e509402a4de1c2ea17f04537fc211576846ac629d1d93265ba474580047a9dc88de358ce795731891a2031de4e09740c64e5306f991ed4785a9773a433e0db9c1a7d4ab9d658ce9cfdb4db3bed62bcb2bc91ddcdfac2e6d4421c49fb6641cbf56914e76702f673b586c767562a90a3967093b000e3806f825f1d0da2a304e06543b56d35235d78b7a7fe912971aab876022e96f5143b6234f5a6b701690b07fb664a44e22b72e843e7cf55f394cf75d1cd3ee79a25fb98cc45b3fde43e42e150d4a2fddd9a9767748ca3522443097c55dc97c09d38485b18ad2cff7873"], &(0x7f0000000100)='GPL\x00', 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_skb}, 0x28) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000004a80)={0x73622a85, 0x100, 0x1}) socket$nl_netfilter(0x10, 0x3, 0xc) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) 5m40.537415518s ago: executing program 2 (id=300): mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) fsetxattr(r0, &(0x7f0000000100)=ANY=[@ANYBLOB='@trfs..dev/vcs'], &(0x7f0000000280)='\x00', 0x1, 0x3) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$BLKZEROOUT(0xffffffffffffffff, 0x127f, &(0x7f00000000c0)={0x0, 0x80600}) r4 = socket$inet_smc(0x2b, 0x1, 0x0) connect$inet(r4, &(0x7f0000000000)={0x2, 0x4001, @remote}, 0x10) setsockopt$SO_BINDTODEVICE_wg(r4, 0x1, 0x19, &(0x7f0000000080)='wg1\x00', 0x4) sendto$inet(r4, &(0x7f0000000040)="e5", 0xffffffe4, 0x0, 0x0, 0x0) r5 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(r5, 0xc0285700, 0x0) syz_io_uring_setup(0xd1, &(0x7f0000000480)={0x0, 0x8a73, 0x100, 0x22, 0xd5}, 0x0, &(0x7f00000001c0)=0x0) r7 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) fcntl$setstatus(r7, 0x4, 0x2000) r8 = socket$nl_route(0x10, 0x3, 0x0) r9 = socket(0x11, 0xa, 0x0) getsockname$packet(r9, 0x0, &(0x7f0000000080)) sendmsg$nl_route(r8, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000440)=ANY=[@ANYBLOB="6c0000001000010400"/19, @ANYRES32=0x0, @ANYBLOB="5d580000000000001c001a8018000a801400070000000000000000000000000000000001140003006970766c616e310000"], 0x6c}, 0x1, 0x0, 0x0, 0x840}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000000)=0x103, 0x0, 0x4) syz_io_uring_submit(0x0, r6, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}) 5m24.560054483s ago: executing program 34 (id=300): mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) fsetxattr(r0, &(0x7f0000000100)=ANY=[@ANYBLOB='@trfs..dev/vcs'], &(0x7f0000000280)='\x00', 0x1, 0x3) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$BLKZEROOUT(0xffffffffffffffff, 0x127f, &(0x7f00000000c0)={0x0, 0x80600}) r4 = socket$inet_smc(0x2b, 0x1, 0x0) connect$inet(r4, &(0x7f0000000000)={0x2, 0x4001, @remote}, 0x10) setsockopt$SO_BINDTODEVICE_wg(r4, 0x1, 0x19, &(0x7f0000000080)='wg1\x00', 0x4) sendto$inet(r4, &(0x7f0000000040)="e5", 0xffffffe4, 0x0, 0x0, 0x0) r5 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(r5, 0xc0285700, 0x0) syz_io_uring_setup(0xd1, &(0x7f0000000480)={0x0, 0x8a73, 0x100, 0x22, 0xd5}, 0x0, &(0x7f00000001c0)=0x0) r7 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) fcntl$setstatus(r7, 0x4, 0x2000) r8 = socket$nl_route(0x10, 0x3, 0x0) r9 = socket(0x11, 0xa, 0x0) getsockname$packet(r9, 0x0, &(0x7f0000000080)) sendmsg$nl_route(r8, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000440)=ANY=[@ANYBLOB="6c0000001000010400"/19, @ANYRES32=0x0, @ANYBLOB="5d580000000000001c001a8018000a801400070000000000000000000000000000000001140003006970766c616e310000"], 0x6c}, 0x1, 0x0, 0x0, 0x840}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000000)=0x103, 0x0, 0x4) syz_io_uring_submit(0x0, r6, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}) 1m9.52532128s ago: executing program 5 (id=705): r0 = syz_usb_connect$hid(0x5, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000000000086e05fe0000000000000109022400010000b00009040000080300000009210000000122460009058103"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f00000003c0)={0x2c, &(0x7f0000000140)=ANY=[@ANYBLOB="0001460000004300a7ea3163fdfa96ce2c8d95"], 0x0, 0x0, 0x0, 0x0}, 0x0) 1m7.161563692s ago: executing program 5 (id=708): ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000400)={'batadv_slave_0\x00'}) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f000000c280)={&(0x7f0000000380)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01010000000000000000050000000900010073797a300000000064000000030a017f7f00000000000000050000000900010073797a30000000000900030073797a300000000008000a400000000328000480080002400000001208000140000000000d0003"], 0xac}}, 0x0) 1m7.105638562s ago: executing program 5 (id=709): r0 = socket$inet6_udplite(0xa, 0x2, 0x88) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x4e24, 0x0, @mcast2, 0xc}, 0x1c) getsockopt$sock_buf(r0, 0x1, 0x19, 0xfffffffffffffffd, &(0x7f0000003080)=0x7a) 1m7.030534456s ago: executing program 5 (id=710): r0 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_INIT(r0, 0x0, 0xc8, &(0x7f0000000000), 0x4) setsockopt$MRT_TABLE(r0, 0x0, 0xcf, 0x0, 0x0) 1m6.741738543s ago: executing program 5 (id=712): r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) syz_usb_connect(0x0, 0x36, &(0x7f0000000940)=ANY=[@ANYBLOB="12010000226aa140070ad0001310010203010902240001000000000904000002bd22f00009050303000000000009058aff"], 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 1m4.261673807s ago: executing program 5 (id=716): unshare(0x20000400) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000004c0)=@newtaction={0x64, 0x30, 0xffffffffffffffff, 0x0, 0x0, {}, [{0x50, 0x1, [@m_bpf={0x4c, 0x1, 0x0, 0x0, {{0x8}, {0x24, 0x2, 0x0, 0x1, [@TCA_ACT_BPF_PARMS={0x18, 0x2, {0x1}}, @TCA_ACT_BPF_FD={0x8}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x64}}, 0x0) 56.56205056s ago: executing program 4 (id=725): r0 = syz_usb_connect(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0xf2, 0x30, 0x39, 0x20, 0x2c42, 0x1202, 0x8540, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0xc, 0x2, 0x2, 0xc1, 0x7f, 0xc, 0x0, [], [{{0x9, 0x5, 0x2, 0x2, 0x200, 0x2}}, {{0x9, 0x5, 0x82, 0x2, 0x200}}]}}]}}]}}, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000500)={0x44, &(0x7f0000000180)={0x40, 0x12, 0x1, "b4"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 52.797760633s ago: executing program 4 (id=727): syz_usb_connect(0x5, 0x24, &(0x7f0000001280)=ANY=[@ANYBLOB="12010003001f66088f0510660548020003010902120001049570810904008100ffffff02"], &(0x7f0000001700)={0xffffffa0, 0x0, 0x0, 0x0, 0x23}) r0 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402) writev(r0, &(0x7f0000000080)=[{&(0x7f0000001740)="88b9", 0x2}], 0x1) 51.142899754s ago: executing program 4 (id=729): r0 = syz_usb_connect$hid(0x5, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x46d, 0xc29c, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x2, 0x3, 0x0, 0x1, 0x0, {0x9, 0x21, 0x1000, 0x6, 0x1, {0x22, 0x7}}, {{{0x9, 0x5, 0x81, 0x3, 0x0, 0xd, 0x3}}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000080)={0x24, 0x0, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="002207000000abc9a4"], 0x0}, 0x0) 49.126215985s ago: executing program 0 (id=730): r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000200)=ANY=[@ANYBLOB="1201410130f56920ac05190272f00102030109021b00010000100009045507010349020009058203"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, &(0x7f0000000140)={0x14, 0x0, &(0x7f0000000280)={0x0, 0x3, 0x4, @string={0x4, 0x3, "75db"}}}, 0x0) 48.997698626s ago: executing program 35 (id=716): unshare(0x20000400) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000004c0)=@newtaction={0x64, 0x30, 0xffffffffffffffff, 0x0, 0x0, {}, [{0x50, 0x1, [@m_bpf={0x4c, 0x1, 0x0, 0x0, {{0x8}, {0x24, 0x2, 0x0, 0x1, [@TCA_ACT_BPF_PARMS={0x18, 0x2, {0x1}}, @TCA_ACT_BPF_FD={0x8}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x64}}, 0x0) 48.964382571s ago: executing program 4 (id=732): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0, r0}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r4 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r4, 0xc04064a0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000340), 0x0}) ioctl$DRM_IOCTL_MODE_GETCONNECTOR(r4, 0xc05064a7, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000000}) r5 = fspick(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0) r6 = socket$can_j1939(0x1d, 0x2, 0x7) r7 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r7, 0x8933, &(0x7f0000000280)={'vcan0\x00', 0x0}) bind$can_j1939(0xffffffffffffffff, &(0x7f0000000040)={0x1d, r8, 0x2, {0x0, 0xff, 0x7}, 0xfe}, 0x18) ioctl$ifreq_SIOCGIFINDEX_vcan(r6, 0x8933, &(0x7f0000000400)={'vcan0\x00', 0x0}) bind$can_j1939(0xffffffffffffffff, &(0x7f0000000080)={0x1d, r9, 0x0, {0x0, 0x0, 0x4}, 0xfe}, 0x18) setsockopt$SO_J1939_PROMISC(0xffffffffffffffff, 0x6b, 0x2, 0x0, 0x0) sendmsg$can_j1939(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000140)={0x1d, 0x0, 0x80000000000000, {0x0, 0xf0, 0x2}}, 0x18, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x400c000}, 0xee) fsconfig$FSCONFIG_CMD_RECONFIGURE(r5, 0x7, 0x0, 0x0, 0x0) 47.577865582s ago: executing program 4 (id=733): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00090581d7"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000040)={0x24, 0x0, 0x0, &(0x7f0000000180)={0x0, 0x22, 0xf, {[@global=@item_012={0x2, 0x1, 0x5, '\x00\x00'}, @local=@item_4={0x3, 0x2, 0x0, "45501821"}, @main=@item_012={0x0, 0x0, 0x8}, @global=@item_012={0x0, 0x1, 0x6}, @local=@item_4={0x3, 0x2, 0x9, ';\\tP'}]}}, 0x0}, 0x0) 45.506292871s ago: executing program 0 (id=734): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x9, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x18, 0x3, &(0x7f0000000540)=ANY=[], &(0x7f0000000280)='GPL\x00', 0xa, 0xb9, &(0x7f0000000140)=""/185, 0x40f00, 0x21, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2) openat$comedi(0xffffffffffffff9c, &(0x7f0000002180)='/dev/comedi0\x00', 0x88602, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r5, 0x0) keyctl$get_persistent(0x16, 0xee00, 0xffffffffffffffff) 42.489574472s ago: executing program 4 (id=735): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl802154(&(0x7f00000002c0), 0xffffffffffffffff) sendmsg$NL802154_CMD_NEW_SEC_DEVKEY(r0, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000600)={0x44, r1, 0x1, 0x70bd25, 0x25dfdbfe, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_SEC_DEVKEY={0x24, 0x2f, 0x0, 0x1, [@NL802154_DEVKEY_ATTR_ID={0xc, 0x3, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_MODE={0x8}]}, @NL802154_DEVKEY_ATTR_EXTENDED_ADDR={0xc, 0x2, {0xaaaaaaaaaaaa0302}}, @NL802154_DEVKEY_ATTR_FRAME_COUNTER={0x8, 0x1, 0x9}]}]}, 0x44}, 0x1, 0x0, 0x0, 0x4000010}, 0x80) 42.48870743s ago: executing program 0 (id=736): r0 = syz_open_procfs(0x0, &(0x7f0000000180)='net/anycast6\x00') read$FUSE(r0, &(0x7f0000008580)={0x2020}, 0xfffffef2) preadv(r0, &(0x7f0000000100)=[{&(0x7f0000000000)=""/241, 0xf1}], 0x1, 0xffffbdea, 0x0) 42.488396957s ago: executing program 0 (id=737): r0 = io_uring_setup(0x115c, &(0x7f00000000c0)={0x0, 0x8270, 0x40, 0x3, 0x117}) syz_usb_connect$uac1(0x0, 0x71, &(0x7f0000000940)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5f, 0x3, 0x1, 0x0, 0x70, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{0xa, 0x24, 0x1, 0x8}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {}, {{0x9, 0x5, 0x1, 0x9, 0x0, 0x40, 0x0, 0x0, {0x7, 0x25, 0x1, 0x0, 0x0, 0x80}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {}, {{0x9, 0x5, 0x82, 0x9, 0x40, 0x9, 0x0, 0x0, {0x7, 0x25, 0x1, 0x80, 0x2, 0x81}}}}}}}]}}, 0x0) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000640)=[{0x0}], 0x178) 39.255236258s ago: executing program 0 (id=738): r0 = socket$kcm(0x2, 0x2, 0x73) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e22, @broadcast}, 0x10) syz_emit_ethernet(0x74, &(0x7f0000000000)={@link_local, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0, 0x73, 0x0, @private=0x300, @multicast1}, {0x0, 0x0, 0xfffffe9a, 0x0, @gue={{0x2}}}}}}}, 0x0) 39.207236223s ago: executing program 0 (id=739): prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f04ebbeef, 0x8031, 0xffffffffffffffff, 0xee31b000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r3) r4 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r3, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x1}, 0x1c) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$ETHTOOL_MSG_FEATURES_SET(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000300)=ANY=[@ANYBLOB="8c000000", @ANYRES16, @ANYBLOB="010000000000000000000c00000018000180140002006261746164765f736c6176655f310000600003805c0003800c000180"], 0x8c}}, 0x0) listen(r4, 0x0) r6 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r6, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10) r7 = accept(r3, 0x0, 0x0) sendmsg$TEAM_CMD_OPTIONS_SET(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[], 0xfffffdef}, 0x1, 0x0, 0x0, 0xc000}, 0x10) r8 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r8, 0x3ba0, &(0x7f0000000740)={0x48, 0x2, 0x0, 0x0, 0x0, 0x0}) ioctl$IOMMU_TEST_OP_MD_CHECK_MAP(0xffffffffffffffff, 0x3ba0, &(0x7f0000000340)={0x48, 0x3, r9, 0x0, 0x0, 0x43, &(0x7f0000000240)="eeaa327af1976a5790f526f61a108cba7e979ec9a0d3c6c46b9a6880af1cc8658705c1b5901e989b7daf7e79ba82ffd3d334ddecdefc605268c876ea9ada98dd460709"}) socket$nl_route(0x10, 0x3, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x100) mount$afs(0x0, &(0x7f0000002840)='./file0\x00', &(0x7f0000002880), 0x700, &(0x7f0000000200)=ANY=[@ANYBLOB='dyn']) 19.037818947s ago: executing program 36 (id=739): prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f04ebbeef, 0x8031, 0xffffffffffffffff, 0xee31b000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r3) r4 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r3, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x1}, 0x1c) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$ETHTOOL_MSG_FEATURES_SET(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000300)=ANY=[@ANYBLOB="8c000000", @ANYRES16, @ANYBLOB="010000000000000000000c00000018000180140002006261746164765f736c6176655f310000600003805c0003800c000180"], 0x8c}}, 0x0) listen(r4, 0x0) r6 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r6, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10) r7 = accept(r3, 0x0, 0x0) sendmsg$TEAM_CMD_OPTIONS_SET(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[], 0xfffffdef}, 0x1, 0x0, 0x0, 0xc000}, 0x10) r8 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r8, 0x3ba0, &(0x7f0000000740)={0x48, 0x2, 0x0, 0x0, 0x0, 0x0}) ioctl$IOMMU_TEST_OP_MD_CHECK_MAP(0xffffffffffffffff, 0x3ba0, &(0x7f0000000340)={0x48, 0x3, r9, 0x0, 0x0, 0x43, &(0x7f0000000240)="eeaa327af1976a5790f526f61a108cba7e979ec9a0d3c6c46b9a6880af1cc8658705c1b5901e989b7daf7e79ba82ffd3d334ddecdefc605268c876ea9ada98dd460709"}) socket$nl_route(0x10, 0x3, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x100) mount$afs(0x0, &(0x7f0000002840)='./file0\x00', &(0x7f0000002880), 0x700, &(0x7f0000000200)=ANY=[@ANYBLOB='dyn']) 0s ago: executing program 37 (id=735): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl802154(&(0x7f00000002c0), 0xffffffffffffffff) sendmsg$NL802154_CMD_NEW_SEC_DEVKEY(r0, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000600)={0x44, r1, 0x1, 0x70bd25, 0x25dfdbfe, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_SEC_DEVKEY={0x24, 0x2f, 0x0, 0x1, [@NL802154_DEVKEY_ATTR_ID={0xc, 0x3, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_MODE={0x8}]}, @NL802154_DEVKEY_ATTR_EXTENDED_ADDR={0xc, 0x2, {0xaaaaaaaaaaaa0302}}, @NL802154_DEVKEY_ATTR_FRAME_COUNTER={0x8, 0x1, 0x9}]}]}, 0x44}, 0x1, 0x0, 0x0, 0x4000010}, 0x80) kernel console output (not intermixed with test programs): ] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 396.068131][ T5855] Bluetooth: hci3: command tx timeout [ 396.114851][ C0] vkms_vblank_simulate: vblank timer overrun [ 396.315124][ T7280] binder: 7277:7280 ioctl c018620c 200000000000 returned -22 [ 396.539952][ C0] vkms_vblank_simulate: vblank timer overrun [ 397.161225][ C0] vkms_vblank_simulate: vblank timer overrun [ 397.192805][ T1109] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 397.826665][ C0] vkms_vblank_simulate: vblank timer overrun [ 398.286908][ C0] vkms_vblank_simulate: vblank timer overrun [ 398.441640][ C0] vkms_vblank_simulate: vblank timer overrun [ 398.655364][ T5855] Bluetooth: hci3: command tx timeout [ 399.163776][ C0] vkms_vblank_simulate: vblank timer overrun [ 399.310978][ C0] vkms_vblank_simulate: vblank timer overrun [ 399.540722][ C0] vkms_vblank_simulate: vblank timer overrun [ 400.091143][ C0] vkms_vblank_simulate: vblank timer overrun [ 400.330381][ C0] vkms_vblank_simulate: vblank timer overrun [ 400.725325][ C0] vkms_vblank_simulate: vblank timer overrun [ 401.286753][ C0] vkms_vblank_simulate: vblank timer overrun [ 401.408639][ T7309] vcan0: tx drop: invalid da for name 0x0080000000000000 [ 402.296083][ C0] vkms_vblank_simulate: vblank timer overrun [ 402.328786][ C0] vkms_vblank_simulate: vblank timer overrun [ 402.779840][ T7322] vcan0: tx drop: invalid da for name 0x0080000000000000 [ 403.235833][ C0] vkms_vblank_simulate: vblank timer overrun [ 403.291533][ C0] vkms_vblank_simulate: vblank timer overrun [ 403.457877][ T7183] chnl_net:caif_netlink_parms(): no params data found [ 404.620489][ T7335] /dev/nullb0: Can't open blockdev [ 405.397486][ C0] vkms_vblank_simulate: vblank timer overrun [ 405.680768][ C0] vkms_vblank_simulate: vblank timer overrun [ 406.046913][ C0] vkms_vblank_simulate: vblank timer overrun [ 406.996482][ C0] vkms_vblank_simulate: vblank timer overrun [ 407.177704][ T7359] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 407.184196][ C0] vkms_vblank_simulate: vblank timer overrun [ 408.011007][ C0] vkms_vblank_simulate: vblank timer overrun [ 408.124819][ C0] vkms_vblank_simulate: vblank timer overrun [ 408.641508][ C0] vkms_vblank_simulate: vblank timer overrun [ 409.783930][ C0] vkms_vblank_simulate: vblank timer overrun [ 409.885249][ T7232] chnl_net:caif_netlink_parms(): no params data found [ 410.016880][ T1109] bridge_slave_1: left allmulticast mode [ 410.016911][ T1109] bridge_slave_1: left promiscuous mode [ 410.018777][ T1109] bridge0: port 2(bridge_slave_1) entered disabled state [ 410.195373][ C0] vkms_vblank_simulate: vblank timer overrun [ 410.454880][ T7386] vcan0: tx drop: invalid da for name 0x0080000000000000 [ 410.456942][ C0] vkms_vblank_simulate: vblank timer overrun [ 411.159431][ T1109] bridge_slave_0: left allmulticast mode [ 411.159465][ T1109] bridge_slave_0: left promiscuous mode [ 411.159745][ T1109] bridge0: port 1(bridge_slave_0) entered disabled state [ 411.473091][ C0] vkms_vblank_simulate: vblank timer overrun [ 412.334131][ C0] vkms_vblank_simulate: vblank timer overrun [ 412.768171][ C0] vkms_vblank_simulate: vblank timer overrun [ 413.285765][ C0] vkms_vblank_simulate: vblank timer overrun [ 413.688926][ C0] vkms_vblank_simulate: vblank timer overrun [ 413.728337][ C0] vkms_vblank_simulate: vblank timer overrun [ 413.770111][ C0] vkms_vblank_simulate: vblank timer overrun [ 413.843038][ T1109] bridge_slave_1: left allmulticast mode [ 413.843336][ T1109] bridge_slave_1: left promiscuous mode [ 413.844451][ C0] vkms_vblank_simulate: vblank timer overrun [ 413.877753][ T1109] bridge0: port 2(bridge_slave_1) entered disabled state [ 414.044360][ C0] vkms_vblank_simulate: vblank timer overrun [ 414.126412][ C0] vkms_vblank_simulate: vblank timer overrun [ 414.189074][ C0] vkms_vblank_simulate: vblank timer overrun [ 414.278592][ C0] vkms_vblank_simulate: vblank timer overrun [ 414.709779][ C0] vkms_vblank_simulate: vblank timer overrun [ 414.989542][ T1109] bridge_slave_0: left allmulticast mode [ 414.989572][ T1109] bridge_slave_0: left promiscuous mode [ 414.989801][ T1109] bridge0: port 1(bridge_slave_0) entered disabled state [ 415.052769][ T7403] binder: BINDER_SET_CONTEXT_MGR already set [ 415.052783][ T7403] binder: 7401:7403 ioctl 4018620d 200000004a80 returned -16 [ 415.523287][ C0] vkms_vblank_simulate: vblank timer overrun [ 416.514793][ C0] vkms_vblank_simulate: vblank timer overrun [ 416.575325][ C0] vkms_vblank_simulate: vblank timer overrun [ 416.946781][ C0] vkms_vblank_simulate: vblank timer overrun [ 417.092589][ C0] vkms_vblank_simulate: vblank timer overrun [ 417.510113][ T7420] netlink: 76 bytes leftover after parsing attributes in process `syz.2.300'. [ 418.250581][ T7423] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 418.794040][ T1109] bond0 (unregistering): Released all slaves [ 419.958333][ T1109] bond0 (unregistering): Released all slaves [ 420.633895][ T1109] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 420.759488][ T7437] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 421.082781][ T1109] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 421.500562][ T7433] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 421.591338][ T1109] bond0 (unregistering): Released all slaves [ 424.686299][ T38] kauditd_printk_skb: 2 callbacks suppressed [ 424.686337][ T38] audit: type=1326 audit(1757024591.310:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7442 comm="syz.4.306" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f45f783ebe9 code=0x0 [ 428.253139][ T7461] binder: BINDER_SET_CONTEXT_MGR already set [ 428.253166][ T7461] binder: 7456:7461 ioctl 4018620d 200000004a80 returned -16 [ 428.428997][ C1] vkms_vblank_simulate: vblank timer overrun [ 428.482076][ C1] vkms_vblank_simulate: vblank timer overrun [ 428.852194][ T7466] random: crng reseeded on system resumption [ 429.260281][ C1] vkms_vblank_simulate: vblank timer overrun [ 429.489511][ C1] vkms_vblank_simulate: vblank timer overrun [ 429.702130][ T7470] CUSE: unknown device info "KJ éH+ßãÛ¤2Lh¸änLþ1Õ`†CcÝòn§õ†îì8­¨×0º©®(À3Õ¶ië®â>f¡Çè_Ù®,°ð<Ö_e¤FÀÆ" [ 429.702189][ T7470] CUSE: unknown device info "3ÜŸ•,²¥Ì˜õ" [ 429.702227][ T7470] CUSE: unknown device info "Jô©Ð2S Zûü !e/ëÅúãõž‘­J½+-n´¸a4¼ßØÁDÿ|G$öó­5O~©q ´ƒ [ 429.702227][ T7470] f𳦧ìýzóÚXÁSAäx¡Ùjª½T¾Ç”¨åw— üæšxRÉQ÷®(hÒj pøVdY0¨Æ|M?2JÿúIšvö^RÎ@´å" [ 429.702270][ T7470] CUSE: unknown device info "!ToÛ}Ý&|L+U²®oæõϲ±„Ð"–¨FstVµ:׌E• gJºî‹ÂÁ<@cÁ”²ûŽ4ÊTáM˜M|©·š‚ô" [ 429.702308][ T7470] CUSE: DEVNAME unspecified [ 429.717870][ C1] vkms_vblank_simulate: vblank timer overrun [ 429.724298][ T38] audit: type=1326 audit(1757024596.350:43): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7467 comm="syz.0.311" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fd7d9ccebe9 code=0x0 [ 430.200044][ C1] vkms_vblank_simulate: vblank timer overrun [ 430.390439][ C1] vkms_vblank_simulate: vblank timer overrun [ 431.033352][ C1] vkms_vblank_simulate: vblank timer overrun [ 431.193455][ C1] vkms_vblank_simulate: vblank timer overrun [ 431.222190][ C1] vkms_vblank_simulate: vblank timer overrun [ 431.519437][ C1] vkms_vblank_simulate: vblank timer overrun [ 432.368210][ C1] vkms_vblank_simulate: vblank timer overrun [ 432.739396][ C1] vkms_vblank_simulate: vblank timer overrun [ 433.097137][ T7485] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 433.122416][ T1109] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 433.489998][ T1109] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 433.532294][ T1109] bond0 (unregistering): Released all slaves [ 435.459698][ T59] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 435.494414][ T59] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 435.495620][ T59] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 435.515514][ T59] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 435.520178][ T59] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 436.179326][ C1] vkms_vblank_simulate: vblank timer overrun [ 436.415830][ C1] vkms_vblank_simulate: vblank timer overrun [ 437.301553][ C1] vkms_vblank_simulate: vblank timer overrun [ 438.232357][ C1] vkms_vblank_simulate: vblank timer overrun [ 438.283177][ T5855] Bluetooth: hci4: command tx timeout [ 438.525546][ C1] vkms_vblank_simulate: vblank timer overrun [ 439.605909][ C1] vkms_vblank_simulate: vblank timer overrun [ 440.043369][ T7519] binder: BINDER_SET_CONTEXT_MGR already set [ 440.043384][ T7519] binder: 7512:7519 ioctl 4018620d 200000004a80 returned -16 [ 440.044867][ T7516] netlink: 20 bytes leftover after parsing attributes in process `syz.4.320'. [ 440.474370][ T59] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 440.528182][ T59] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 440.530328][ T59] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 440.535070][ C1] vkms_vblank_simulate: vblank timer overrun [ 440.564211][ T59] Bluetooth: hci4: command tx timeout [ 440.574792][ T59] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 440.585113][ T59] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 441.609538][ T7528] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount. [ 441.609616][ T7528] CIFS mount error: No usable UNC path provided in device string! [ 441.609616][ T7528] [ 441.609943][ T7528] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 442.628421][ T59] Bluetooth: hci4: command tx timeout [ 442.709210][ T59] Bluetooth: hci5: command tx timeout [ 444.641045][ T7232] bridge0: port 1(bridge_slave_0) entered blocking state [ 444.641266][ T7232] bridge0: port 1(bridge_slave_0) entered disabled state [ 444.641495][ T7232] bridge_slave_0: entered allmulticast mode [ 444.647469][ T7232] bridge_slave_0: entered promiscuous mode [ 444.742174][ T59] Bluetooth: hci4: command tx timeout [ 444.757887][ T7232] bridge0: port 2(bridge_slave_1) entered blocking state [ 444.758031][ T7232] bridge0: port 2(bridge_slave_1) entered disabled state [ 444.758236][ T7232] bridge_slave_1: entered allmulticast mode [ 444.778051][ T7232] bridge_slave_1: entered promiscuous mode [ 444.787789][ T59] Bluetooth: hci5: command tx timeout [ 445.185624][ T7546] netlink: 20 bytes leftover after parsing attributes in process `syz.0.331'. [ 445.211910][ T1326] ieee802154 phy0 wpan0: encryption failed: -22 [ 445.211977][ T1326] ieee802154 phy1 wpan1: encryption failed: -22 [ 446.404721][ T7548] vivid-004: disconnect [ 446.867846][ T59] Bluetooth: hci5: command tx timeout [ 447.437910][ T1109] hsr_slave_0: left promiscuous mode [ 447.840973][ T1109] hsr_slave_1: left promiscuous mode [ 448.055271][ T1109] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 448.348064][ T7550] vivid-004: reconnect [ 448.355976][ T1109] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 448.708848][ T7556] netlink: 8 bytes leftover after parsing attributes in process `syz.0.325'. [ 449.175297][ T7556] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_cmd_wq": -EINTR [ 449.391868][ T59] Bluetooth: hci5: command tx timeout [ 450.428007][ T1109] hsr_slave_0: left promiscuous mode [ 451.247315][ T5855] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 451.258988][ T1109] hsr_slave_1: left promiscuous mode [ 451.260197][ T1109] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 451.260220][ T1109] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 451.261704][ T7560] Driver unsupported XDP return value 0 on prog (id 157) dev N/A, expect packet loss! [ 451.272202][ T7561] program syz.0.326 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 451.313518][ T5855] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 451.327311][ T5855] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 451.348304][ T5855] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 451.350524][ T5855] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 451.380806][ T1109] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 451.380832][ T1109] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 451.721262][ T7571] binder: BINDER_SET_CONTEXT_MGR already set [ 451.721276][ T7571] binder: 7568:7571 ioctl 4018620d 200000004a80 returned -16 [ 452.180667][ T1109] veth1_macvtap: left promiscuous mode [ 452.180782][ T1109] veth0_macvtap: left promiscuous mode [ 452.181077][ T1109] veth1_vlan: left promiscuous mode [ 452.181289][ T1109] veth0_vlan: left promiscuous mode [ 452.703789][ T7575] virtio-fs: tag not found [ 453.462924][ T59] Bluetooth: hci2: command tx timeout [ 455.281725][ C0] vkms_vblank_simulate: vblank timer overrun [ 455.350463][ C0] vkms_vblank_simulate: vblank timer overrun [ 455.507744][ T5855] Bluetooth: hci2: command tx timeout [ 456.089066][ T1109] team0 (unregistering): Port device team_slave_1 removed [ 456.521579][ T1109] team0 (unregistering): Port device team_slave_0 removed [ 457.432284][ C0] vkms_vblank_simulate: vblank timer overrun [ 457.652820][ T5855] Bluetooth: hci2: command tx timeout [ 457.661575][ C0] vkms_vblank_simulate: vblank timer overrun [ 458.015845][ C0] vkms_vblank_simulate: vblank timer overrun [ 458.761049][ C0] vkms_vblank_simulate: vblank timer overrun [ 459.238944][ C0] vkms_vblank_simulate: vblank timer overrun [ 459.325078][ T7614] vcan0: tx drop: invalid da for name 0x0080000000000000 [ 459.753679][ C0] vkms_vblank_simulate: vblank timer overrun [ 459.902611][ T7616] netlink: 8 bytes leftover after parsing attributes in process `syz.0.339'. [ 460.188502][ C0] vkms_vblank_simulate: vblank timer overrun [ 460.191825][ T5855] Bluetooth: hci2: command tx timeout [ 460.529702][ C0] vkms_vblank_simulate: vblank timer overrun [ 461.414264][ C0] vkms_vblank_simulate: vblank timer overrun [ 461.701834][ T38] audit: type=1326 audit(1757024628.310:44): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7625 comm="syz.4.343" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f45f783ebe9 code=0x7ffc0000 [ 461.701884][ T38] audit: type=1326 audit(1757024628.340:45): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7625 comm="syz.4.343" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f45f783ebe9 code=0x7ffc0000 [ 461.704810][ T38] audit: type=1326 audit(1757024628.340:46): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7625 comm="syz.4.343" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f45f783ebe9 code=0x7ffc0000 [ 461.705249][ T38] audit: type=1326 audit(1757024628.340:47): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7625 comm="syz.4.343" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f45f783ebe9 code=0x7ffc0000 [ 461.705519][ T38] audit: type=1326 audit(1757024628.340:48): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7625 comm="syz.4.343" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f45f783ebe9 code=0x7ffc0000 [ 461.706197][ T38] audit: type=1326 audit(1757024628.340:49): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7625 comm="syz.4.343" exe="/root/syz-executor" sig=0 arch=c000003e syscall=49 compat=0 ip=0x7f45f783ebe9 code=0x7ffc0000 [ 461.706855][ T38] audit: type=1326 audit(1757024628.340:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7625 comm="syz.4.343" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f45f783ebe9 code=0x7ffc0000 [ 461.707171][ T38] audit: type=1326 audit(1757024628.340:51): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7625 comm="syz.4.343" exe="/root/syz-executor" sig=0 arch=c000003e syscall=49 compat=0 ip=0x7f45f783ebe9 code=0x7ffc0000 [ 461.884285][ T38] audit: type=1326 audit(1757024628.520:52): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7625 comm="syz.4.343" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f45f783ebe9 code=0x7ffc0000 [ 461.885003][ T38] audit: type=1326 audit(1757024628.520:53): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7625 comm="syz.4.343" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f45f783ebe9 code=0x7ffc0000 [ 462.282651][ T5918] kernel write not supported for file /503/attr/sockcreate (pid: 5918 comm: kworker/0:4) [ 463.305679][ C0] vkms_vblank_simulate: vblank timer overrun [ 463.443674][ C0] vkms_vblank_simulate: vblank timer overrun [ 463.676468][ T7638] sctp: failed to load transform for md5: -2 [ 464.271828][ C0] vkms_vblank_simulate: vblank timer overrun [ 464.924918][ C0] vkms_vblank_simulate: vblank timer overrun [ 464.953909][ C0] vkms_vblank_simulate: vblank timer overrun [ 465.950691][ C0] vkms_vblank_simulate: vblank timer overrun [ 466.061661][ C0] vkms_vblank_simulate: vblank timer overrun [ 467.078098][ T7657] vcan0: tx drop: invalid da for name 0x0080000000000000 [ 467.735766][ T7662] evm: overlay not supported [ 467.737163][ C1] vkms_vblank_simulate: vblank timer overrun [ 467.771377][ C1] vkms_vblank_simulate: vblank timer overrun [ 467.956846][ C1] vkms_vblank_simulate: vblank timer overrun [ 468.197142][ C1] vkms_vblank_simulate: vblank timer overrun [ 468.389485][ C1] vkms_vblank_simulate: vblank timer overrun [ 468.834192][ C1] vkms_vblank_simulate: vblank timer overrun [ 468.987579][ C1] vkms_vblank_simulate: vblank timer overrun [ 469.356450][ C1] vkms_vblank_simulate: vblank timer overrun [ 469.506316][ C1] vkms_vblank_simulate: vblank timer overrun [ 469.952034][ T7679] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 470.465621][ C1] vkms_vblank_simulate: vblank timer overrun [ 471.025226][ C1] vkms_vblank_simulate: vblank timer overrun [ 471.928060][ C1] vkms_vblank_simulate: vblank timer overrun [ 472.006539][ C1] vkms_vblank_simulate: vblank timer overrun [ 472.368681][ T7692] netlink: 20 bytes leftover after parsing attributes in process `syz.4.355'. [ 472.570930][ C1] vkms_vblank_simulate: vblank timer overrun [ 472.770260][ C1] vkms_vblank_simulate: vblank timer overrun [ 473.070569][ C1] vkms_vblank_simulate: vblank timer overrun [ 473.250483][ T7695] vcan0: tx drop: invalid da for name 0x0080000000000000 [ 473.294179][ C1] vkms_vblank_simulate: vblank timer overrun [ 473.522345][ C1] vkms_vblank_simulate: vblank timer overrun [ 473.910368][ C1] vkms_vblank_simulate: vblank timer overrun [ 474.133119][ T7700] vcan0: tx drop: invalid da for name 0x0080000000000000 [ 474.873058][ C1] vkms_vblank_simulate: vblank timer overrun [ 474.956668][ C1] vkms_vblank_simulate: vblank timer overrun [ 475.157658][ C1] vkms_vblank_simulate: vblank timer overrun [ 475.656036][ C1] vkms_vblank_simulate: vblank timer overrun [ 476.251844][ C1] vkms_vblank_simulate: vblank timer overrun [ 476.419386][ C1] vkms_vblank_simulate: vblank timer overrun [ 476.823215][ C1] vkms_vblank_simulate: vblank timer overrun [ 476.980460][ C1] vkms_vblank_simulate: vblank timer overrun [ 477.138914][ C1] vkms_vblank_simulate: vblank timer overrun [ 477.216229][ C1] vkms_vblank_simulate: vblank timer overrun [ 477.850493][ C1] vkms_vblank_simulate: vblank timer overrun [ 478.054281][ C1] vkms_vblank_simulate: vblank timer overrun [ 478.343809][ C1] vkms_vblank_simulate: vblank timer overrun [ 478.987088][ C1] vkms_vblank_simulate: vblank timer overrun [ 479.010135][ T7729] vcan0: tx drop: invalid da for name 0x0080000000000000 [ 479.257225][ C1] vkms_vblank_simulate: vblank timer overrun [ 479.658483][ C1] vkms_vblank_simulate: vblank timer overrun [ 479.781302][ T7735] netlink: 20 bytes leftover after parsing attributes in process `syz.0.366'. [ 480.341713][ C1] vkms_vblank_simulate: vblank timer overrun [ 480.505872][ C1] vkms_vblank_simulate: vblank timer overrun [ 480.730964][ C1] vkms_vblank_simulate: vblank timer overrun [ 481.307370][ C1] vkms_vblank_simulate: vblank timer overrun [ 481.367383][ C1] vkms_vblank_simulate: vblank timer overrun [ 481.438437][ T1109] team0 (unregistering): Port device team_slave_1 removed [ 481.588884][ T1109] team0 (unregistering): Port device team_slave_0 removed [ 481.996937][ C1] vkms_vblank_simulate: vblank timer overrun [ 482.163415][ C1] vkms_vblank_simulate: vblank timer overrun [ 482.524804][ C1] vkms_vblank_simulate: vblank timer overrun [ 482.581052][ C1] vkms_vblank_simulate: vblank timer overrun [ 483.672384][ C1] vkms_vblank_simulate: vblank timer overrun [ 483.730174][ C1] vkms_vblank_simulate: vblank timer overrun [ 483.859652][ T7750] netlink: 12 bytes leftover after parsing attributes in process `syz.0.369'. [ 483.859781][ T7750] netlink: 12 bytes leftover after parsing attributes in process `syz.0.369'. [ 483.882899][ C1] vkms_vblank_simulate: vblank timer overrun [ 484.552598][ C1] vkms_vblank_simulate: vblank timer overrun [ 484.690043][ C1] vkms_vblank_simulate: vblank timer overrun [ 485.050039][ C1] vkms_vblank_simulate: vblank timer overrun [ 485.178232][ T7754] binder: BINDER_SET_CONTEXT_MGR already set [ 485.178249][ T7754] binder: 7751:7754 ioctl 4018620d 200000004a80 returned -16 [ 485.603401][ C1] vkms_vblank_simulate: vblank timer overrun [ 485.746963][ C1] vkms_vblank_simulate: vblank timer overrun [ 485.813663][ T38] kauditd_printk_skb: 13 callbacks suppressed [ 485.813680][ T38] audit: type=1326 audit(1757024652.450:67): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7755 comm="syz.0.371" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd7d9ccebe9 code=0x7ffc0000 [ 485.813949][ T38] audit: type=1326 audit(1757024652.450:68): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7755 comm="syz.0.371" exe="/root/syz-executor" sig=0 arch=c000003e syscall=302 compat=0 ip=0x7fd7d9ccebe9 code=0x7ffc0000 [ 485.814180][ T38] audit: type=1326 audit(1757024652.450:69): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7755 comm="syz.0.371" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd7d9ccebe9 code=0x7ffc0000 [ 485.814403][ T38] audit: type=1326 audit(1757024652.450:70): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7755 comm="syz.0.371" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd7d9ccebe9 code=0x7ffc0000 [ 485.815131][ T38] audit: type=1326 audit(1757024652.450:71): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7755 comm="syz.0.371" exe="/root/syz-executor" sig=0 arch=c000003e syscall=144 compat=0 ip=0x7fd7d9ccebe9 code=0x7ffc0000 [ 485.815465][ T38] audit: type=1326 audit(1757024652.450:72): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7755 comm="syz.0.371" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd7d9ccebe9 code=0x7ffc0000 [ 485.815506][ T38] audit: type=1326 audit(1757024652.450:73): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7755 comm="syz.0.371" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd7d9ccebe9 code=0x7ffc0000 [ 485.816126][ T38] audit: type=1326 audit(1757024652.450:74): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7755 comm="syz.0.371" exe="/root/syz-executor" sig=0 arch=c000003e syscall=203 compat=0 ip=0x7fd7d9ccebe9 code=0x7ffc0000 [ 485.816170][ T38] audit: type=1326 audit(1757024652.450:75): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7755 comm="syz.0.371" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd7d9ccebe9 code=0x7ffc0000 [ 485.816211][ T38] audit: type=1326 audit(1757024652.450:76): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7755 comm="syz.0.371" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd7d9ccebe9 code=0x7ffc0000 [ 486.130977][ C1] vkms_vblank_simulate: vblank timer overrun [ 486.199200][ C1] vkms_vblank_simulate: vblank timer overrun [ 486.280031][ C1] vkms_vblank_simulate: vblank timer overrun [ 486.324828][ C1] vkms_vblank_simulate: vblank timer overrun [ 486.873275][ C1] vkms_vblank_simulate: vblank timer overrun [ 487.514750][ C1] vkms_vblank_simulate: vblank timer overrun [ 488.126983][ C1] vkms_vblank_simulate: vblank timer overrun [ 488.360907][ C1] vkms_vblank_simulate: vblank timer overrun [ 488.716856][ T7767] vcan0: tx drop: invalid da for name 0x0080000000000000 [ 489.984062][ T7772] netlink: 20 bytes leftover after parsing attributes in process `syz.0.374'. [ 496.230074][ T7521] chnl_net:caif_netlink_parms(): no params data found [ 496.842367][ T7817] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 496.966636][ T5855] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 496.984120][ T5855] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 496.985483][ T5855] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 497.015815][ C0] vkms_vblank_simulate: vblank timer overrun [ 497.038499][ T5855] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 497.054702][ T5855] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 497.265663][ C0] vkms_vblank_simulate: vblank timer overrun [ 499.286992][ T7521] workqueue: Failed to create a rescuer kthread for wq "wg-crypt-wg1": -EINTR [ 499.315720][ T7565] chnl_net:caif_netlink_parms(): no params data found [ 499.439748][ T5855] Bluetooth: hci3: command tx timeout [ 501.446848][ T59] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 501.462247][ T59] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 501.463402][ T59] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 501.464874][ T59] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 501.465607][ T59] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 501.514093][ T59] Bluetooth: hci3: command tx timeout [ 501.792956][ T7862] vcan0: tx drop: invalid da for name 0x0080000000000000 [ 502.025156][ T7565] bridge0: port 1(bridge_slave_0) entered blocking state [ 502.025406][ T7565] bridge0: port 1(bridge_slave_0) entered disabled state [ 502.025623][ T7565] bridge_slave_0: entered allmulticast mode [ 502.035516][ T7565] bridge_slave_0: entered promiscuous mode [ 502.065831][ T7565] bridge0: port 2(bridge_slave_1) entered blocking state [ 502.065958][ T7565] bridge0: port 2(bridge_slave_1) entered disabled state [ 502.066140][ T7565] bridge_slave_1: entered allmulticast mode [ 502.075748][ T7565] bridge_slave_1: entered promiscuous mode [ 502.347627][ T7866] binder: BINDER_SET_CONTEXT_MGR already set [ 502.347642][ T7866] binder: 7858:7866 ioctl 4018620d 200000004a80 returned -16 [ 502.568606][ C1] vkms_vblank_simulate: vblank timer overrun [ 502.872566][ C1] vkms_vblank_simulate: vblank timer overrun [ 503.338762][ T7565] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 503.367910][ T7874] netlink: 8 bytes leftover after parsing attributes in process `syz.0.386'. [ 503.367928][ T7874] netlink: 8 bytes leftover after parsing attributes in process `syz.0.386'. [ 503.419618][ T7565] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 503.604217][ T5855] Bluetooth: hci4: command tx timeout [ 503.606746][ T5855] Bluetooth: hci3: command tx timeout [ 504.353596][ C1] vkms_vblank_simulate: vblank timer overrun [ 504.997331][ T7565] team0: Port device team_slave_0 added [ 505.203154][ C1] vkms_vblank_simulate: vblank timer overrun [ 505.421420][ T7565] team0: Port device team_slave_1 added [ 505.668085][ T59] Bluetooth: hci3: command tx timeout [ 505.670677][ T59] Bluetooth: hci4: command tx timeout [ 505.736738][ T7891] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 507.747735][ T5855] Bluetooth: hci4: command tx timeout [ 508.099341][ T1326] ieee802154 phy0 wpan0: encryption failed: -22 [ 508.099418][ T1326] ieee802154 phy1 wpan1: encryption failed: -22 [ 508.207091][ T5932] Process accounting resumed [ 508.389411][ T7897] Process accounting resumed [ 508.612676][ T1109] bridge_slave_1: left allmulticast mode [ 508.614279][ T1109] bridge_slave_1: left promiscuous mode [ 508.614522][ T1109] bridge0: port 2(bridge_slave_1) entered disabled state [ 508.709147][ T1109] bridge_slave_0: left allmulticast mode [ 508.709177][ T1109] bridge_slave_0: left promiscuous mode [ 508.711940][ T1109] bridge0: port 1(bridge_slave_0) entered disabled state [ 508.792524][ T1109] bridge_slave_1: left allmulticast mode [ 508.792545][ T1109] bridge_slave_1: left promiscuous mode [ 508.792693][ T1109] bridge0: port 2(bridge_slave_1) entered disabled state [ 508.849426][ T1109] bridge_slave_0: left allmulticast mode [ 508.849459][ T1109] bridge_slave_0: left promiscuous mode [ 508.849747][ T1109] bridge0: port 1(bridge_slave_0) entered disabled state [ 509.832168][ T5855] Bluetooth: hci4: command tx timeout [ 510.223439][ T7906] netlink: 36 bytes leftover after parsing attributes in process `syz.4.393'. [ 510.373571][ T7905] 9pnet: Could not find request transport: fd0x0000000000000003 [ 510.383475][ T59] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 510.392482][ T59] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 510.398955][ T59] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 510.403309][ T1109] bond0 (unregistering): Released all slaves [ 510.408992][ T59] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 510.410246][ T59] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 511.897167][ T1109] bond0 (unregistering): Released all slaves [ 512.125944][ T1109] bond0 (unregistering): Released all slaves [ 512.187756][ T44] usb 5-1: new full-speed USB device number 2 using dummy_hcd [ 512.239560][ T7922] binder: BINDER_SET_CONTEXT_MGR already set [ 512.239574][ T7922] binder: 7911:7922 ioctl 4018620d 200000004a80 returned -16 [ 512.652911][ T5855] Bluetooth: hci2: command tx timeout [ 512.753320][ T44] usb 5-1: config 9 has an invalid interface number: 81 but max is 0 [ 512.753346][ T44] usb 5-1: config 9 has no interface number 0 [ 512.753391][ T44] usb 5-1: config 9 interface 81 has no altsetting 0 [ 512.756050][ T44] usb 5-1: New USB device found, idVendor=05f9, idProduct=ffff, bcdDevice=f0.f4 [ 512.756075][ T44] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 512.756093][ T44] usb 5-1: Product: syz [ 512.756106][ T44] usb 5-1: Manufacturer: syz [ 512.756120][ T44] usb 5-1: SerialNumber: syz [ 512.850936][ T1109] bond0 (unregistering): Released all slaves [ 513.091097][ T44] usbserial_generic 5-1:9.81: The "generic" usb-serial driver is only for testing and one-off prototypes. [ 513.091119][ T44] usbserial_generic 5-1:9.81: Tell linux-usb@vger.kernel.org to add your device to a proper driver. [ 513.091164][ T44] usbserial_generic 5-1:9.81: generic converter detected [ 513.179276][ T44] usb 5-1: generic converter now attached to ttyUSB0 [ 513.231390][ T44] usb 5-1: USB disconnect, device number 2 [ 513.270067][ T44] generic ttyUSB0: generic converter now disconnected from ttyUSB0 [ 513.274172][ T44] usbserial_generic 5-1:9.81: device disconnected [ 513.294664][ T1109] bond0 (unregistering): Released all slaves [ 513.452693][ T7928] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 514.727301][ T5855] Bluetooth: hci2: command tx timeout [ 515.356544][ T7940] (syz.0.400,7940,0):ocfs2_fill_super:989 ERROR: superblock probe failed! [ 515.356600][ T7940] (syz.0.400,7940,0):ocfs2_fill_super:1177 ERROR: status = -22 [ 516.337978][ T7818] chnl_net:caif_netlink_parms(): no params data found [ 516.820568][ T5855] Bluetooth: hci2: command tx timeout [ 517.388883][ T7960] CIFS mount error: No usable UNC path provided in device string! [ 517.388883][ T7960] [ 517.388983][ T7960] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 518.947796][ T5855] Bluetooth: hci2: command tx timeout [ 519.327889][ T5982] usb 5-1: new full-speed USB device number 3 using dummy_hcd [ 519.487136][ T7818] bridge0: port 1(bridge_slave_0) entered blocking state [ 519.487282][ T7818] bridge0: port 1(bridge_slave_0) entered disabled state [ 519.487421][ T7818] bridge_slave_0: entered allmulticast mode [ 519.491130][ T7818] bridge_slave_0: entered promiscuous mode [ 519.505029][ T7852] chnl_net:caif_netlink_parms(): no params data found [ 519.515532][ T7818] bridge0: port 2(bridge_slave_1) entered blocking state [ 519.515691][ T7818] bridge0: port 2(bridge_slave_1) entered disabled state [ 519.515907][ T7818] bridge_slave_1: entered allmulticast mode [ 519.531883][ T7818] bridge_slave_1: entered promiscuous mode [ 519.597826][ T5982] usb 5-1: New USB device found, idVendor=0fe9, idProduct=db71, bcdDevice=53.3e [ 519.597857][ T5982] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 519.597878][ T5982] usb 5-1: Product: syz [ 519.597892][ T5982] usb 5-1: Manufacturer: syz [ 519.597905][ T5982] usb 5-1: SerialNumber: syz [ 519.649965][ T5982] dvb-usb: found a 'DViCO FusionHDTV DVB-T NANO2 w/o firmware' in warm state. [ 519.650026][ T5982] usb 5-1: setting power ON [ 519.650632][ T5982] dvb-usb: bulk message failed: -22 (2/0) [ 519.694398][ T5982] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter) [ 519.717506][ T5982] dvb-usb: DViCO FusionHDTV DVB-T NANO2 w/o firmware error while loading driver (-19) [ 519.730935][ T5982] dvb_usb_cxusb 5-1:4.0: probe with driver dvb_usb_cxusb failed with error -22 [ 519.831646][ T6577] usb 5-1: USB disconnect, device number 3 [ 520.962564][ T7818] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 521.029358][ T7977] binder: BINDER_SET_CONTEXT_MGR already set [ 521.029374][ T7977] binder: 7973:7977 ioctl 4018620d 200000004a80 returned -16 [ 521.651027][ T7818] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 524.245965][ T7989] netlink: 44 bytes leftover after parsing attributes in process `syz.4.408'. [ 524.290760][ T7818] team0: Port device team_slave_0 added [ 524.441875][ T7818] team0: Port device team_slave_1 added [ 524.442710][ T7852] bridge0: port 1(bridge_slave_0) entered blocking state [ 524.442839][ T7852] bridge0: port 1(bridge_slave_0) entered disabled state [ 524.443014][ T7852] bridge_slave_0: entered allmulticast mode [ 524.451948][ T7852] bridge_slave_0: entered promiscuous mode [ 524.613049][ T7912] chnl_net:caif_netlink_parms(): no params data found [ 524.628931][ T7852] bridge0: port 2(bridge_slave_1) entered blocking state [ 524.629063][ T7852] bridge0: port 2(bridge_slave_1) entered disabled state [ 524.629253][ T7852] bridge_slave_1: entered allmulticast mode [ 524.632204][ T7852] bridge_slave_1: entered promiscuous mode [ 524.890031][ T7818] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 524.890062][ T7818] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 524.890087][ T7818] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 525.124287][ T7818] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 525.124302][ T7818] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 525.124327][ T7818] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 525.357221][ T7852] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 525.456924][ T7852] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 527.421959][ T7852] team0: Port device team_slave_0 added [ 528.229200][ T7818] hsr_slave_0: entered promiscuous mode [ 528.241543][ T7818] hsr_slave_1: entered promiscuous mode [ 528.254966][ T7852] team0: Port device team_slave_1 added [ 529.022400][ T8033] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 529.045422][ T8034] iommufd_mock iommufd_mock1: Adding to iommu group 1 [ 529.080398][ T7912] bridge0: port 1(bridge_slave_0) entered blocking state [ 529.080522][ T7912] bridge0: port 1(bridge_slave_0) entered disabled state [ 529.080703][ T7912] bridge_slave_0: entered allmulticast mode [ 529.084403][ T7912] bridge_slave_0: entered promiscuous mode [ 529.274345][ T7912] bridge0: port 2(bridge_slave_1) entered blocking state [ 529.274614][ T7912] bridge0: port 2(bridge_slave_1) entered disabled state [ 529.274961][ T7912] bridge_slave_1: entered allmulticast mode [ 529.296650][ T7912] bridge_slave_1: entered promiscuous mode [ 529.401579][ T7852] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 529.401595][ T7852] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 529.401621][ T7852] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 529.658681][ T7852] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 529.658697][ T7852] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 529.658722][ T7852] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 529.737771][ T6577] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 530.334747][ T6577] usb 5-1: config 0 has an invalid interface number: 237 but max is 0 [ 530.334773][ T6577] usb 5-1: config 0 has no interface number 0 [ 530.334819][ T6577] usb 5-1: config 0 interface 237 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7 [ 530.334843][ T6577] usb 5-1: config 0 interface 237 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 530.334864][ T6577] usb 5-1: config 0 interface 237 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 7 [ 530.334887][ T6577] usb 5-1: config 0 interface 237 altsetting 0 endpoint 0x8A has invalid wMaxPacketSize 0 [ 530.344898][ T6577] usb 5-1: New USB device found, idVendor=045e, idProduct=84bd, bcdDevice=89.b6 [ 530.344927][ T6577] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 530.344947][ T6577] usb 5-1: Product: syz [ 530.344961][ T6577] usb 5-1: Manufacturer: syz [ 530.344975][ T6577] usb 5-1: SerialNumber: syz [ 530.371356][ T6577] usb 5-1: config 0 descriptor?? [ 530.535221][ T6577] xpad 5-1:0.237: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -90 [ 530.613337][ T6577] input: Generic X-Box pad as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.237/input/input6 [ 530.717976][ T6577] usb 5-1: USB disconnect, device number 4 [ 530.723855][ T7912] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 530.913705][ T7912] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 531.179193][ T991] Process accounting resumed [ 532.907840][ T6577] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 533.057875][ T6577] usb 5-1: Using ep0 maxpacket: 8 [ 533.064192][ T6577] usb 5-1: unable to get BOS descriptor or descriptor too short [ 533.065737][ T6577] usb 5-1: config 6 has an invalid interface number: 39 but max is 0 [ 533.065759][ T6577] usb 5-1: config 6 has no interface number 0 [ 533.065792][ T6577] usb 5-1: config 6 interface 39 has no altsetting 0 [ 533.110392][ T6577] usb 5-1: New USB device found, idVendor=05f9, idProduct=ffff, bcdDevice=e7.d7 [ 533.110419][ T6577] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 533.110438][ T6577] usb 5-1: Product: syz [ 533.110451][ T6577] usb 5-1: Manufacturer: syz [ 533.110464][ T6577] usb 5-1: SerialNumber: syz [ 533.472304][ T6577] usbserial_generic 5-1:6.39: The "generic" usb-serial driver is only for testing and one-off prototypes. [ 533.472325][ T6577] usbserial_generic 5-1:6.39: Tell linux-usb@vger.kernel.org to add your device to a proper driver. [ 533.472364][ T6577] usbserial_generic 5-1:6.39: device has no bulk endpoints [ 533.473314][ T6577] safe_serial 5-1:6.39: safe_serial converter detected [ 533.473499][ T6577] safe_serial 5-1:6.39: probe with driver safe_serial failed with error -22 [ 533.559183][ T8063] vcan0: tx drop: invalid da for name 0x0080000000000000 [ 533.999747][ T6577] usb 5-1: USB disconnect, device number 5 [ 534.030035][ T7912] team0: Port device team_slave_0 added [ 534.131614][ T7852] hsr_slave_0: entered promiscuous mode [ 534.153183][ T7852] hsr_slave_1: entered promiscuous mode [ 534.154251][ T7852] debugfs: 'hsr0' already exists in 'hsr' [ 534.154274][ T7852] Cannot create hsr debugfs directory [ 534.211532][ C1] vkms_vblank_simulate: vblank timer overrun [ 534.278656][ T7912] team0: Port device team_slave_1 added [ 534.617898][ T6577] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 534.772819][ T6577] usb 5-1: unable to get BOS descriptor or descriptor too short [ 534.775786][ T6577] usb 5-1: config 4 has an invalid interface number: 92 but max is 0 [ 534.775809][ T6577] usb 5-1: config 4 has no interface number 0 [ 534.775842][ T6577] usb 5-1: config 4 interface 92 has no altsetting 0 [ 534.811433][ T6577] usb 5-1: New USB device found, idVendor=077d, idProduct=627a, bcdDevice= 0.01 [ 534.811459][ T6577] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 534.811476][ T6577] usb 5-1: Product: syz [ 534.811489][ T6577] usb 5-1: Manufacturer: syz [ 534.811500][ T6577] usb 5-1: SerialNumber: syz [ 534.881873][ T7912] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 534.881889][ T7912] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 534.881970][ T7912] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 535.006654][ T7912] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 535.006670][ T7912] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 535.006694][ T7912] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 535.079351][ T6577] radioshark 5-1:4.92: Invalid radioSHARK device [ 535.079383][ T6577] radioshark 5-1:4.92: probe with driver radioshark failed with error -22 [ 535.079861][ T6577] usbhid 5-1:4.92: couldn't find an input interrupt endpoint [ 535.111374][ T6577] usb 5-1: USB disconnect, device number 6 [ 535.684162][ T7912] hsr_slave_0: entered promiscuous mode [ 535.685351][ T7912] hsr_slave_1: entered promiscuous mode [ 535.686169][ T7912] debugfs: 'hsr0' already exists in 'hsr' [ 535.686189][ T7912] Cannot create hsr debugfs directory [ 536.844248][ C1] vkms_vblank_simulate: vblank timer overrun [ 537.677153][ T8096] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 538.755242][ C1] vkms_vblank_simulate: vblank timer overrun [ 546.822573][ T5925] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 547.146542][ T7818] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 547.160118][ T5925] usb 5-1: config 0 has an invalid interface number: 235 but max is 0 [ 547.160135][ T5925] usb 5-1: config 0 has no interface number 0 [ 547.160164][ T5925] usb 5-1: config 0 interface 235 altsetting 0 bulk endpoint 0x87 has invalid maxpacket 1024 [ 547.162408][ T5925] usb 5-1: New USB device found, idVendor=eb1a, idProduct=2800, bcdDevice=8c.f6 [ 547.162425][ T5925] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 547.162437][ T5925] usb 5-1: Product: syz [ 547.162446][ T5925] usb 5-1: Manufacturer: syz [ 547.162454][ T5925] usb 5-1: SerialNumber: syz [ 547.189025][ T5925] usb 5-1: config 0 descriptor?? [ 547.194081][ T8111] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 547.314180][ T7818] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 547.460141][ T44] usb 5-1: USB disconnect, device number 7 [ 549.131749][ T1109] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 550.269363][ T8130] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 550.613492][ C0] vkms_vblank_simulate: vblank timer overrun [ 550.709875][ C0] vkms_vblank_simulate: vblank timer overrun [ 550.823728][ T7818] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 551.095656][ T7818] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 551.414940][ T1109] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 551.791881][ T8159] netlink: 20 bytes leftover after parsing attributes in process `syz.4.438'. [ 552.117088][ T1109] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 552.357014][ T8159] netlink: 8 bytes leftover after parsing attributes in process `syz.4.438'. [ 553.047104][ T1109] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 553.518457][ T8170] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 554.047247][ T7852] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 554.145276][ T7852] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 554.247540][ T7852] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 554.359510][ T38] kauditd_printk_skb: 12 callbacks suppressed [ 554.359529][ T38] audit: type=1326 audit(1757024721.000:89): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8173 comm="syz.0.442" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fd7d9ccebe9 code=0x0 [ 554.562359][ T7852] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 556.179109][ T59] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 556.208098][ T59] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 556.233822][ T59] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 556.251432][ T59] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 556.252102][ T59] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 556.711301][ T7912] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 556.882922][ T7912] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 557.245052][ T8214] vcan0: tx drop: invalid da for name 0x0080000000000000 [ 558.294006][ T7912] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 558.436468][ T5855] Bluetooth: hci5: command tx timeout [ 558.673845][ T1109] bridge_slave_1: left allmulticast mode [ 558.673877][ T1109] bridge_slave_1: left promiscuous mode [ 558.674137][ T1109] bridge0: port 2(bridge_slave_1) entered disabled state [ 558.836961][ T1109] bridge_slave_0: left allmulticast mode [ 558.836991][ T1109] bridge_slave_0: left promiscuous mode [ 558.837236][ T1109] bridge0: port 1(bridge_slave_0) entered disabled state [ 559.202688][ T1109] bridge_slave_1: left allmulticast mode [ 559.202718][ T1109] bridge_slave_1: left promiscuous mode [ 559.202941][ T1109] bridge0: port 2(bridge_slave_1) entered disabled state [ 559.335852][ T8230] MTD: Attempt to mount non-MTD device "/dev/nullb0" [ 559.415825][ T8230] cramfs: wrong magic [ 559.883271][ C1] vkms_vblank_simulate: vblank timer overrun [ 560.114658][ C1] vkms_vblank_simulate: vblank timer overrun [ 560.125906][ T1109] bridge_slave_0: left allmulticast mode [ 560.125935][ T1109] bridge_slave_0: left promiscuous mode [ 560.126207][ T1109] bridge0: port 1(bridge_slave_0) entered disabled state [ 560.467862][ T5855] Bluetooth: hci5: command tx timeout [ 561.095901][ C1] vkms_vblank_simulate: vblank timer overrun [ 561.212367][ T8239] vcan0: tx drop: invalid da for name 0x0080000000000000 [ 561.273288][ T59] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 561.292319][ T59] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 561.293591][ T59] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 561.295198][ T59] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 561.296514][ T59] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 561.542564][ C1] vkms_vblank_simulate: vblank timer overrun [ 561.781095][ C1] vkms_vblank_simulate: vblank timer overrun [ 562.169146][ T44] usb 5-1: new full-speed USB device number 8 using dummy_hcd [ 562.320151][ T44] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 562.320185][ T44] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 512, setting to 64 [ 562.320209][ T44] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 576, setting to 64 [ 562.320231][ T44] usb 5-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 22 [ 562.324018][ T44] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 562.324044][ T44] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 562.324063][ T44] usb 5-1: SerialNumber: syz [ 562.414303][ T8245] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22 [ 562.414435][ T8245] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22 [ 562.437386][ T44] cdc_acm 5-1:1.0: Control and data interfaces are not separated! [ 562.547794][ T59] Bluetooth: hci5: command tx timeout [ 562.659279][ T44] cdc_acm 5-1:1.0: ttyACM0: USB ACM device [ 562.673896][ T44] usb 5-1: USB disconnect, device number 8 [ 562.991104][ T1109] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 563.049597][ T1109] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 563.073282][ T1109] bond0 (unregistering): Released all slaves [ 563.314420][ T1109] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 563.347713][ T59] Bluetooth: hci3: command tx timeout [ 563.409165][ T1109] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 563.490972][ T1109] bond0 (unregistering): Released all slaves [ 563.538357][ T7912] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 563.613912][ T8247] netlink: 168 bytes leftover after parsing attributes in process `syz.4.460'. [ 563.613936][ T8247] netlink: 31 bytes leftover after parsing attributes in process `syz.4.460'. [ 563.614785][ T8247] netlink: 31 bytes leftover after parsing attributes in process `syz.4.460'. [ 564.187772][ T10] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 564.567681][ T10] usb 5-1: Using ep0 maxpacket: 16 [ 564.583735][ T10] usb 5-1: config 0 has an invalid interface number: 41 but max is 0 [ 564.583759][ T10] usb 5-1: config 0 has no interface number 0 [ 564.583802][ T10] usb 5-1: config 0 interface 41 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16 [ 564.583823][ T10] usb 5-1: config 0 interface 41 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64 [ 564.583843][ T10] usb 5-1: config 0 interface 41 has no altsetting 0 [ 564.590978][ T10] usb 5-1: New USB device found, idVendor=0fe6, idProduct=9800, bcdDevice=d1.9a [ 564.591018][ T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 564.591038][ T10] usb 5-1: Product: syz [ 564.591051][ T10] usb 5-1: Manufacturer: syz [ 564.591065][ T10] usb 5-1: SerialNumber: syz [ 564.601734][ T10] usb 5-1: config 0 descriptor?? [ 564.602910][ T8257] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22 [ 564.603110][ T8257] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22 [ 564.629454][ T59] Bluetooth: hci5: command tx timeout [ 564.876906][ T10] CoreChips 5-1:0.41: probe with driver CoreChips failed with error -71 [ 564.926669][ T10] usb 5-1: USB disconnect, device number 9 [ 565.366618][ C1] vkms_vblank_simulate: vblank timer overrun [ 565.663725][ C1] vkms_vblank_simulate: vblank timer overrun [ 565.664192][ T59] Bluetooth: hci3: command tx timeout [ 565.867143][ C1] vkms_vblank_simulate: vblank timer overrun [ 566.002461][ T8284] vcan0: tx drop: invalid da for name 0x0080000000000000 [ 566.403011][ C1] vkms_vblank_simulate: vblank timer overrun [ 566.552776][ C1] vkms_vblank_simulate: vblank timer overrun [ 567.058454][ C1] vkms_vblank_simulate: vblank timer overrun [ 567.482340][ T8298] netlink: 4280 bytes leftover after parsing attributes in process `syz.4.470'. [ 567.482467][ T8298] netlink: 4280 bytes leftover after parsing attributes in process `syz.4.470'. [ 567.659741][ C1] vkms_vblank_simulate: vblank timer overrun [ 567.667981][ T59] Bluetooth: hci3: command tx timeout [ 567.775407][ T8305] vcan0: tx drop: invalid da for name 0x0080000000000000 [ 568.521658][ C1] vkms_vblank_simulate: vblank timer overrun [ 568.528492][ T1326] ieee802154 phy0 wpan0: encryption failed: -22 [ 568.528571][ T1326] ieee802154 phy1 wpan1: encryption failed: -22 [ 569.187972][ T8314] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 569.747881][ T59] Bluetooth: hci3: command tx timeout [ 570.067810][ T1109] hsr_slave_0: left promiscuous mode [ 570.119307][ T1109] hsr_slave_1: left promiscuous mode [ 570.120154][ T1109] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 570.120186][ T1109] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 570.176033][ T1109] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 570.176062][ T1109] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 570.283093][ T1109] veth1_macvtap: left promiscuous mode [ 570.283168][ T1109] veth0_macvtap: left promiscuous mode [ 570.283375][ T1109] veth1_vlan: left promiscuous mode [ 570.283495][ T1109] veth0_vlan: left promiscuous mode [ 570.948316][ C1] vkms_vblank_simulate: vblank timer overrun [ 571.039588][ C1] vkms_vblank_simulate: vblank timer overrun [ 571.160347][ T8327] vcan0: tx drop: invalid da for name 0x0080000000000000 [ 571.898996][ C1] vkms_vblank_simulate: vblank timer overrun [ 572.279171][ C1] vkms_vblank_simulate: vblank timer overrun [ 572.323251][ T8333] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 572.531130][ T5855] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 572.535787][ T5855] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 572.536965][ T5855] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 572.542645][ T5855] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 572.554006][ T5855] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 572.997990][ T8343] vcan0: tx drop: invalid da for name 0x0080000000000000 [ 573.769978][ C1] vkms_vblank_simulate: vblank timer overrun [ 573.897281][ C1] vkms_vblank_simulate: vblank timer overrun [ 574.627769][ T59] Bluetooth: hci2: command tx timeout [ 575.548619][ T1109] team0 (unregistering): Port device team_slave_1 removed [ 575.758994][ T1109] team0 (unregistering): Port device team_slave_0 removed [ 576.707782][ T59] Bluetooth: hci2: command tx timeout [ 578.199207][ T1109] team0 (unregistering): Port device team_slave_1 removed [ 578.340417][ T1109] team0 (unregistering): Port device team_slave_0 removed [ 578.790862][ T59] Bluetooth: hci2: command tx timeout [ 579.695903][ T8363] vcan0: tx drop: invalid da for name 0x0080000000000000 [ 580.011483][ C0] vkms_vblank_simulate: vblank timer overrun [ 580.060423][ T8184] chnl_net:caif_netlink_parms(): no params data found [ 580.174179][ T8373] vcan0: tx drop: invalid da for name 0x0080000000000000 [ 580.175775][ C0] vkms_vblank_simulate: vblank timer overrun [ 581.018568][ T59] Bluetooth: hci2: command tx timeout [ 581.112411][ C0] vkms_vblank_simulate: vblank timer overrun [ 581.250290][ C0] vkms_vblank_simulate: vblank timer overrun [ 581.480980][ T8240] chnl_net:caif_netlink_parms(): no params data found [ 581.685835][ T8387] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 582.292562][ T8375] comedi comedi3: reset error (fatal) [ 583.020628][ C0] vkms_vblank_simulate: vblank timer overrun [ 583.277001][ C0] vkms_vblank_simulate: vblank timer overrun [ 583.443315][ C0] vkms_vblank_simulate: vblank timer overrun [ 583.895066][ T8184] bridge0: port 1(bridge_slave_0) entered blocking state [ 583.895204][ T8184] bridge0: port 1(bridge_slave_0) entered disabled state [ 583.895409][ T8184] bridge_slave_0: entered allmulticast mode [ 583.926744][ T8184] bridge_slave_0: entered promiscuous mode [ 583.996441][ T8184] bridge0: port 2(bridge_slave_1) entered blocking state [ 583.996573][ T8184] bridge0: port 2(bridge_slave_1) entered disabled state [ 583.996749][ T8184] bridge_slave_1: entered allmulticast mode [ 584.036013][ T8184] bridge_slave_1: entered promiscuous mode [ 584.444850][ C0] vkms_vblank_simulate: vblank timer overrun [ 584.611636][ T8421] vcan0: tx drop: invalid da for name 0x0080000000000000 [ 585.653479][ T8184] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 585.815805][ T8184] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 585.967989][ T8240] bridge0: port 1(bridge_slave_0) entered blocking state [ 585.968132][ T8240] bridge0: port 1(bridge_slave_0) entered disabled state [ 585.968384][ T8240] bridge_slave_0: entered allmulticast mode [ 585.970940][ T8240] bridge_slave_0: entered promiscuous mode [ 586.252641][ T8240] bridge0: port 2(bridge_slave_1) entered blocking state [ 586.252771][ T8240] bridge0: port 2(bridge_slave_1) entered disabled state [ 586.252982][ T8240] bridge_slave_1: entered allmulticast mode [ 586.263934][ T8240] bridge_slave_1: entered promiscuous mode [ 586.371180][ T8184] team0: Port device team_slave_0 added [ 586.573876][ T8184] team0: Port device team_slave_1 added [ 586.787052][ T8240] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 586.954357][ T8240] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 586.956577][ T8184] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 586.956589][ T8184] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 586.956612][ T8184] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 586.960748][ T8336] chnl_net:caif_netlink_parms(): no params data found [ 587.099963][ T8184] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 587.099978][ T8184] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 587.100003][ T8184] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 587.309078][ T8240] team0: Port device team_slave_0 added [ 587.440438][ T8240] team0: Port device team_slave_1 added [ 588.052203][ T8184] hsr_slave_0: entered promiscuous mode [ 588.053448][ T8184] hsr_slave_1: entered promiscuous mode [ 588.054300][ T8184] debugfs: 'hsr0' already exists in 'hsr' [ 588.054323][ T8184] Cannot create hsr debugfs directory [ 588.055555][ T8240] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 588.055567][ T8240] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 588.055591][ T8240] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 588.144080][ T8240] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 588.144092][ T8240] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 588.144109][ T8240] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 588.318710][ T8336] bridge0: port 1(bridge_slave_0) entered blocking state [ 588.318915][ T8336] bridge0: port 1(bridge_slave_0) entered disabled state [ 588.319156][ T8336] bridge_slave_0: entered allmulticast mode [ 588.321822][ T8336] bridge_slave_0: entered promiscuous mode [ 588.725985][ C0] vkms_vblank_simulate: vblank timer overrun [ 588.798529][ T8336] bridge0: port 2(bridge_slave_1) entered blocking state [ 588.798693][ T8336] bridge0: port 2(bridge_slave_1) entered disabled state [ 588.798959][ T8336] bridge_slave_1: entered allmulticast mode [ 588.809834][ T8336] bridge_slave_1: entered promiscuous mode [ 589.175161][ C0] vkms_vblank_simulate: vblank timer overrun [ 589.400331][ C0] vkms_vblank_simulate: vblank timer overrun [ 589.508959][ C0] vkms_vblank_simulate: vblank timer overrun [ 590.011081][ C0] vkms_vblank_simulate: vblank timer overrun [ 590.196853][ T8492] vcan0: tx drop: invalid da for name 0x0080000000000000 [ 590.639159][ T8496] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 592.009920][ C1] vkms_vblank_simulate: vblank timer overrun [ 592.286953][ T8506] netlink: 16 bytes leftover after parsing attributes in process `syz.0.508'. [ 592.321996][ T8336] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 592.374721][ T8240] hsr_slave_0: entered promiscuous mode [ 592.376518][ T8240] hsr_slave_1: entered promiscuous mode [ 592.377403][ T8240] debugfs: 'hsr0' already exists in 'hsr' [ 592.377425][ T8240] Cannot create hsr debugfs directory [ 592.421601][ T8336] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 592.724450][ C1] vkms_vblank_simulate: vblank timer overrun [ 593.601403][ C1] vkms_vblank_simulate: vblank timer overrun [ 593.686812][ T8514] vcan0: tx drop: invalid da for name 0x0080000000000000 [ 594.378427][ T8521] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 594.452691][ T8336] team0: Port device team_slave_0 added [ 595.246788][ C1] vkms_vblank_simulate: vblank timer overrun [ 595.264593][ T8336] team0: Port device team_slave_1 added [ 595.952316][ C1] vkms_vblank_simulate: vblank timer overrun [ 596.208982][ C1] vkms_vblank_simulate: vblank timer overrun [ 596.582449][ C1] vkms_vblank_simulate: vblank timer overrun [ 597.289979][ C1] vkms_vblank_simulate: vblank timer overrun [ 597.548352][ T5982] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 597.727678][ T5982] usb 5-1: Using ep0 maxpacket: 32 [ 597.730379][ T5982] usb 5-1: unable to get BOS descriptor or descriptor too short [ 597.731803][ T5982] usb 5-1: config 1 has an invalid interface number: 24 but max is 0 [ 597.731826][ T5982] usb 5-1: config 1 has no interface number 0 [ 597.731874][ T5982] usb 5-1: config 1 interface 24 altsetting 5 bulk endpoint 0x6 has invalid maxpacket 608 [ 597.731897][ T5982] usb 5-1: config 1 interface 24 has no altsetting 0 [ 597.734839][ T5982] usb 5-1: New USB device found, idVendor=04d8, idProduct=0083, bcdDevice=24.72 [ 597.734863][ T5982] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 597.734882][ T5982] usb 5-1: Product: syz [ 597.734895][ T5982] usb 5-1: Manufacturer: syz [ 597.734908][ T5982] usb 5-1: SerialNumber: syz [ 597.750454][ T8533] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 597.865372][ C1] vkms_vblank_simulate: vblank timer overrun [ 598.005006][ C1] vkms_vblank_simulate: vblank timer overrun [ 598.042035][ T5982] ims_pcu 5-1:1.24: Zero length descriptor [ 598.042095][ T5982] ims_pcu 5-1:1.24: probe with driver ims_pcu failed with error -22 [ 598.101049][ T5982] usb 5-1: USB disconnect, device number 10 [ 598.518971][ T8336] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 598.518988][ T8336] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 598.519013][ T8336] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 598.536286][ T8336] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 598.536301][ T8336] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 598.536327][ T8336] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 599.394180][ T8336] hsr_slave_0: entered promiscuous mode [ 599.395493][ T8336] hsr_slave_1: entered promiscuous mode [ 599.408014][ T8336] debugfs: 'hsr0' already exists in 'hsr' [ 599.408040][ T8336] Cannot create hsr debugfs directory [ 601.933537][ T1109] bridge_slave_1: left allmulticast mode [ 601.933568][ T1109] bridge_slave_1: left promiscuous mode [ 601.933794][ T1109] bridge0: port 2(bridge_slave_1) entered disabled state [ 601.999629][ T1109] bridge_slave_0: left allmulticast mode [ 601.999669][ T1109] bridge_slave_0: left promiscuous mode [ 602.001511][ T1109] bridge0: port 1(bridge_slave_0) entered disabled state [ 602.070924][ T1109] bridge_slave_1: left allmulticast mode [ 602.070955][ T1109] bridge_slave_1: left promiscuous mode [ 602.071181][ T1109] bridge0: port 2(bridge_slave_1) entered disabled state [ 602.129267][ T1109] bridge_slave_0: left allmulticast mode [ 602.129299][ T1109] bridge_slave_0: left promiscuous mode [ 602.129584][ T1109] bridge0: port 1(bridge_slave_0) entered disabled state [ 602.223289][ T1109] bridge_slave_1: left allmulticast mode [ 602.223312][ T1109] bridge_slave_1: left promiscuous mode [ 602.223466][ T1109] bridge0: port 2(bridge_slave_1) entered disabled state [ 602.299500][ T1109] bridge_slave_0: left allmulticast mode [ 602.299532][ T1109] bridge_slave_0: left promiscuous mode [ 602.299776][ T1109] bridge0: port 1(bridge_slave_0) entered disabled state [ 602.839763][ T1109] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 602.919606][ T1109] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 603.013032][ T1109] bond0 (unregistering): Released all slaves [ 603.328230][ T1109] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 603.408683][ T1109] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 603.472574][ T1109] bond0 (unregistering): Released all slaves [ 603.768627][ T1109] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 603.878731][ T1109] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 603.943092][ T1109] bond0 (unregistering): Released all slaves [ 604.722153][ T1109] hsr_slave_0: left promiscuous mode [ 604.788075][ T1109] hsr_slave_1: left promiscuous mode [ 604.789098][ T1109] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 604.831235][ T1109] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 605.029529][ T1109] hsr_slave_0: left promiscuous mode [ 605.067975][ T1109] hsr_slave_1: left promiscuous mode [ 605.068898][ T1109] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 605.091003][ T1109] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 605.247955][ T1109] hsr_slave_0: left promiscuous mode [ 605.267927][ T1109] hsr_slave_1: left promiscuous mode [ 605.268929][ T1109] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 605.328698][ T1109] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 606.119776][ T1109] team0 (unregistering): Port device team_slave_1 removed [ 606.271941][ T1109] team0 (unregistering): Port device team_slave_0 removed [ 607.458924][ T1109] team0 (unregistering): Port device team_slave_1 removed [ 607.608526][ T1109] team0 (unregistering): Port device team_slave_0 removed [ 608.828762][ T1109] team0 (unregistering): Port device team_slave_1 removed [ 608.970255][ T1109] team0 (unregistering): Port device team_slave_0 removed [ 610.055451][ T8184] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 610.107119][ T8184] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 610.312602][ T8184] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 610.373033][ T8184] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 610.934749][ T8184] 8021q: adding VLAN 0 to HW filter on device bond0 [ 610.963526][ T8184] 8021q: adding VLAN 0 to HW filter on device team0 [ 610.980652][ T1184] bridge0: port 1(bridge_slave_0) entered blocking state [ 610.981476][ T1184] bridge0: port 1(bridge_slave_0) entered forwarding state [ 610.996382][ T1184] bridge0: port 2(bridge_slave_1) entered blocking state [ 610.996599][ T1184] bridge0: port 2(bridge_slave_1) entered forwarding state [ 611.663942][ T8240] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 611.693266][ T8240] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 611.780346][ T8240] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 611.932485][ T8240] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 612.130811][ T8336] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 612.193933][ T8184] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 612.195729][ T8336] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 612.264259][ T8336] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 612.323029][ T8336] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 612.737434][ T8240] 8021q: adding VLAN 0 to HW filter on device bond0 [ 612.854703][ T8240] 8021q: adding VLAN 0 to HW filter on device team0 [ 612.887331][ T6043] bridge0: port 1(bridge_slave_0) entered blocking state [ 612.887502][ T6043] bridge0: port 1(bridge_slave_0) entered forwarding state [ 612.943264][ T6043] bridge0: port 2(bridge_slave_1) entered blocking state [ 612.943403][ T6043] bridge0: port 2(bridge_slave_1) entered forwarding state [ 612.945917][ T8184] veth0_vlan: entered promiscuous mode [ 613.025088][ T8336] 8021q: adding VLAN 0 to HW filter on device bond0 [ 613.086259][ T8184] veth1_vlan: entered promiscuous mode [ 613.144290][ T8336] 8021q: adding VLAN 0 to HW filter on device team0 [ 613.195480][ T1184] bridge0: port 1(bridge_slave_0) entered blocking state [ 613.195632][ T1184] bridge0: port 1(bridge_slave_0) entered forwarding state [ 613.240590][ T1184] bridge0: port 2(bridge_slave_1) entered blocking state [ 613.240751][ T1184] bridge0: port 2(bridge_slave_1) entered forwarding state [ 613.306416][ T8184] veth0_macvtap: entered promiscuous mode [ 613.333601][ T8184] veth1_macvtap: entered promiscuous mode [ 613.490419][ T8184] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 613.541689][ T8184] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 613.610919][ T6046] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 613.630175][ T6046] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 613.658739][ T6046] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 613.663953][ T6046] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 614.115662][ T8240] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 614.301098][ T1184] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 614.301119][ T1184] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 614.326685][ T8336] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 614.511647][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 614.511667][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 615.126690][ T8240] veth0_vlan: entered promiscuous mode [ 615.208100][ T8240] veth1_vlan: entered promiscuous mode [ 615.428173][ T8336] veth0_vlan: entered promiscuous mode [ 615.459779][ T8240] veth0_macvtap: entered promiscuous mode [ 615.493623][ T8336] veth1_vlan: entered promiscuous mode [ 615.527160][ T8240] veth1_macvtap: entered promiscuous mode [ 615.529138][ T5855] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 615.534728][ T5855] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 615.547453][ T5855] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 615.549980][ T5855] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 615.550855][ T5855] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 615.700056][ T8240] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 615.752495][ T8336] veth0_macvtap: entered promiscuous mode [ 615.757454][ T8240] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 615.798566][ T8336] veth1_macvtap: entered promiscuous mode [ 615.821546][ T6043] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 615.823828][ T6043] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 615.847979][ T6043] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 615.883195][ T1109] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 616.226305][ T8336] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 616.575665][ T8336] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 616.736134][ T12] netdevsim netdevsim7 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 616.922695][ T1109] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 617.086538][ T12] netdevsim netdevsim7 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 617.136203][ T1109] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 617.154137][ T1109] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 617.187469][ T1109] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 617.248512][ T1184] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 617.248536][ T1184] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 617.469748][ T12] netdevsim netdevsim7 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 617.588513][ T5855] Bluetooth: hci4: command tx timeout [ 617.786253][ T12] netdevsim netdevsim7 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 617.834496][ T8678] chnl_net:caif_netlink_parms(): no params data found [ 617.901351][ T8100] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 617.901369][ T8100] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 618.462040][ T57] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 618.462061][ T57] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 619.668646][ T5855] Bluetooth: hci4: command tx timeout [ 621.035865][ T8715] binder: BINDER_SET_CONTEXT_MGR already set [ 621.036015][ T8715] binder: 8709:8715 ioctl 4018620d 200000004a80 returned -16 [ 622.657159][ T5855] Bluetooth: hci4: command tx timeout [ 622.798386][ T8678] bridge0: port 1(bridge_slave_0) entered blocking state [ 622.798618][ T8678] bridge0: port 1(bridge_slave_0) entered disabled state [ 622.798866][ T8678] bridge_slave_0: entered allmulticast mode [ 622.837861][ T8678] bridge_slave_0: entered promiscuous mode [ 622.925410][ T8678] bridge0: port 2(bridge_slave_1) entered blocking state [ 622.927056][ T8678] bridge0: port 2(bridge_slave_1) entered disabled state [ 622.927240][ T8678] bridge_slave_1: entered allmulticast mode [ 622.953065][ T8678] bridge_slave_1: entered promiscuous mode [ 624.259656][ T3628] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 624.259676][ T3628] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 624.332235][ T8678] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 624.370019][ T8678] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 624.746583][ T6577] kernel write not supported for file /20/attr/sockcreate (pid: 6577 comm: kworker/1:9) [ 624.785572][ T59] Bluetooth: hci4: command tx timeout [ 625.314615][ T8747] vcan0: tx drop: invalid da for name 0x0080000000000000 [ 626.148602][ T12] bridge_slave_1: left allmulticast mode [ 626.148637][ T12] bridge_slave_1: left promiscuous mode [ 626.148900][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 626.312512][ T12] bridge_slave_0: left allmulticast mode [ 626.312542][ T12] bridge_slave_0: left promiscuous mode [ 626.312768][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 626.575904][ C1] vkms_vblank_simulate: vblank timer overrun [ 626.699557][ C1] vkms_vblank_simulate: vblank timer overrun [ 626.851666][ T8758] vcan0: tx drop: invalid da for name 0x0080000000000000 [ 626.927830][ C1] vkms_vblank_simulate: vblank timer overrun [ 627.242609][ C1] vkms_vblank_simulate: vblank timer overrun [ 627.547617][ C1] vkms_vblank_simulate: vblank timer overrun [ 627.801971][ C1] vkms_vblank_simulate: vblank timer overrun [ 628.070099][ C1] vkms_vblank_simulate: vblank timer overrun [ 628.848783][ C1] vkms_vblank_simulate: vblank timer overrun [ 629.402833][ C1] vkms_vblank_simulate: vblank timer overrun [ 629.442720][ T1326] ieee802154 phy0 wpan0: encryption failed: -22 [ 629.442808][ T1326] ieee802154 phy1 wpan1: encryption failed: -22 [ 629.533831][ T8781] vcan0: tx drop: invalid da for name 0x0080000000000000 [ 630.015537][ C1] vkms_vblank_simulate: vblank timer overrun [ 630.942635][ C1] vkms_vblank_simulate: vblank timer overrun [ 631.052067][ C1] vkms_vblank_simulate: vblank timer overrun [ 632.186884][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 632.276131][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 632.321881][ T5855] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 632.324827][ T5855] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 632.332788][ T5855] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 632.347522][ T12] bond0 (unregistering): Released all slaves [ 632.351030][ T5855] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 632.351797][ T5855] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 632.618681][ C1] vkms_vblank_simulate: vblank timer overrun [ 633.137256][ C1] vkms_vblank_simulate: vblank timer overrun [ 633.207309][ T8805] vcan0: tx drop: invalid da for name 0x0080000000000000 [ 633.405614][ T8678] team0: Port device team_slave_0 added [ 633.449570][ T8678] team0: Port device team_slave_1 added [ 633.791691][ C1] vkms_vblank_simulate: vblank timer overrun [ 634.091287][ C1] vkms_vblank_simulate: vblank timer overrun [ 635.072377][ C1] vkms_vblank_simulate: vblank timer overrun [ 635.156000][ C1] vkms_vblank_simulate: vblank timer overrun [ 635.173686][ T59] Bluetooth: hci5: command tx timeout [ 635.308382][ C1] vkms_vblank_simulate: vblank timer overrun [ 635.734720][ C1] vkms_vblank_simulate: vblank timer overrun [ 636.224986][ C1] vkms_vblank_simulate: vblank timer overrun [ 636.828170][ C1] vkms_vblank_simulate: vblank timer overrun [ 637.188432][ T59] Bluetooth: hci5: command tx timeout [ 637.373086][ C1] vkms_vblank_simulate: vblank timer overrun [ 638.419232][ T8841] binder: BINDER_SET_CONTEXT_MGR already set [ 638.419246][ T8841] binder: 8832:8841 ioctl 4018620d 200000004a80 returned -16 [ 638.642111][ T8678] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 638.642127][ T8678] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 638.642154][ T8678] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 638.713553][ T8678] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 638.713568][ T8678] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 638.713594][ T8678] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 639.268936][ T59] Bluetooth: hci5: command tx timeout [ 639.381645][ T8849] vcan0: tx drop: invalid da for name 0x0080000000000000 [ 640.173194][ C1] vkms_vblank_simulate: vblank timer overrun [ 640.304964][ C1] vkms_vblank_simulate: vblank timer overrun [ 640.638050][ T12] hsr_slave_0: left promiscuous mode [ 640.678749][ T12] hsr_slave_1: left promiscuous mode [ 640.679556][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 640.679582][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 640.753269][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 640.753297][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 640.967319][ T12] veth1_macvtap: left promiscuous mode [ 640.967440][ T12] veth0_macvtap: left promiscuous mode [ 640.977172][ T12] veth1_vlan: left promiscuous mode [ 640.977384][ T12] veth0_vlan: left promiscuous mode [ 641.353583][ T59] Bluetooth: hci5: command tx timeout [ 643.980375][ C1] vkms_vblank_simulate: vblank timer overrun [ 645.228295][ T8884] vcan0: tx drop: invalid da for name 0x0080000000000000 [ 646.881118][ T8893] sg_write: data in/out 512/1 bytes for SCSI command 0xb7-- guessing data in; [ 646.881118][ T8893] program syz.5.597 not setting count and/or reply_len properly [ 650.267873][ C1] vkms_vblank_simulate: vblank timer overrun [ 651.220900][ T8911] netlink: 20 bytes leftover after parsing attributes in process `syz.4.596'. [ 651.588574][ T12] team0 (unregistering): Port device team_slave_1 removed [ 651.839541][ T12] team0 (unregistering): Port device team_slave_0 removed [ 654.103253][ T8678] hsr_slave_0: entered promiscuous mode [ 654.106999][ T8678] hsr_slave_1: entered promiscuous mode [ 654.621012][ T8920] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 655.488792][ T31] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 655.565133][ T8929] tipc: Started in network mode [ 655.565161][ T8929] tipc: Node identity aaaaaaaaaa2b, cluster identity 4711 [ 655.594592][ T8929] tipc: Enabled bearer , priority 10 [ 655.668265][ T31] usb 5-1: Using ep0 maxpacket: 32 [ 655.690936][ T31] usb 5-1: config 0 interface 0 altsetting 16 endpoint 0x81 has invalid wMaxPacketSize 0 [ 655.690970][ T31] usb 5-1: config 0 interface 0 altsetting 16 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 655.690998][ T31] usb 5-1: config 0 interface 0 has no altsetting 0 [ 655.691029][ T31] usb 5-1: New USB device found, idVendor=1b1c, idProduct=0c10, bcdDevice= 0.00 [ 655.691052][ T31] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 655.841501][ T31] usb 5-1: config 0 descriptor?? [ 655.891642][ T8935] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 656.269505][ T31] hid (null): unknown global tag 0xc [ 656.269526][ T31] hid (null): global environment stack underflow [ 656.319822][ T31] corsair-cpro 0003:1B1C:0C10.0001: unknown global tag 0xc [ 656.319851][ T31] corsair-cpro 0003:1B1C:0C10.0001: item 0 1 1 12 parsing failed [ 656.324373][ T31] corsair-cpro 0003:1B1C:0C10.0001: probe with driver corsair-cpro failed with error -22 [ 656.483056][ T31] usb 5-1: USB disconnect, device number 11 [ 656.719850][ T5932] tipc: Node number set to 8497834 [ 656.757414][ T8799] chnl_net:caif_netlink_parms(): no params data found [ 657.761932][ T8967] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 658.793772][ T12] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 659.423327][ C1] vkms_vblank_simulate: vblank timer overrun [ 659.844195][ C1] vkms_vblank_simulate: vblank timer overrun [ 660.776712][ T12] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 661.004409][ T9010] BTRFS info: 'norecovery' is for compatibility only, recommended to use 'rescue=nologreplay' [ 661.164032][ T8799] bridge0: port 1(bridge_slave_0) entered blocking state [ 661.164229][ T8799] bridge0: port 1(bridge_slave_0) entered disabled state [ 661.164461][ T8799] bridge_slave_0: entered allmulticast mode [ 661.197686][ T8799] bridge_slave_0: entered promiscuous mode [ 661.233913][ T8799] bridge0: port 2(bridge_slave_1) entered blocking state [ 661.234071][ T8799] bridge0: port 2(bridge_slave_1) entered disabled state [ 661.234288][ T8799] bridge_slave_1: entered allmulticast mode [ 661.237444][ T8799] bridge_slave_1: entered promiscuous mode [ 661.534199][ T12] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 662.035725][ T12] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 662.100384][ T9018] netlink: 'syz.0.627': attribute type 2 has an invalid length. [ 662.104674][ T8799] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 662.143730][ T8799] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 662.566334][ T8799] team0: Port device team_slave_0 added [ 662.689670][ T8799] team0: Port device team_slave_1 added [ 664.191796][ T8799] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 664.191813][ T8799] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 664.191840][ T8799] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 664.254099][ T8799] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 664.254115][ T8799] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 664.254140][ T8799] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 664.491148][ T8753] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 664.707750][ T8753] usb 6-1: Using ep0 maxpacket: 8 [ 664.738042][ T8753] usb 6-1: New USB device found, idVendor=0fe9, idProduct=db98, bcdDevice=30.0c [ 664.738074][ T8753] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 664.738095][ T8753] usb 6-1: Product: syz [ 664.738110][ T8753] usb 6-1: Manufacturer: syz [ 664.738125][ T8753] usb 6-1: SerialNumber: syz [ 664.825783][ T8753] dvb-usb: found a 'DViCO FusionHDTV DVB-T Dual Digital 4 (rev 2)' in warm state. [ 664.825846][ T8753] dvb-usb: bulk message failed: -22 (2/0) [ 664.870317][ T8753] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 664.899693][ T8753] dvbdev: DVB: registering new adapter (DViCO FusionHDTV DVB-T Dual Digital 4 (rev 2)) [ 664.899795][ T8753] usb 6-1: media controller created [ 665.110941][ T9045] dvb-usb: bulk message failed: -22 (3/0) [ 665.265316][ T8753] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 665.378361][ T8753] usb 6-1: selecting invalid altsetting 1 [ 665.378385][ T8753] cxusb: set interface failed [ 665.378400][ T8753] dvb-usb: bulk message failed: -22 (1/0) [ 665.378420][ T8753] dvb-usb: bulk message failed: -22 (3/0) [ 665.378438][ T8753] usb 6-1: bluebird_gpio_write failed. [ 665.399980][ T8753] dvb-usb: bulk message failed: -22 (3/0) [ 665.400006][ T8753] usb 6-1: bluebird_gpio_write failed. [ 665.483434][ T8753] DVB: Unable to find symbol dib7000p_attach() [ 665.483460][ T8753] dvb-usb: no frontend was attached by 'DViCO FusionHDTV DVB-T Dual Digital 4 (rev 2)' [ 665.661252][ T8753] rc_core: IR keymap rc-dvico-mce not found [ 665.661273][ T8753] Registered IR keymap rc-empty [ 665.666547][ T8753] rc rc0: DViCO FusionHDTV DVB-T Dual Digital 4 (rev 2) as /devices/platform/dummy_hcd.5/usb6/6-1/rc/rc0 [ 665.679719][ T8753] input: DViCO FusionHDTV DVB-T Dual Digital 4 (rev 2) as /devices/platform/dummy_hcd.5/usb6/6-1/rc/rc0/input8 [ 665.684184][ T8753] dvb-usb: schedule remote query interval to 100 msecs. [ 665.684207][ T8753] dvb-usb: DViCO FusionHDTV DVB-T Dual Digital 4 (rev 2) successfully initialized and connected. [ 665.712087][ T8753] usb 6-1: USB disconnect, device number 2 [ 665.742603][ T8678] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 665.864424][ T8799] hsr_slave_0: entered promiscuous mode [ 665.883049][ T8799] hsr_slave_1: entered promiscuous mode [ 665.887394][ T8799] debugfs: 'hsr0' already exists in 'hsr' [ 665.887417][ T8799] Cannot create hsr debugfs directory [ 665.890331][ T12] bridge_slave_1: left allmulticast mode [ 665.890358][ T12] bridge_slave_1: left promiscuous mode [ 665.891015][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 665.978154][ T9061] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 666.046856][ T12] bridge_slave_0: left allmulticast mode [ 666.046886][ T12] bridge_slave_0: left promiscuous mode [ 666.047218][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 666.089240][ T8753] dvb-usb: DViCO FusionHDTV DVB-T Dual Digital 4 ( successfully deinitialized and disconnected. [ 667.696286][ T9080] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 668.860581][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 668.919849][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 668.963132][ T12] bond0 (unregistering): Released all slaves [ 669.018077][ T8678] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 669.085198][ T8678] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 669.377664][ T8678] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 669.775124][ T9099] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 670.022226][ T9106] vcan0: tx drop: invalid da for name 0x0080000000000000 [ 670.282606][ C0] vkms_vblank_simulate: vblank timer overrun [ 670.717766][ T5918] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 670.879517][ T5918] usb 6-1: Using ep0 maxpacket: 8 [ 670.884396][ T5918] usb 6-1: New USB device found, idVendor=05ac, idProduct=0269, bcdDevice= 0.00 [ 670.884421][ T5918] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 670.942008][ T5918] usb 6-1: config 0 descriptor?? [ 671.030263][ T9118] netlink: 8 bytes leftover after parsing attributes in process `syz.0.659'. [ 671.367284][ T5918] magicmouse 0003:05AC:0269.0002: reserved main item tag 0xd [ 671.367321][ T5918] magicmouse 0003:05AC:0269.0002: item fetching failed at offset 4/5 [ 671.369257][ T5918] magicmouse 0003:05AC:0269.0002: magicmouse hid parse failed [ 671.369359][ T5918] magicmouse 0003:05AC:0269.0002: probe with driver magicmouse failed with error -22 [ 671.561357][ T991] usb 6-1: USB disconnect, device number 3 [ 671.766401][ C0] vkms_vblank_simulate: vblank timer overrun [ 672.048490][ T12] hsr_slave_0: left promiscuous mode [ 672.102562][ T12] hsr_slave_1: left promiscuous mode [ 672.103501][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 672.103529][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 672.162953][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 672.162985][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 672.316296][ T12] veth1_macvtap: left promiscuous mode [ 672.316418][ T12] veth0_macvtap: left promiscuous mode [ 672.316669][ T12] veth1_vlan: left promiscuous mode [ 672.316852][ T12] veth0_vlan: left promiscuous mode [ 672.896259][ T9137] vcan0: tx drop: invalid da for name 0x0080000000000000 [ 673.582388][ C0] vkms_vblank_simulate: vblank timer overrun [ 675.258730][ T12] team0 (unregistering): Port device team_slave_1 removed [ 675.534561][ T12] team0 (unregistering): Port device team_slave_0 removed [ 676.516572][ T5855] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 676.533591][ T5855] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 676.541274][ T5855] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 676.550821][ T5855] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 676.551581][ T5855] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 677.290404][ C0] vkms_vblank_simulate: vblank timer overrun [ 677.525115][ C0] vkms_vblank_simulate: vblank timer overrun [ 678.628084][ T5855] Bluetooth: hci2: command tx timeout [ 679.429028][ T9140] warning: `syz.5.667' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 680.293352][ C0] vkms_vblank_simulate: vblank timer overrun [ 680.709603][ T5855] Bluetooth: hci2: command tx timeout [ 680.746072][ T9182] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 681.366720][ T5855] Bluetooth: hci3: connection err: -111 [ 681.755350][ T9209] netlink: 4 bytes leftover after parsing attributes in process `syz.0.690'. [ 681.847661][ T991] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 682.007607][ T991] usb 6-1: Using ep0 maxpacket: 16 [ 682.010034][ T991] usb 6-1: too many endpoints for config 1 interface 0 altsetting 0: 255, using maximum allowed: 30 [ 682.010075][ T991] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 682.010105][ T991] usb 6-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0 [ 682.010126][ T991] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 682.010145][ T991] usb 6-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 0 [ 682.010165][ T991] usb 6-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 255 [ 682.011777][ T991] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 682.011802][ T991] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 682.011820][ T991] usb 6-1: SerialNumber: syz [ 682.043275][ T991] cdc_acm 6-1:1.0: Control and data interfaces are not separated! [ 682.043525][ T991] cdc_acm 6-1:1.0: probe with driver cdc_acm failed with error -12 [ 682.320260][ T991] usb 6-1: USB disconnect, device number 4 [ 682.392934][ C0] vkms_vblank_simulate: vblank timer overrun [ 682.641896][ C0] vkms_vblank_simulate: vblank timer overrun [ 682.676098][ C0] vkms_vblank_simulate: vblank timer overrun [ 682.820219][ T5855] Bluetooth: hci2: command tx timeout [ 683.292887][ C0] vkms_vblank_simulate: vblank timer overrun [ 683.727918][ T10] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 683.828792][ C0] vkms_vblank_simulate: vblank timer overrun [ 683.839295][ T9152] chnl_net:caif_netlink_parms(): no params data found [ 683.880078][ T10] usb 6-1: Using ep0 maxpacket: 16 [ 683.882959][ T10] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 683.882988][ T10] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 683.883010][ T10] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 683.883048][ T10] usb 6-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 683.883069][ T10] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 683.900154][ T10] usb 6-1: config 0 descriptor?? [ 684.403805][ T10] microsoft 0003:045E:07DA.0003: ignoring exceeding usage max [ 684.405815][ T10] microsoft 0003:045E:07DA.0003: unbalanced collection at end of report description [ 684.406492][ T10] microsoft 0003:045E:07DA.0003: parse failed [ 684.406572][ T10] microsoft 0003:045E:07DA.0003: probe with driver microsoft failed with error -22 [ 684.660181][ T10] usb 6-1: USB disconnect, device number 5 [ 684.868107][ T5855] Bluetooth: hci2: command tx timeout [ 685.537658][ T991] usb 6-1: new high-speed USB device number 6 using dummy_hcd [ 685.697682][ T991] usb 6-1: Using ep0 maxpacket: 8 [ 685.716752][ T991] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 685.716800][ T991] usb 6-1: New USB device found, idVendor=1e7d, idProduct=30d4, bcdDevice= 0.00 [ 685.716825][ T991] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 685.722723][ T991] usb 6-1: config 0 descriptor?? [ 685.954981][ T9152] bridge0: port 1(bridge_slave_0) entered blocking state [ 685.955281][ T9152] bridge0: port 1(bridge_slave_0) entered disabled state [ 685.955587][ T9152] bridge_slave_0: entered allmulticast mode [ 685.990822][ T9152] bridge_slave_0: entered promiscuous mode [ 685.996134][ T9269] netlink: 204 bytes leftover after parsing attributes in process `syz.4.700'. [ 686.155663][ T991] arvo 0003:1E7D:30D4.0004: unknown main item tag 0x0 [ 686.155699][ T991] arvo 0003:1E7D:30D4.0004: unknown main item tag 0x0 [ 686.155724][ T991] arvo 0003:1E7D:30D4.0004: unknown main item tag 0x0 [ 686.155748][ T991] arvo 0003:1E7D:30D4.0004: unknown main item tag 0x0 [ 686.155772][ T991] arvo 0003:1E7D:30D4.0004: unknown main item tag 0x0 [ 686.205432][ T991] arvo 0003:1E7D:30D4.0004: hidraw0: USB HID v0.00 Device [HID 1e7d:30d4] on usb-dummy_hcd.5-1/input0 [ 686.303843][ T9152] bridge0: port 2(bridge_slave_1) entered blocking state [ 686.303980][ T9152] bridge0: port 2(bridge_slave_1) entered disabled state [ 686.304211][ T9152] bridge_slave_1: entered allmulticast mode [ 686.317634][ T9152] bridge_slave_1: entered promiscuous mode [ 686.353494][ T991] usb 6-1: USB disconnect, device number 6 [ 686.473421][ T9274] fido_id[9274]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.5/usb6/6-1/report_descriptor': No such file or directory [ 686.686344][ C0] vkms_vblank_simulate: vblank timer overrun [ 686.777762][ C0] vkms_vblank_simulate: vblank timer overrun [ 687.802756][ C0] vkms_vblank_simulate: vblank timer overrun [ 687.923212][ T5855] Bluetooth: hci3: command 0x0406 tx timeout [ 688.045748][ C0] vkms_vblank_simulate: vblank timer overrun [ 688.218610][ T6055] usb 6-1: new high-speed USB device number 7 using dummy_hcd [ 688.438214][ T6055] usb 6-1: Using ep0 maxpacket: 8 [ 688.521433][ T6055] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 688.521465][ T6055] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 688.521486][ T6055] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 8 [ 688.521525][ T6055] usb 6-1: New USB device found, idVendor=056e, idProduct=00fe, bcdDevice= 0.00 [ 688.521545][ T6055] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 688.574056][ T8799] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 688.758312][ C0] vkms_vblank_simulate: vblank timer overrun [ 688.811975][ T6055] usb 6-1: config 0 descriptor?? [ 688.820370][ T9284] team_slave_0: entered promiscuous mode [ 688.820429][ T9284] team_slave_1: entered promiscuous mode [ 689.029738][ T8799] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 689.084374][ T9152] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 689.087197][ T8799] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 689.128023][ T10] usb 5-1: new high-speed USB device number 12 using dummy_hcd [ 689.165613][ T9152] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 689.166401][ T8799] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 689.232502][ T6055] elecom 0003:056E:00FE.0005: unknown main item tag 0x4 [ 689.232539][ T6055] elecom 0003:056E:00FE.0005: unknown main item tag 0x6 [ 689.232573][ T6055] elecom 0003:056E:00FE.0005: unknown main item tag 0x0 [ 689.232608][ T6055] elecom 0003:056E:00FE.0005: unknown main item tag 0x0 [ 689.232634][ T6055] elecom 0003:056E:00FE.0005: unknown main item tag 0x0 [ 689.256652][ T6055] elecom 0003:056E:00FE.0005: hidraw0: USB HID v0.00 Device [HID 056e:00fe] on usb-dummy_hcd.5-1/input0 [ 689.287750][ T10] usb 5-1: Using ep0 maxpacket: 8 [ 689.291898][ T10] usb 5-1: config index 0 descriptor too short (expected 30, got 18) [ 689.295079][ T10] usb 5-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea [ 689.295105][ T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 689.295124][ T10] usb 5-1: Product: syz [ 689.295137][ T10] usb 5-1: Manufacturer: syz [ 689.295151][ T10] usb 5-1: SerialNumber: syz [ 689.314552][ T10] usb 5-1: config 0 descriptor?? [ 689.335654][ T10] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state. [ 689.335711][ T10] usb 5-1: setting power ON [ 689.335731][ T10] dvb-usb: bulk message failed: -22 (2/0) [ 689.359960][ T10] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 689.362074][ T10] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID)) [ 689.362129][ T10] usb 5-1: media controller created [ 689.450730][ T6055] usb 6-1: USB disconnect, device number 7 [ 689.470112][ T10] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 689.532478][ T10] usb 5-1: selecting invalid altsetting 6 [ 689.532499][ T10] usb 5-1: digital interface selection failed (-22) [ 689.532513][ T10] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)' [ 689.538854][ T9292] dvb-usb: bulk message failed: -22 (3/0) [ 689.538878][ T9292] dvb-usb: bulk message failed: -22 (3/0) [ 689.539402][ T10] usb 5-1: setting power OFF [ 689.539574][ T10] dvb-usb: bulk message failed: -22 (2/0) [ 689.539591][ T10] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected. [ 689.539605][ T10] (NULL device *): no alternate interface [ 689.655615][ T10] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected. [ 689.689261][ T10] usb 5-1: USB disconnect, device number 12 [ 689.695862][ T9152] team0: Port device team_slave_0 added [ 689.741704][ T9152] team0: Port device team_slave_1 added [ 690.016441][ T9303] netlink: 8 bytes leftover after parsing attributes in process `syz.5.708'. [ 690.016474][ T9303] netlink: 4 bytes leftover after parsing attributes in process `syz.5.708'. [ 690.187770][ T9152] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 690.187789][ T9152] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 690.187819][ T9152] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 690.227160][ T9152] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 690.227177][ T9152] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 690.227205][ T9152] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 690.482914][ T12] bridge_slave_1: left allmulticast mode [ 690.482938][ T12] bridge_slave_1: left promiscuous mode [ 690.483097][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 690.544691][ T12] bridge_slave_0: left allmulticast mode [ 690.544714][ T12] bridge_slave_0: left promiscuous mode [ 690.545818][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 690.567753][ T991] usb 5-1: new full-speed USB device number 13 using dummy_hcd [ 690.657788][ T6055] usb 6-1: new high-speed USB device number 8 using dummy_hcd [ 690.741724][ T991] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 690.741751][ T991] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 690.741805][ T991] usb 5-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8 [ 690.741827][ T991] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 690.761626][ T991] usb 5-1: config 0 descriptor?? [ 690.774332][ T991] dvb-usb: found a 'Artec T1 USB2.0' in warm state. [ 690.774521][ T991] dvb-usb: bulk message failed: -22 (3/0) [ 690.789981][ T991] dvb-usb: will use the device's hardware PID filter (table count: 16). [ 690.790989][ T991] dvbdev: DVB: registering new adapter (Artec T1 USB2.0) [ 690.791043][ T991] usb 5-1: media controller created [ 690.794293][ T991] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 690.820517][ T6055] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7 [ 690.820548][ T6055] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 690.820570][ T6055] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 7 [ 690.820594][ T6055] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8A has invalid wMaxPacketSize 0 [ 690.830215][ T6055] usb 6-1: New USB device found, idVendor=0a07, idProduct=00d0, bcdDevice=10.13 [ 690.830242][ T6055] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 690.830261][ T6055] usb 6-1: Product: syz [ 690.830275][ T6055] usb 6-1: Manufacturer: syz [ 690.830288][ T6055] usb 6-1: SerialNumber: syz [ 690.835703][ T991] dvb-usb: bulk message failed: -22 (6/0) [ 690.835840][ T991] dvb-usb: no frontend was attached by 'Artec T1 USB2.0' [ 690.864422][ T991] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.4/usb5/5-1/input/input9 [ 690.873351][ T1326] ieee802154 phy0 wpan0: encryption failed: -22 [ 690.873455][ T1326] ieee802154 phy1 wpan1: encryption failed: -22 [ 690.884413][ T991] dvb-usb: schedule remote query interval to 150 msecs. [ 690.884434][ T991] dvb-usb: Artec T1 USB2.0 successfully initialized and connected. [ 691.008791][ T6055] usb 6-1: config 0 descriptor?? [ 691.010912][ T9309] dvb-usb: bulk message failed: -22 (4/0) [ 691.057168][ T31] dvb-usb: bulk message failed: -22 (1/0) [ 691.057220][ T31] dvb-usb: error while querying for an remote control event. [ 691.062409][ T31] usb 5-1: USB disconnect, device number 13 [ 691.240135][ T6055] adutux 6-1:0.0: ADU208 now attached to /dev/usb/adutux0 [ 691.270290][ T31] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected. [ 691.275952][ T6055] usb 6-1: USB disconnect, device number 8 [ 691.375795][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 691.459204][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 691.522760][ T12] bond0 (unregistering): Released all slaves [ 692.359621][ T9152] hsr_slave_0: entered promiscuous mode [ 692.486380][ T9152] hsr_slave_1: entered promiscuous mode [ 692.487221][ T9152] debugfs: 'hsr0' already exists in 'hsr' [ 692.502981][ T9152] Cannot create hsr debugfs directory [ 693.129582][ C0] vkms_vblank_simulate: vblank timer overrun [ 693.155302][ C0] vkms_vblank_simulate: vblank timer overrun [ 693.210352][ C0] vkms_vblank_simulate: vblank timer overrun [ 693.238670][ C0] vkms_vblank_simulate: vblank timer overrun [ 693.359604][ C0] vkms_vblank_simulate: vblank timer overrun [ 693.389504][ C0] vkms_vblank_simulate: vblank timer overrun [ 693.419209][ C0] vkms_vblank_simulate: vblank timer overrun [ 693.461321][ C0] vkms_vblank_simulate: vblank timer overrun [ 693.490289][ C0] vkms_vblank_simulate: vblank timer overrun [ 693.519909][ C0] vkms_vblank_simulate: vblank timer overrun [ 693.579187][ C0] vkms_vblank_simulate: vblank timer overrun [ 693.607274][ C0] vkms_vblank_simulate: vblank timer overrun [ 693.659047][ T5855] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 693.660721][ C0] vkms_vblank_simulate: vblank timer overrun [ 693.682349][ T5855] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 693.687259][ T5855] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 693.688260][ C0] vkms_vblank_simulate: vblank timer overrun [ 693.689739][ T5855] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 693.690720][ T5855] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 693.744511][ C0] vkms_vblank_simulate: vblank timer overrun [ 693.774191][ C0] vkms_vblank_simulate: vblank timer overrun [ 693.815047][ C0] vkms_vblank_simulate: vblank timer overrun [ 693.847933][ C0] vkms_vblank_simulate: vblank timer overrun [ 693.879453][ C0] vkms_vblank_simulate: vblank timer overrun [ 693.911790][ C0] vkms_vblank_simulate: vblank timer overrun [ 693.942829][ C0] vkms_vblank_simulate: vblank timer overrun [ 693.972222][ C0] vkms_vblank_simulate: vblank timer overrun [ 694.029345][ C0] vkms_vblank_simulate: vblank timer overrun [ 694.062392][ C0] vkms_vblank_simulate: vblank timer overrun [ 694.094593][ C0] vkms_vblank_simulate: vblank timer overrun [ 694.124128][ C0] vkms_vblank_simulate: vblank timer overrun [ 694.151488][ C0] vkms_vblank_simulate: vblank timer overrun [ 694.209744][ C0] vkms_vblank_simulate: vblank timer overrun [ 694.237850][ C0] vkms_vblank_simulate: vblank timer overrun [ 694.296035][ C0] vkms_vblank_simulate: vblank timer overrun [ 694.355114][ C0] vkms_vblank_simulate: vblank timer overrun [ 694.384696][ C0] vkms_vblank_simulate: vblank timer overrun [ 694.426911][ C0] vkms_vblank_simulate: vblank timer overrun [ 694.454861][ C0] vkms_vblank_simulate: vblank timer overrun [ 694.493397][ C0] vkms_vblank_simulate: vblank timer overrun [ 694.525313][ C0] vkms_vblank_simulate: vblank timer overrun [ 694.560316][ C0] vkms_vblank_simulate: vblank timer overrun [ 694.589022][ C0] vkms_vblank_simulate: vblank timer overrun [ 694.646074][ C0] vkms_vblank_simulate: vblank timer overrun [ 694.674408][ C0] vkms_vblank_simulate: vblank timer overrun [ 694.709979][ C0] vkms_vblank_simulate: vblank timer overrun [ 694.737413][ C0] vkms_vblank_simulate: vblank timer overrun [ 694.794059][ C0] vkms_vblank_simulate: vblank timer overrun [ 694.885308][ C0] vkms_vblank_simulate: vblank timer overrun [ 694.923093][ C0] vkms_vblank_simulate: vblank timer overrun [ 694.952263][ C0] vkms_vblank_simulate: vblank timer overrun [ 694.994659][ C0] vkms_vblank_simulate: vblank timer overrun [ 695.318193][ T31] usb 5-1: new high-speed USB device number 14 using dummy_hcd [ 695.470446][ T31] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 695.470493][ T31] usb 5-1: New USB device found, idVendor=044e, idProduct=121e, bcdDevice= 0.00 [ 695.470513][ T31] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 695.513564][ T31] usb 5-1: config 0 descriptor?? [ 695.747794][ T5855] Bluetooth: hci4: command tx timeout [ 695.978590][ T31] hid_parser_main: 54 callbacks suppressed [ 695.978630][ T31] hid-alps 0003:044E:121E.0006: unknown main item tag 0x0 [ 695.978663][ T31] hid-alps 0003:044E:121E.0006: unknown main item tag 0x0 [ 695.978692][ T31] hid-alps 0003:044E:121E.0006: unknown main item tag 0x0 [ 695.978733][ T31] hid-alps 0003:044E:121E.0006: unknown main item tag 0x0 [ 695.978771][ T31] hid-alps 0003:044E:121E.0006: unknown main item tag 0x0 [ 695.978797][ T31] hid-alps 0003:044E:121E.0006: unknown main item tag 0x0 [ 695.978822][ T31] hid-alps 0003:044E:121E.0006: unknown main item tag 0x0 [ 696.051100][ T31] hid-alps 0003:044E:121E.0006: hidraw0: USB HID v0.05 Device [HID 044e:121e] on usb-dummy_hcd.4-1/input0 [ 696.279614][ T31] usb 5-1: USB disconnect, device number 14 [ 696.395637][ T9334] fido_id[9334]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/report_descriptor': No such file or directory [ 697.158017][ C0] vkms_vblank_simulate: vblank timer overrun [ 697.188768][ C0] vkms_vblank_simulate: vblank timer overrun [ 697.245905][ C0] vkms_vblank_simulate: vblank timer overrun [ 697.276078][ C0] vkms_vblank_simulate: vblank timer overrun [ 697.306625][ C0] vkms_vblank_simulate: vblank timer overrun [ 697.350315][ C0] vkms_vblank_simulate: vblank timer overrun [ 697.380697][ C0] vkms_vblank_simulate: vblank timer overrun [ 697.424442][ C0] vkms_vblank_simulate: vblank timer overrun [ 697.453642][ C0] vkms_vblank_simulate: vblank timer overrun [ 697.514173][ C0] vkms_vblank_simulate: vblank timer overrun [ 698.037538][ C0] sched: DL replenish lagged too much [ 698.346397][ T5855] Bluetooth: hci4: command tx timeout [ 698.349563][ C0] vkms_vblank_simulate: vblank timer overrun [ 698.513776][ C0] vkms_vblank_simulate: vblank timer overrun [ 698.565146][ C0] vkms_vblank_simulate: vblank timer overrun [ 698.624465][ C0] vkms_vblank_simulate: vblank timer overrun [ 698.653500][ C0] vkms_vblank_simulate: vblank timer overrun [ 698.681756][ C0] vkms_vblank_simulate: vblank timer overrun [ 698.718652][ C0] vkms_vblank_simulate: vblank timer overrun [ 698.748015][ C0] vkms_vblank_simulate: vblank timer overrun [ 698.776312][ C0] vkms_vblank_simulate: vblank timer overrun [ 698.856343][ C0] vkms_vblank_simulate: vblank timer overrun [ 698.885755][ C0] vkms_vblank_simulate: vblank timer overrun [ 698.897656][ T991] usb 5-1: new high-speed USB device number 15 using dummy_hcd [ 698.916343][ C0] vkms_vblank_simulate: vblank timer overrun [ 698.945632][ C0] vkms_vblank_simulate: vblank timer overrun [ 698.975632][ C0] vkms_vblank_simulate: vblank timer overrun [ 699.015370][ C0] vkms_vblank_simulate: vblank timer overrun [ 699.043695][ C0] vkms_vblank_simulate: vblank timer overrun [ 699.059135][ T991] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 699.059175][ T991] usb 5-1: New USB device found, idVendor=046d, idProduct=c71f, bcdDevice= 0.00 [ 699.059195][ T991] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 699.076467][ C0] vkms_vblank_simulate: vblank timer overrun [ 699.112729][ C0] vkms_vblank_simulate: vblank timer overrun [ 699.118353][ T991] usb 5-1: config 0 descriptor?? [ 699.142643][ C0] vkms_vblank_simulate: vblank timer overrun [ 699.175868][ C0] vkms_vblank_simulate: vblank timer overrun [ 699.234270][ C0] vkms_vblank_simulate: vblank timer overrun [ 699.265898][ C0] vkms_vblank_simulate: vblank timer overrun [ 699.298230][ C0] vkms_vblank_simulate: vblank timer overrun [ 699.328828][ C0] vkms_vblank_simulate: vblank timer overrun [ 699.372686][ C0] vkms_vblank_simulate: vblank timer overrun [ 699.402974][ C0] vkms_vblank_simulate: vblank timer overrun [ 699.433314][ C0] vkms_vblank_simulate: vblank timer overrun [ 699.465663][ C0] vkms_vblank_simulate: vblank timer overrun [ 699.494783][ C0] vkms_vblank_simulate: vblank timer overrun [ 699.525939][ C0] vkms_vblank_simulate: vblank timer overrun [ 699.567234][ C0] vkms_vblank_simulate: vblank timer overrun [ 699.594506][ C0] vkms_vblank_simulate: vblank timer overrun [ 699.662702][ C0] vkms_vblank_simulate: vblank timer overrun [ 699.705725][ T991] logitech-djreceiver 0003:046D:C71F.0007: hidraw0: USB HID v0.00 Device [HID 046d:c71f] on usb-dummy_hcd.4-1/input0 [ 699.719011][ C0] vkms_vblank_simulate: vblank timer overrun [ 699.749676][ C0] vkms_vblank_simulate: vblank timer overrun [ 699.777097][ C0] vkms_vblank_simulate: vblank timer overrun [ 699.820000][ C0] vkms_vblank_simulate: vblank timer overrun [ 699.844763][ T991] usb 5-1: USB disconnect, device number 15 [ 699.864645][ C0] vkms_vblank_simulate: vblank timer overrun [ 699.893843][ C0] vkms_vblank_simulate: vblank timer overrun [ 699.957624][ C0] vkms_vblank_simulate: vblank timer overrun [ 699.986773][ C0] vkms_vblank_simulate: vblank timer overrun [ 700.015583][ C0] vkms_vblank_simulate: vblank timer overrun [ 700.048713][ C0] vkms_vblank_simulate: vblank timer overrun [ 700.077682][ C0] vkms_vblank_simulate: vblank timer overrun [ 700.134510][ C0] vkms_vblank_simulate: vblank timer overrun [ 700.136562][ T9347] fido_id[9347]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/report_descriptor': No such file or directory [ 700.165848][ C0] vkms_vblank_simulate: vblank timer overrun [ 700.197958][ C0] vkms_vblank_simulate: vblank timer overrun [ 700.226720][ C0] vkms_vblank_simulate: vblank timer overrun [ 700.269491][ C0] vkms_vblank_simulate: vblank timer overrun [ 700.298342][ C0] vkms_vblank_simulate: vblank timer overrun [ 700.327845][ C0] vkms_vblank_simulate: vblank timer overrun [ 700.371967][ C0] vkms_vblank_simulate: vblank timer overrun [ 700.391661][ T5855] Bluetooth: hci4: command tx timeout [ 700.400789][ C0] vkms_vblank_simulate: vblank timer overrun [ 700.432425][ C0] vkms_vblank_simulate: vblank timer overrun [ 700.463626][ C0] vkms_vblank_simulate: vblank timer overrun [ 700.498375][ C0] vkms_vblank_simulate: vblank timer overrun [ 700.527672][ C0] vkms_vblank_simulate: vblank timer overrun [ 700.659645][ C0] vkms_vblank_simulate: vblank timer overrun [ 700.702415][ C0] vkms_vblank_simulate: vblank timer overrun [ 700.732369][ C0] vkms_vblank_simulate: vblank timer overrun [ 700.766569][ C0] vkms_vblank_simulate: vblank timer overrun [ 700.799599][ C0] vkms_vblank_simulate: vblank timer overrun [ 700.827605][ C0] vkms_vblank_simulate: vblank timer overrun [ 700.871336][ C0] vkms_vblank_simulate: vblank timer overrun [ 700.905049][ C0] vkms_vblank_simulate: vblank timer overrun [ 700.931918][ C0] vkms_vblank_simulate: vblank timer overrun [ 700.957854][ T31] usb 5-1: new high-speed USB device number 16 using dummy_hcd [ 700.975977][ C0] vkms_vblank_simulate: vblank timer overrun [ 701.035747][ C0] vkms_vblank_simulate: vblank timer overrun [ 701.064319][ C0] vkms_vblank_simulate: vblank timer overrun [ 701.107718][ T31] usb 5-1: Using ep0 maxpacket: 32 [ 701.109987][ T31] usb 5-1: config 0 has an invalid interface number: 12 but max is 0 [ 701.110009][ T31] usb 5-1: config 0 has no interface number 0 [ 701.110054][ T31] usb 5-1: config 0 interface 12 has no altsetting 0 [ 701.113147][ T31] usb 5-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40 [ 701.113171][ T31] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 701.113189][ T31] usb 5-1: Product: syz [ 701.113202][ T31] usb 5-1: Manufacturer: syz [ 701.113215][ T31] usb 5-1: SerialNumber: syz [ 701.198730][ T31] usb 5-1: config 0 descriptor?? [ 701.870092][ T31] f81534 5-1:0.12: f81534_set_register: reg: 1003 data: b0 failed: -71 [ 701.870146][ T31] f81534 5-1:0.12: f81534_find_config_idx: read failed: -71 [ 701.870162][ T31] f81534 5-1:0.12: f81534_calc_num_ports: find idx failed: -71 [ 701.870256][ T31] f81534 5-1:0.12: probe with driver f81534 failed with error -71 [ 701.918756][ T31] usb 5-1: USB disconnect, device number 16 [ 702.468066][ T5855] Bluetooth: hci4: command tx timeout [ 702.767753][ T31] usb 5-1: new high-speed USB device number 17 using dummy_hcd [ 702.917761][ T31] usb 5-1: Using ep0 maxpacket: 8 [ 702.922743][ T31] usb 5-1: unable to get BOS descriptor or descriptor too short [ 702.945189][ T31] usb 5-1: config 4 interface 0 has no altsetting 0 [ 702.962613][ T31] usb 5-1: string descriptor 0 read error: -22 [ 702.962704][ T31] usb 5-1: New USB device found, idVendor=058f, idProduct=6610, bcdDevice=48.05 [ 702.962726][ T31] usb 5-1: New USB device strings: Mfr=2, Product=0, SerialNumber=3 [ 703.032564][ T31] usb 5-1: dvb_usb_v2: found a 'Sigmatek DVB-110' in warm state [ 703.063563][ T31] usb 5-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 703.064145][ T31] dvbdev: DVB: registering new adapter (Sigmatek DVB-110) [ 703.064192][ T31] usb 5-1: media controller created [ 703.169961][ T31] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 704.381961][ T31] zl10353_read_register: readreg error (reg=127, ret==0) [ 704.830951][ T31] usb 5-1: USB disconnect, device number 17 [ 706.337928][ T31] usb 5-1: new high-speed USB device number 18 using dummy_hcd [ 706.504272][ T31] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 706.504300][ T31] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 706.504339][ T31] usb 5-1: New USB device found, idVendor=046d, idProduct=c29c, bcdDevice= 0.00 [ 706.504360][ T31] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 706.578671][ T31] usb 5-1: config 0 descriptor?? [ 707.117299][ T31] logitech 0003:046D:C29C.0008: unknown main item tag 0x0 [ 707.117335][ T31] logitech 0003:046D:C29C.0008: unknown main item tag 0x0 [ 707.198404][ T31] logitech 0003:046D:C29C.0008: hidraw0: USB HID v10.00 Device [HID 046d:c29c] on usb-dummy_hcd.4-1/input0 [ 707.314478][ T31] logitech 0003:046D:C29C.0008: no inputs found [ 707.409368][ T31] usb 5-1: USB disconnect, device number 18 [ 707.653712][ T9362] fido_id[9362]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/report_descriptor': No such file or directory [ 709.488964][ C1] vkms_vblank_simulate: vblank timer overrun [ 709.975076][ T6577] usb 5-1: new high-speed USB device number 19 using dummy_hcd [ 710.064797][ T59] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 710.092598][ T59] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 710.093913][ T59] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 710.095169][ T59] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 710.097028][ T59] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 710.150774][ T6577] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 710.150803][ T6577] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 710.150823][ T6577] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 710.150861][ T6577] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 710.150882][ T6577] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 710.242781][ T6577] usb 5-1: config 0 descriptor?? [ 710.819694][ T6577] plantronics 0003:047F:FFFF.0009: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0 [ 710.940214][ T6577] usb 5-1: USB disconnect, device number 19 [ 711.080949][ T9376] fido_id[9376]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/report_descriptor': No such file or directory [ 711.622698][ C1] vkms_vblank_simulate: vblank timer overrun [ 712.307977][ T5855] Bluetooth: hci6: command tx timeout [ 714.387784][ T5855] Bluetooth: hci6: command tx timeout [ 716.468048][ T5855] Bluetooth: hci6: command tx timeout [ 718.555742][ T5855] Bluetooth: hci6: command tx timeout [ 755.662784][ T1326] ieee802154 phy0 wpan0: encryption failed: -22 [ 755.700652][ T1326] ieee802154 phy1 wpan1: encryption failed: -22 [ 802.634428][ T59] Bluetooth: hci2: command 0x0406 tx timeout [ 805.764568][ T9411] Bluetooth: hci7: Opcode 0x0c03 failed: -110 [ 815.351590][ T9417] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 815.649654][ T1326] ieee802154 phy0 wpan0: encryption failed: -22 [ 815.690810][ T1326] ieee802154 phy1 wpan1: encryption failed: -22 [ 816.567284][ T9417] Bluetooth: hci4: command 0x0406 tx timeout [ 817.443608][ T9416] Bluetooth: hci7: Opcode 0x0c03 failed: -110 [ 829.067572][ T7523] Bluetooth: hci8: Opcode 0x0c03 failed: -110 [ 829.078401][ T9427] Bluetooth: hci8: unexpected cc 0x0c03 length: 249 > 1 [ 829.296785][ T9427] Bluetooth: hci9: unexpected cc 0x0c03 length: 249 > 1 [ 830.312699][ T9427] Bluetooth: hci9: unexpected cc 0x1003 length: 249 > 9 [ 830.337718][ T7523] Bluetooth: hci9: unexpected cc 0x1001 length: 249 > 9 [ 830.339035][ T7523] Bluetooth: hci9: unexpected cc 0x0c23 length: 249 > 4 [ 830.339848][ T7523] Bluetooth: hci9: unexpected cc 0x0c38 length: 249 > 2 [ 830.345479][ T9411] Bluetooth: hci10: unexpected cc 0x0c03 length: 249 > 1 [ 831.306645][ T9411] Bluetooth: hci10: unexpected cc 0x1003 length: 249 > 9 [ 834.965410][ T9427] Bluetooth: hci10: Opcode 0x1001 failed: -110 [ 834.979259][ T9426] Bluetooth: hci9: unexpected cc 0x0c03 length: 249 > 1 [ 834.979411][ T9426] Bluetooth: hci10: unexpected cc 0x1001 length: 249 > 9 [ 834.984961][ T9427] Bluetooth: hci9: unexpected cc 0x1003 length: 249 > 9 [ 834.985781][ T9427] Bluetooth: hci10: unexpected cc 0x0c03 length: 249 > 1 [ 834.986556][ T9427] Bluetooth: hci9: unexpected cc 0x1001 length: 249 > 9 [ 834.986928][ T9427] Bluetooth: hci10: unexpected cc 0x1003 length: 249 > 9 [ 834.987751][ T9427] Bluetooth: hci10: unexpected cc 0x1001 length: 249 > 9 [ 834.989265][ T9427] Bluetooth: hci10: unexpected cc 0x0c23 length: 249 > 4 [ 834.990250][ T9427] Bluetooth: hci10: unexpected cc 0x0c38 length: 249 > 2 [ 834.991549][ T9427] Bluetooth: hci9: unexpected cc 0x0c23 length: 249 > 4 [ 834.997041][ T9426] Bluetooth: hci11: unexpected cc 0x0c03 length: 249 > 1 [ 835.539567][ T9426] Bluetooth: hci11: unexpected cc 0x1003 length: 249 > 9 [ 835.540812][ T9426] Bluetooth: hci11: unexpected cc 0x1001 length: 249 > 9 [ 836.253775][ T9426] Bluetooth: hci9: unexpected cc 0x0c38 length: 249 > 2 [ 836.260077][ T9426] Bluetooth: hci11: unexpected cc 0x0c23 length: 249 > 4 [ 836.260808][ T9426] Bluetooth: hci11: unexpected cc 0x0c38 length: 249 > 2 [ 837.572884][ T9417] Bluetooth: hci6: command 0x0406 tx timeout [ 837.582936][ T9417] Bluetooth: hci8: unexpected cc 0x0c03 length: 249 > 1 [ 838.718841][ T9411] Bluetooth: hci8: unexpected cc 0x1003 length: 249 > 9 [ 838.874621][ T9411] Bluetooth: hci8: unexpected cc 0x1001 length: 249 > 9 [ 840.192329][ T9417] Bluetooth: hci8: unexpected cc 0x0c23 length: 249 > 4 [ 840.197888][ T9417] Bluetooth: hci8: unexpected cc 0x0c38 length: 249 > 2 [ 842.192834][ T9426] Bluetooth: hci12: unexpected cc 0x0c03 length: 249 > 1 [ 842.204029][ T9426] Bluetooth: hci12: unexpected cc 0x1003 length: 249 > 9 [ 842.205355][ T9426] Bluetooth: hci12: unexpected cc 0x1001 length: 249 > 9 [ 842.206572][ T9426] Bluetooth: hci12: unexpected cc 0x0c23 length: 249 > 4 [ 842.207266][ T9426] Bluetooth: hci12: unexpected cc 0x0c38 length: 249 > 2 [ 845.608789][ T9423] Bluetooth: hci8: Opcode 0x0c1a failed: -110 [ 852.676826][ T9426] Bluetooth: hci12: unexpected cc 0x0c03 length: 249 > 1 [ 852.703522][ T9426] Bluetooth: hci12: unexpected cc 0x1003 length: 249 > 9 [ 853.851235][ T9426] Bluetooth: hci12: unexpected cc 0x1001 length: 249 > 9 [ 856.047836][ T39] INFO: task kworker/u8:5:70 blocked for more than 149 seconds. [ 856.047868][ T39] Not tainted syzkaller #0 [ 856.047880][ T39] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 856.047894][ T39] task:kworker/u8:5 state:D stack:18960 pid:70 tgid:70 ppid:2 task_flags:0x4208060 flags:0x00004000 [ 856.047954][ T39] Workqueue: events_unbound linkwatch_event [ 856.048005][ T39] Call Trace: [ 856.048013][ T39] [ 856.048028][ T39] __schedule+0x16f3/0x4c20 [ 856.048080][ T39] ? do_raw_spin_lock+0x121/0x290 [ 856.048119][ T39] ? __pfx___schedule+0x10/0x10 [ 856.048168][ T39] ? _raw_spin_unlock_irq+0x23/0x50 [ 856.048201][ T39] rt_mutex_schedule+0x77/0xf0 [ 856.048224][ T39] rt_mutex_slowlock_block+0x5ba/0x6d0 [ 856.048248][ T39] ? task_blocks_on_rt_mutex+0xf12/0x1380 [ 856.048293][ T39] rt_mutex_slowlock+0x2b1/0x6e0 [ 856.048319][ T39] ? rt_mutex_slowlock+0x1c9/0x6e0 [ 856.048344][ T39] ? __pfx_rt_mutex_slowlock+0x10/0x10 [ 856.048381][ T39] ? linkwatch_event+0xe/0x60 [ 856.048421][ T39] ? process_scheduled_works+0x9ef/0x17b0 [ 856.048455][ T39] ? linkwatch_event+0xe/0x60 [ 856.048486][ T39] mutex_lock_nested+0x16a/0x1d0 [ 856.048507][ T39] ? _raw_spin_unlock_irq+0x23/0x50 [ 856.048536][ T39] ? process_scheduled_works+0x9ef/0x17b0 [ 856.048566][ T39] linkwatch_event+0xe/0x60 [ 856.048597][ T39] process_scheduled_works+0xade/0x17b0 [ 856.048659][ T39] ? __pfx_process_scheduled_works+0x10/0x10 [ 856.048708][ T39] worker_thread+0x8a0/0xda0 [ 856.048769][ T39] kthread+0x70e/0x8a0 [ 856.048827][ T39] ? __pfx_worker_thread+0x10/0x10 [ 856.048851][ T39] ? __pfx_kthread+0x10/0x10 [ 856.048884][ T39] ? __pfx_kthread+0x10/0x10 [ 856.048913][ T39] ret_from_fork+0x3f9/0x770 [ 856.048940][ T39] ? __pfx_ret_from_fork+0x10/0x10 [ 856.048977][ T39] ? __switch_to_asm+0x39/0x70 [ 856.048995][ T39] ? __switch_to_asm+0x33/0x70 [ 856.049011][ T39] ? __pfx_kthread+0x10/0x10 [ 856.049040][ T39] ret_from_fork_asm+0x1a/0x30 [ 856.049074][ T39] [ 856.049167][ T39] INFO: task dhcpcd:5502 blocked for more than 149 seconds. [ 856.049179][ T39] Not tainted syzkaller #0 [ 856.049189][ T39] "echo 0 > /proc/sys/kernel/hung_task_time[ 856.049189][ T39] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 856.049197][ T39] task:dhcpcd state:D stack:20944 pid:5502 tgid:5502 ppid:5501 task_flags:0x400140 flags:0x00004002 [ 856.049245][ T39] Call Trace: [ 856.049251][ T39] [ 856.049263][ T39] __schedule+0x16f3/0x4c20 [ 856.049306][ T39] ? __kernel_text_address+0xd/0x40 [ 856.049329][ T39] ? __pfx___schedule+0x10/0x10 [ 856.049370][ T39] ? _raw_spin_unlock_irq+0x23/0x50 [ 856.049398][ T39] rt_mutex_schedule+0x77/0xf0 [ 856.049416][ T39] rt_mutex_slowlock_block+0x5ba/0x6d0 [ 856.049436][ T39] ? task_blocks_on_rt_mutex+0xf12/0x1380 [ 856.049472][ T39] rt_mutex_slowlock+0x2b1/0x6e0 [ 856.049495][ T39] ? rt_mutex_slowlock+0x1c9/0x6e0 [ 856.049516][ T39] ? __pfx_rt_mutex_slowlock+0x10/0x10 [ 856.049534][ T39] ? __lock_acquire+0xab9/0xd20 [ 856.049570][ T39] ? rtnl_newlink+0x8db/0x1c70 [ 856.049595][ T39] ? safesetid_security_capable+0xa9/0x1a0 [ 856.049619][ T39] ? bpf_lsm_capable+0x9/0x20 [ 856.049643][ T39] ? security_capable+0x7e/0x2e0 [ 856.049674][ T39] ? rtnl_newlink+0x8db/0x1c70 [ 856.049695][ T39] mutex_lock_nested+0x16a/0x1d0 [ 856.049720][ T39] rtnl_newlink+0x8db/0x1c70 [ 856.049755][ T39] ? __pfx_rtnl_newlink+0x10/0x10 [ 856.049788][ T39] ? rcu_is_watching+0x15/0xb0 [ 856.049822][ T39] ? __lock_acquire+0xab9/0xd20 [ 856.049859][ T39] ? __lock_acquire+0xab9/0xd20 [ 856.049904][ T39] ? is_bpf_text_address+0x26/0x2b0 [ 856.049936][ T39] ? is_bpf_text_address+0x292/0x2b0 [ 856.049961][ T39] ? is_bpf_text_address+0x26/0x2b0 [ 856.050004][ T39] ? __lock_acquire+0xab9/0xd20 [ 856.050054][ T39] ? __pfx_rtnl_newlink+0x10/0x10 [ 856.050077][ T39] rtnetlink_rcv_msg+0x7cf/0xb70 [ 856.050099][ T39] ? __lock_acquire+0xab9/0xd20 [ 856.050126][ T39] ? rtnetlink_rcv_msg+0x1ab/0xb70 [ 856.050149][ T39] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 856.050188][ T39] netlink_rcv_skb+0x208/0x470 [ 856.050210][ T39] ? __lock_acquire+0xab9/0xd20 [ 856.050235][ T39] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 856.050259][ T39] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 856.050295][ T39] ? netlink_deliver_tap+0x2e/0x1b0 [ 856.050326][ T39] netlink_unicast+0x846/0xa10 [ 856.050357][ T39] ? __pfx_netlink_unicast+0x10/0x10 [ 856.050379][ T39] ? netlink_sendmsg+0x642/0xb30 [ 856.050401][ T39] ? skb_put+0x11b/0x210 [ 856.050431][ T39] netlink_sendmsg+0x805/0xb30 [ 856.050455][ T39] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 856.050483][ T39] ? __pfx_netlink_sendmsg+0x10/0x10 [ 856.050510][ T39] ? __lock_acquire+0xab9/0xd20 [ 856.050538][ T39] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 856.050557][ T39] ? __pfx_netlink_sendmsg+0x10/0x10 [ 856.050581][ T39] __sock_sendmsg+0x21c/0x270 [ 856.050607][ T39] ____sys_sendmsg+0x508/0x820 [ 856.050640][ T39] ? __pfx_____sys_sendmsg+0x10/0x10 [ 856.050677][ T39] ? import_iovec+0x74/0xa0 [ 856.050702][ T39] ___sys_sendmsg+0x21f/0x2a0 [ 856.050733][ T39] ? __pfx____sys_sendmsg+0x10/0x10 [ 856.050799][ T39] ? __pfx_vfs_read+0x10/0x10 [ 856.050833][ T39] __x64_sys_sendmsg+0x1a1/0x260 [ 856.050864][ T39] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 856.050902][ T39] ? __pfx_ksys_read+0x10/0x10 [ 856.050923][ T39] ? rcu_is_watching+0x15/0xb0 [ 856.050956][ T39] ? do_syscall_64+0xbe/0x3b0 [ 856.050992][ T39] do_syscall_64+0xfa/0x3b0 [ 856.051017][ T39] ? lockdep_hardirqs_on+0x9c/0x150 [ 856.051041][ T39] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 856.051060][ T39] ? clear_bhb_loop+0x60/0xb0 [ 856.051084][ T39] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 856.051108][ T39] RIP: 0033:0x7f6035b56407 [ 856.051128][ T39] RSP: 002b:00007ffe00be91a0 EFLAGS: 00000202 ORIG_RAX: 000000000000002e [ 856.051147][ T39] RAX: ffffffffffffffda RBX: 00007f6035acc740 RCX: 00007f6035b56407 [ 856.051161][ T39] RDX: 0000000000000000 RSI: 00007ffe00bfd380 RDI: 0000000000000004 [ 856.051174][ T39] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 856.051185][ T39] R10: 0000000000000000 R11: 0000000000000202 R12: 00007ffe00c0d5b0 [ 856.051197][ T39] R13: 00007f6035acc6c8 R14: 0000000000000030 R15: 00007ffe00bfd380 [ 856.051228][ T39] [ 856.051281][ T39] INFO: task syz.5.716:9322 blocked for more than 149 seconds. [ 856.051294][ T39] Not tainted syzkaller #0 [ 856.051303][ T39] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 856.051312][ T39] task:syz.5.716 state:D stack:27688 pid:9322 tgid:9321 ppid:8240 task_flags:0x400140 flags:0x00004004 [ 856.051366][ T39] Call Trace: [ 856.051372][ T39] [ 856.051383][ T39] __schedule+0x16f3/0x4c20 [ 856.051417][ T39] ? __lock_acquire+0xab9/0xd20 [ 856.051455][ T39] ? __pfx___schedule+0x10/0x10 [ 856.051496][ T39] ? _raw_spin_unlock_irq+0x23/0x50 [ 856.051523][ T39] rt_mutex_schedule+0x77/0xf0 [ 856.051542][ T39] rt_mutex_slowlock_block+0x5ba/0x6d0 [ 856.051562][ T39] ? task_blocks_on_rt_mutex+0xf12/0x1380 [ 856.051598][ T39] rt_mutex_slowlock+0x2b1/0x6e0 [ 856.051621][ T39] ? rt_mutex_slowlock+0x1c9/0x6e0 [ 856.051642][ T39] ? __pfx_rt_mutex_slowlock+0x10/0x10 [ 856.051660][ T39] ? __lock_acquire+0xab9/0xd20 [ 856.051695][ T39] ? rtnetlink_rcv_msg+0x71c/0xb70 [ 856.051731][ T39] ? rtnetlink_rcv_msg+0x71c/0xb70 [ 856.051752][ T39] mutex_lock_nested+0x16a/0x1d0 [ 856.051777][ T39] rtnetlink_rcv_msg+0x71c/0xb70 [ 856.051804][ T39] ? rtnetlink_rcv_msg+0x1ab/0xb70 [ 856.051827][ T39] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 856.051847][ T39] ? ref_tracker_free+0x61e/0x7c0 [ 856.051873][ T39] ? __asan_memcpy+0x40/0x70 [ 856.051893][ T39] ? __pfx_ref_tracker_free+0x10/0x10 [ 856.051916][ T39] ? __skb_clone+0x63/0x7a0 [ 856.051953][ T39] netlink_rcv_skb+0x208/0x470 [ 856.051983][ T39] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 856.052008][ T39] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 856.052043][ T39] ? netlink_deliver_tap+0x2e/0x1b0 [ 856.052075][ T39] netlink_unicast+0x846/0xa10 [ 856.052105][ T39] ? __pfx_netlink_unicast+0x10/0x10 [ 856.052128][ T39] ? netlink_sendmsg+0x642/0xb30 [ 856.052150][ T39] ? skb_put+0x11b/0x210 [ 856.052178][ T39] netlink_sendmsg+0x805/0xb30 [ 856.052212][ T39] ? __pfx_netlink_sendmsg+0x10/0x10 [ 856.052244][ T39] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 856.052263][ T39] ? __pfx_netlink_sendmsg+0x10/0x10 [ 856.052288][ T39] __sock_sendmsg+0x21c/0x270 [ 856.052312][ T39] ____sys_sendmsg+0x508/0x820 [ 856.052344][ T39] ? __pfx_____sys_sendmsg+0x10/0x10 [ 856.052382][ T39] ? import_iovec+0x74/0xa0 [ 856.052405][ T39] ___sys_sendmsg+0x21f/0x2a0 [ 856.052435][ T39] ? __pfx____sys_sendmsg+0x10/0x10 [ 856.052470][ T39] ? futex_wait+0x285/0x360 [ 856.052525][ T39] ? __lock_acquire+0xab9/0xd20 [ 856.052561][ T39] __x64_sys_sendmsg+0x1a1/0x260 [ 856.052592][ T39] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 856.052631][ T39] ? rcu_is_watching+0x15/0xb0 [ 856.052665][ T39] ? do_syscall_64+0xbe/0x3b0 [ 856.052695][ T39] do_syscall_64+0xfa/0x3b0 [ 856.052719][ T39] ? lockdep_hardirqs_on+0x9c/0x150 [ 856.052743][ T39] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 856.052761][ T39] ? clear_bhb_loop+0x60/0xb0 [ 856.052785][ T39] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 856.052803][ T39] RIP: 0033:0x7ff4bd4cebe9 [ 856.052818][ T39] RSP: 002b:00007ff4bb736038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 856.052836][ T39] RAX: ffffffffffffffda RBX: 00007ff4bd705fa0 RCX: 00007ff4bd4cebe9 [ 856.052850][ T39] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000000000000003 [ 856.052862][ T39] RBP: 00007ff4bd551e19 R08: 0000000000000000 R09: 0000000000000000 [ 856.052875][ T39] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 856.052886][ T39] R13: 00007ff4bd706038 R14: 00007ff4bd705fa0 R15: 00007ffe987724a8 [ 856.052917][ T39] [ 856.052924][ T39] INFO: task syz-executor:9325 blocked for more than 149 seconds. [ 856.052937][ T39] Not tainted syzkaller #0 [ 856.052945][ T39] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 856.052954][ T39] task:syz-executor state:D stack:26440 pid:9325 tgid:9325 ppid:1 task_flags:0x400140 flags:0x00004004 [ 856.053010][ T39] Call Trace: [ 856.053017][ T39] [ 856.053028][ T39] __schedule+0x16f3/0x4c20 [ 856.053077][ T39] ? __pfx___schedule+0x10/0x10 [ 856.053119][ T39] ? _raw_spin_unlock_irq+0x23/0x50 [ 856.053147][ T39] rt_mutex_schedule+0x77/0xf0 [ 856.053165][ T39] rt_mutex_slowlock_block+0x5ba/0x6d0 [ 856.053185][ T39] ? task_blocks_on_rt_mutex+0xf12/0x1380 [ 856.053222][ T39] rt_mutex_slowlock+0x2b1/0x6e0 [ 856.053245][ T39] ? rt_mutex_slowlock+0x1c9/0x6e0 [ 856.053265][ T39] ? __pfx_rt_mutex_slowlock+0x10/0x10 [ 856.053283][ T39] ? __lock_acquire+0xab9/0xd20 [ 856.053319][ T39] ? inet_rtm_newaddr+0x3b0/0x18b0 [ 856.053344][ T39] ? is_bpf_text_address+0x26/0x2b0 [ 856.053374][ T39] ? inet_rtm_newaddr+0x3b0/0x18b0 [ 856.053390][ T39] mutex_lock_nested+0x16a/0x1d0 [ 856.053415][ T39] inet_rtm_newaddr+0x3b0/0x18b0 [ 856.053443][ T39] ? __pfx_inet_rtm_newaddr+0x10/0x10 [ 856.053479][ T39] ? __pfx_inet_rtm_newaddr+0x10/0x10 [ 856.053497][ T39] rtnetlink_rcv_msg+0x7cf/0xb70 [ 856.053519][ T39] ? __lock_acquire+0xab9/0xd20 [ 856.053546][ T39] ? rtnetlink_rcv_msg+0x1ab/0xb70 [ 856.053569][ T39] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 856.053609][ T39] netlink_rcv_skb+0x208/0x470 [ 856.053630][ T39] ? __lock_acquire+0xab9/0xd20 [ 856.053655][ T39] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 856.053680][ T39] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 856.053715][ T39] ? netlink_deliver_tap+0x2e/0x1b0 [ 856.053748][ T39] netlink_unicast+0x846/0xa10 [ 856.053777][ T39] ? __pfx_netlink_unicast+0x10/0x10 [ 856.053800][ T39] ? netlink_sendmsg+0x642/0xb30 [ 856.053822][ T39] ? skb_put+0x11b/0x210 [ 856.053851][ T39] netlink_sendmsg+0x805/0xb30 [ 856.053885][ T39] ? __pfx_netlink_sendmsg+0x10/0x10 [ 856.053917][ T39] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 856.053936][ T39] ? __pfx_netlink_sendmsg+0x10/0x10 [ 856.053961][ T39] __sock_sendmsg+0x21c/0x270 [ 856.053991][ T39] __sys_sendto+0x3c7/0x520 [ 856.054019][ T39] ? __pfx___sys_sendto+0x10/0x10 [ 856.054071][ T39] ? exc_page_fault+0x76/0xf0 [ 856.054099][ T39] ? do_user_addr_fault+0xc8a/0x1390 [ 856.054127][ T39] __x64_sys_sendto+0xde/0x100 [ 856.054155][ T39] do_syscall_64+0xfa/0x3b0 [ 856.054181][ T39] ? lockdep_hardirqs_on+0x9c/0x150 [ 856.054205][ T39] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 856.054224][ T39] ? clear_bhb_loop+0x60/0xb0 [ 856.054264][ T39] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 856.054284][ T39] RIP: 0033:0x7f476f630a7c [ 856.054300][ T39] RSP: 002b:00007ffc373bad20 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 856.054320][ T39] RAX: ffffffffffffffda RBX: 00007f4770394620 RCX: 00007f476f630a7c [ 856.054335][ T39] RDX: 0000000000000028 RSI: 00007f4770394670 RDI: 0000000000000003 [ 856.054348][ T39] RBP: 0000000000000000 R08: 00007ffc373bad74 R09: 000000000000000c [ 856.054371][ T39] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003 [ 856.054383][ T39] R13: 0000000000000000 R14: 00007f4770394670 R15: 0000000000000000 [ 856.054431][ T39] [ 856.054472][ T39] [ 856.054472][ T39] Showing all locks held in the system: [ 856.054481][ T39] 4 locks held by kworker/0:0/9: [ 856.054492][ T39] #0: ffff88805ec08938 ((wq_completion)wg-kex-wg0#14){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 856.054547][ T39] #1: ffffc900000e7bc0 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __ptr = (unsigned long) ((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker)))); (typeof((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker))))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 856.054612][ T39] #2: ffffffff8d84a7a0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 856.054660][ T39] #3: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 856.054705][ T39] 4 locks held by kworker/0:1/10: [ 856.054714][ T39] #0: ffff888019899938 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 856.054763][ T39] #1: ffffc900000f7bc0 ((work_completion)(&(&tbl->gc_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 856.054811][ T39] #2: ffffffff8d84a7a0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 856.054857][ T39] #3: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 856.054905][ T39] 4 locks held by kworker/u8:0/12: [ 856.054915][ T39] #0: ffff88801a6f4138 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 856.054968][ T39] #1: ffffc90000117bc0 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 856.055015][ T39] #2: ffffffff8ecc5a20 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xf7/0x800 [ 856.055062][ T39] #3: ffffffff8ecd2938 (rtnl_mutex){+.+.}-{4:4}, at: default_device_exit_batch+0xdc/0x890 [ 856.055111][ T39] 7 locks held by kworker/u8:1/13: [ 856.055122][ T39] #0: ffff888019881138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 856.055170][ T39] #1: ffffc90000127bc0 ((work_completion)(&(&nsim_dev->trap_data->trap_report_dw)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 856.055219][ T39] #2: ffff88802413f300 (&devlink->lock_key#13){+.+.}-{4:4}, at: nsim_dev_trap_report_work+0x57/0xbc0 [ 856.055273][ T39] #3: ffff88805dac6520 (&nsim_trap_data->trap_lock){+.+.}-{3:3}, at: nsim_dev_trap_report_work+0x1ad/0xbc0 [ 856.055323][ T39] #4: ffffffff8d9a8bc0 (rcu_read_lock){....}-{1:3}, at: rt_spin_lock+0x1bb/0x2c0 [ 856.055366][ T39] #5: ffffffff8d84a7a0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 856.055412][ T39] #6: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 856.055460][ T39] 2 locks held by ksoftirqd/0/15: [ 856.055470][ T39] #0: ffffffff8d84a7a0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 856.055517][ T39] #1: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 856.055584][ T39] 2 locks held by rcuc/1/28: [ 856.055595][ T39] #0: ffffffff8d84a7a0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 856.055644][ T39] #1: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 856.055696][ T39] 6 locks held by ktimers/1/29: [ 856.055718][ T39] 2 locks held by ksoftirqd/1/30: [ 856.055728][ T39] #0: ffffffff8d84a7a0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 856.055793][ T39] #1: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 856.055841][ T39] 5 locks held by kworker/1:0/31: [ 856.055851][ T39] #0: ffff88805ceb7138 ((wq_completion)wg-kex-wg0#6){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 856.055904][ T39] #1: ffffc90000a5fbc0 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __ptr = (unsigned long) ((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker)))); (typeof((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker))))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 856.055974][ T39] #2: ffff8880387ba3c0 (&handshake->lock){++++}-{4:4}, at: wg_noise_handshake_begin_session+0x38/0xbe0 [ 856.056020][ T39] #3: ffffffff8d84a7a0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 856.056066][ T39] #4: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 856.056114][ T39] 5 locks held by kworker/u8:2/37: [ 856.056126][ T39] 1 lock held by khungtaskd/39: [ 856.056136][ T39] #0: ffffffff8d9a8bc0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180 [ 856.056181][ T39] 5 locks held by kworker/u8:3/57: [ 856.056192][ T39] #0: ffff888019881138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 856.056239][ T39] #1: ffffc9000123fbc0 ((work_completion)(&rdev->wiphy_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 856.056287][ T39] #2: ffff888051530898 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: cfg80211_wiphy_work+0xc4/0x470 [ 856.056335][ T39] #3: ffffffff8d84a7a0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 856.056382][ T39] #4: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 856.056429][ T39] 5 locks held by kworker/u9:0/59: [ 856.056440][ T39] #0: ffff888036f3b938 ((wq_completion)hci4){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 856.056487][ T39] #1: ffffc9000125fbc0 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 856.056534][ T39] #2: ffff88801a340e80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_cmd_sync_work+0x1d4/0x3a0 [ 856.056577][ T39] #3: ffff88801a3400a8 (&hdev->lock){+.+.}-{4:4}, at: hci_abort_conn_sync+0x242/0xe30 [ 856.056624][ T39] #4: ffffffff8ee3a2b8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_failed+0x165/0x310 [ 856.056673][ T39] 7 locks held by kworker/u8:4/67: [ 856.056683][ T39] #0: ffff888019881138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 856.056730][ T39] #1: ffffc9000152fbc0 ((work_completion)(&(&nsim_dev->trap_data->trap_report_dw)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 856.056779][ T39] #2: ffff888038623300 (&devlink->lock_key#2){+.+.}-{4:4}, at: nsim_dev_trap_report_work+0x57/0xbc0 [ 856.056832][ T39] #3: ffff88805eb36920 (&nsim_trap_data->trap_lock){+.+.}-{3:3}, at: nsim_dev_trap_report_work+0x1ad/0xbc0 [ 856.056882][ T39] #4: ffffffff8d9a8bc0 (rcu_read_lock){....}-{1:3}, at: rt_spin_lock+0x1bb/0x2c0 [ 856.056924][ T39] #5: ffffffff8d84a7a0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 856.056976][ T39] #6: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 856.057041][ T39] 3 locks held by kworker/u8:5/70: [ 856.057052][ T39] #0: ffff888019881138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 856.057103][ T39] #1: ffffc9000155fbc0 ((linkwatch_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 856.057153][ T39] #2: ffffffff8ecd2938 (rtnl_mutex){+.+.}-{4:4}, at: linkwatch_event+0xe/0x60 [ 856.057212][ T39] 4 locks held by kworker/u8:6/772: [ 856.057223][ T39] #0: ffff88805d22a138 ((wq_completion)wg-kex-wg0#9){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 856.057278][ T39] #1: ffffc9000437fbc0 ((work_completion)(&peer->transmit_handshake_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 856.057330][ T39] #2: ffffffff8d84a7a0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 856.057379][ T39] #3: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 856.075219][ T39] 4 locks held by kworker/1:2/991: [ 856.075239][ T39] #0: ffff88805ec08938 ((wq_completion)wg-kex-wg0#14){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 856.075299][ T39] #1: ffffc900049efbc0 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __ptr = (unsigned long) ((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker)))); (typeof((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker))))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 856.075365][ T39] #2: ffffffff8d84a7a0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 856.075412][ T39] #3: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 856.075463][ T39] 5 locks held by kworker/u8:8/1121: [ 856.075474][ T39] #0: ffff888019881138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 856.075522][ T39] #1: ffffc90004d6fbc0 ((work_completion)(&rdev->wiphy_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 856.075570][ T39] #2: ffff88804b180898 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: cfg80211_wiphy_work+0xc4/0x470 [ 856.075618][ T39] #3: ffffffff8d84a7a0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 856.075664][ T39] #4: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 856.075711][ T39] 4 locks held by kworker/u8:9/1184: [ 856.075722][ T39] #0: ffff888030c22138 ((wq_completion)bat_events){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 856.075770][ T39] #1: ffffc90004fbfbc0 ((work_completion)(&(&bat_priv->nc.work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 856.075820][ T39] #2: ffffffff8d84a7a0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 856.075866][ T39] #3: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 856.075916][ T39] 5 locks held by kworker/u8:11/1406: [ 856.075926][ T39] #0: ffff888019881138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 856.075998][ T39] #1: ffffc900054dfbc0 ((work_completion)(&rdev->wiphy_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 856.076050][ T39] #2: ffff8880616c0898 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: cfg80211_wiphy_work+0xc4/0x470 [ 856.076099][ T39] #3: ffffffff8d84a7a0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 856.076149][ T39] #4: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 856.076199][ T39] 7 locks held by kworker/u8:12/1802: [ 856.076210][ T39] #0: ffff888019881138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 856.076262][ T39] #1: ffffc90005dafbc0 ((work_completion)(&(&nsim_dev->trap_data->trap_report_dw)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 856.076315][ T39] #2: ffff8880489f4300 (&devlink->lock_key#5){+.+.}-{4:4}, at: nsim_dev_trap_report_work+0x57/0xbc0 [ 856.076373][ T39] #3: ffff88802932ad20 (&nsim_trap_data->trap_lock){+.+.}-{3:3}, at: nsim_dev_trap_report_work+0x1ad/0xbc0 [ 856.076426][ T39] #4: ffffffff8d9a8bc0 (rcu_read_lock){....}-{1:3}, at: rt_spin_lock+0x1bb/0x2c0 [ 856.076472][ T39] #5: ffffffff8d84a7a0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 856.076521][ T39] #6: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 856.076585][ T39] 1 lock held by syslogd/5189: [ 856.076596][ T39] #0: ffff888148ccec98 (&ei->socket.wq.wait){+.+.}-{3:3}, at: finish_wait+0xbf/0x1f0 [ 856.076646][ T39] 3 locks held by klogd/5196: [ 856.076658][ T39] 1 lock held by dhcpcd/5502: [ 856.076669][ T39] #0: ffffffff8ecd2938 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x8db/0x1c70 [ 856.076720][ T39] 2 locks held by getty/5602: [ 856.076730][ T39] #0: ffff88823bf648a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 856.076784][ T39] #1: ffffc90003e762e0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x444/0x1410 [ 856.076833][ T39] 3 locks held by syz-executor/5827: [ 856.076845][ T39] #0: ffff88802817b110 (sk_lock-AF_INET){+.+.}-{0:0}, at: tcp_recvmsg+0xd3/0x560 [ 856.076893][ T39] #1: ffffffff8d84a7a0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 856.076943][ T39] #2: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 856.077002][ T39] 6 locks held by kworker/u9:6/5855: [ 856.077013][ T39] #0: ffff88805493c938 ((wq_completion)hci2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 856.077063][ T39] #1: ffffc90004a9fbc0 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 856.077114][ T39] #2: ffff88805bd7ce80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_cmd_sync_work+0x1d4/0x3a0 [ 856.077159][ T39] #3: ffff88805bd7c0a8 (&hdev->lock){+.+.}-{4:4}, at: hci_abort_conn_sync+0x242/0xe30 [ 856.077220][ T39] #4: ffffffff8ee3a2b8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_failed+0x165/0x310 [ 856.077268][ T39] #5: ffff8880236f0358 (&conn->lock#2){+.+.}-{4:4}, at: l2cap_conn_del+0x70/0x680 [ 856.077323][ T39] 4 locks held by kworker/0:4/5918: [ 856.077334][ T39] #0: ffff88805d183138 ((wq_completion)wg-kex-wg0#10){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 856.077387][ T39] #1: ffffc90004eefbc0 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __ptr = (unsigned long) ((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker)))); (typeof((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker))))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 856.094084][ T39] #2: ffffffff8d84a7a0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 856.094135][ T39] #3: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 856.094186][ T39] 4 locks held by kworker/0:5/5982: [ 856.094197][ T39] #0: ffff88805d41c138 ((wq_completion)wg-kex-wg2#10){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 856.094250][ T39] #1: ffffc9000525fbc0 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __ptr = (unsigned long) ((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker)))); (typeof((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker))))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 856.094316][ T39] #2: ffffffff8d84a7a0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 856.094363][ T39] #3: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 856.094411][ T39] 5 locks held by kworker/u8:14/6043: [ 856.094422][ T39] #0: ffff888019881138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 856.094469][ T39] #1: ffffc900053dfbc0 ((work_completion)(&rdev->wiphy_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 856.094518][ T39] #2: ffff888049d20898 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: cfg80211_wiphy_work+0xc4/0x470 [ 856.094566][ T39] #3: ffffffff8d84a7a0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 856.094612][ T39] #4: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 856.094660][ T39] 5 locks held by kworker/u8:15/6046: [ 856.094671][ T39] #0: ffff888019881138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 856.094719][ T39] #1: ffffc9000548fbc0 ((work_completion)(&rdev->wiphy_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 856.094767][ T39] #2: ffff88803bce0898 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: cfg80211_wiphy_work+0xc4/0x470 [ 856.094814][ T39] #3: ffffffff8d84a7a0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 856.094861][ T39] #4: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 856.094908][ T39] 6 locks held by kworker/u8:16/6051: [ 856.094919][ T39] #0: ffff88814d7ca938 ((wq_completion)krdsd){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 856.094972][ T39] #1: ffffc90005cefbc0 ((work_completion)(&(&cp->cp_conn_w)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 856.095020][ T39] #2: ffff888037819538 (&tc->t_conn_path_lock){+.+.}-{4:4}, at: rds_tcp_conn_path_connect+0x15e/0x680 [ 856.095065][ T39] #3: ffff888031f04050 (k-sk_lock-AF_INET){+.+.}-{0:0}, at: __inet_bind+0x392/0xa90 [ 856.095107][ T39] #4: ffffffff8d84a7a0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 856.095154][ T39] #5: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 856.095202][ T39] 2 locks held by kworker/0:6/6055: [ 856.095213][ T39] 2 locks held by kworker/u8:17/6191: [ 856.095223][ T39] #0: ffff888147e8d138 ((wq_completion)iou_exit){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 856.095271][ T39] #1: ffffc90005ee7bc0 ((work_completion)(&ctx->exit_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 856.095320][ T39] 5 locks held by kworker/u8:18/6847: [ 856.095331][ T39] #0: ffff888019881138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 856.095379][ T39] #1: ffffc9000515fbc0 ((work_completion)(&rdev->wiphy_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 856.095426][ T39] #2: ffff88804b320898 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: cfg80211_wiphy_work+0xc4/0x470 [ 856.095473][ T39] #3: ffffffff8d84a7a0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 856.095520][ T39] #4: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 856.095568][ T39] 5 locks held by kworker/u9:1/7523: [ 856.095578][ T39] #0: ffff88802a999138 ((wq_completion)hci6){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 856.095625][ T39] #1: ffffc9000407fbc0 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 856.095673][ T39] #2: ffff88804d164e80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_cmd_sync_work+0x1d4/0x3a0 [ 856.095715][ T39] #3: ffff88804d1640a8 (&hdev->lock){+.+.}-{4:4}, at: hci_abort_conn_sync+0x242/0xe30 [ 856.095763][ T39] #4: ffffffff8ee3a2b8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_failed+0x165/0x310 [ 856.095817][ T39] 2 locks held by syz-executor/8799: [ 856.095828][ T39] #0: ffff888038f00e80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_unregister_dev+0x212/0x510 [ 856.095872][ T39] #1: ffff888038f000a8 (&hdev->lock){+.+.}-{4:4}, at: hci_dev_close_sync+0x66a/0x1330 [ 856.095922][ T39] 2 locks held by syz-executor/9152: [ 856.095932][ T39] #0: ffffffff8f1f2b30 (&ops->srcu#2){.+.+}-{0:0}, at: rtnl_link_ops_get+0x23/0x250 [ 856.095991][ T39] #1: ffffffff8ecd2938 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x8db/0x1c70 [ 856.096040][ T39] 1 lock held by syz.5.716/9322: [ 856.096050][ T39] #0: ffffffff8ecd2938 (rtnl_mutex){+.+.}-{4:4}, at: rtnetlink_rcv_msg+0x71c/0xb70 [ 856.096098][ T39] 1 lock held by syz-executor/9325: [ 856.096108][ T39] #0: ffffffff8ecd2938 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 856.096149][ T39] 1 lock held by syz-executor/9372: [ 856.096160][ T39] #0: ffffffff8ecd2938 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 856.096202][ T39] 4 locks held by kworker/0:8/9374: [ 856.096212][ T39] #0: ffff888019899938 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 856.096261][ T39] #1: ffffc900051ffbc0 ((work_completion)(&(&gc->dwork)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 856.096310][ T39] #2: ffffffff8d84a7a0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 856.096357][ T39] #3: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 856.096405][ T39] 3 locks held by syz.4.735/9380: [ 856.096416][ T39] #0: ffffffff8ed38940 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40 [ 856.096487][ T39] #1: ffffffff8ed38738 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x10d/0x790 [ 856.096564][ T39] #2: ffffffff8ecd2938 (rtnl_mutex){+.+.}-{4:4}, at: nl802154_pre_doit+0xbc/0xa00 [ 856.096618][ T39] 3 locks held by kworker/u8:21/9398: [ 856.096629][ T39] #0: ffff88802fbef938 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 856.096681][ T39] #1: ffffc9000480fbc0 ((work_completion)(&(&net->ipv6.addr_chk_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 856.096734][ T39] #2: ffffffff8ecd2938 (rtnl_mutex){+.+.}-{4:4}, at: addrconf_verify_work+0x19/0x30 [ 856.096780][ T39] 6 locks held by kworker/u8:23/9402: [ 856.096791][ T39] #0: ffff88805d0ce138 ((wq_completion)wg-kex-wg2#5){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 856.096847][ T39] #1: ffffc90004a3fbc0 ((work_completion)(&peer->transmit_handshake_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 856.096898][ T39] #2: ffff888035fb55f8 (&wg->static_identity.lock){++++}-{4:4}, at: wg_noise_handshake_create_initiation+0x10a/0x7e0 [ 856.096947][ T39] #3: ffff8880387bd8b8 (&handshake->lock){++++}-{4:4}, at: wg_noise_handshake_create_initiation+0x11b/0x7e0 [ 856.097010][ T39] #4: ffffffff8d84a7a0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 856.097056][ T39] #5: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 856.097104][ T39] 4 locks held by kworker/0:10/9403: [ 856.097116][ T39] 4 locks held by kworker/1:6/9405: [ 856.097126][ T39] #0: ffff888019899138 ((wq_completion)events_long){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 856.097193][ T39] #1: ffffc9000440fbc0 ((work_completion)(&(&ipvs->defense_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 856.097244][ T39] #2: ffffffff8d84a7a0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 856.097294][ T39] #3: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 856.097346][ T39] 4 locks held by kworker/0:12/9409: [ 856.097357][ T39] #0: ffff88805ced4938 ((wq_completion)wg-kex-wg1#10){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 856.097412][ T39] #1: ffffc90004e4fbc0 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __ptr = (unsigned long) ((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker)))); (typeof((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker))))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 856.102319][ T39] #2: ffffffff8d84a7a0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 856.102371][ T39] #3: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 856.102424][ T39] 4 locks held by kworker/u9:2/9411: [ 856.102436][ T39] #0: ffff888060581138 ((wq_completion)hci9#2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 856.102491][ T39] #1: ffffc9000428fbc0 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 856.102543][ T39] #2: ffff8880666d00a8 (&hdev->lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x9b/0x8e0 [ 856.102590][ T39] #3: ffffffff8ee3a2b8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x516/0x8e0 [ 856.102638][ T39] 6 locks held by kworker/u8:26/9414: [ 856.102650][ T39] #0: ffff888064028138 ((wq_completion)wg-kex-wg2#13){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 856.102706][ T39] #1: ffffc900041afbc0 ((work_completion)(&peer->transmit_handshake_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 856.102758][ T39] #2: ffff888028e395f8 (&wg->static_identity.lock){++++}-{4:4}, at: wg_noise_handshake_create_initiation+0x10a/0x7e0 [ 856.102806][ T39] #3: ffff88803b589928 (&handshake->lock){++++}-{4:4}, at: wg_noise_handshake_create_initiation+0x11b/0x7e0 [ 856.102852][ T39] #4: ffffffff8d84a7a0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 856.102902][ T39] #5: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 856.102953][ T39] 8 locks held by kworker/0:13/9415: [ 856.102971][ T39] 4 locks held by kworker/u9:3/9417: [ 856.102982][ T39] #0: ffff888036f37938 ((wq_completion)hci10#2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 856.103035][ T39] #1: ffffc90004fafbc0 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 856.103085][ T39] #2: ffff88806eed00a8 (&hdev->lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x9b/0x8e0 [ 856.103131][ T39] #3: ffffffff8ee3a2b8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x516/0x8e0 [ 856.103180][ T39] 1 lock held by syz-executor/9424: [ 856.103191][ T39] #0: ffffffff8ecd2938 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 856.103236][ T39] 4 locks held by kworker/u9:5/9427: [ 856.103248][ T39] #0: ffff88803437b938 ((wq_completion)hci11#2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 856.103302][ T39] #1: ffffc9000401fbc0 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 856.103353][ T39] #2: ffff8880632300a8 (&hdev->lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x9b/0x8e0 [ 856.103399][ T39] #3: ffffffff8ee3a2b8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x516/0x8e0 [ 856.103454][ T39] 1 lock held by syz-executor/9429: [ 856.103465][ T39] #0: ffffffff8ecd2938 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 856.103506][ T39] 3 locks held by udevd/9431: [ 856.103516][ T39] #0: ffff88805e35d378 (&sb->s_type->i_mutex_key#10){+.+.}-{4:4}, at: sock_close+0x9b/0x240 [ 856.103564][ T39] #1: ffffffff8d84a7a0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 856.103610][ T39] #2: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 856.103657][ T39] 2 locks held by syz-executor/9432: [ 856.103669][ T39] 1 lock held by syz-executor/9435: [ 856.103679][ T39] #0: ffff888075da4e80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_dev_open+0x1f3/0x300 [ 856.103728][ T39] 3 locks held by udevd/9437: [ 856.103737][ T39] #0: ffff88805e359d78 (&sb->s_type->i_mutex_key#10){+.+.}-{4:4}, at: sock_close+0x9b/0x240 [ 856.103784][ T39] #1: ffffffff8d84a7a0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 856.103830][ T39] #2: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 856.103880][ T39] [ 856.103885][ T39] ============================================= [ 856.103885][ T39] [ 856.103920][ T39] NMI backtrace for cpu 1 [ 856.103947][ T39] CPU: 1 UID: 0 PID: 39 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 856.103979][ T39] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 856.103990][ T39] Call Trace: [ 856.103997][ T39] [ 856.104006][ T39] dump_stack_lvl+0x189/0x250 [ 856.104039][ T39] ? __pfx_dump_stack_lvl+0x10/0x10 [ 856.104067][ T39] ? __pfx__printk+0x10/0x10 [ 856.104102][ T39] nmi_cpu_backtrace+0x39e/0x3d0 [ 856.104128][ T39] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 856.104152][ T39] ? __pfx__printk+0x10/0x10 [ 856.104178][ T39] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 856.104205][ T39] nmi_trigger_cpumask_backtrace+0x17a/0x300 [ 856.104230][ T39] watchdog+0xf93/0xfe0 [ 856.104261][ T39] ? watchdog+0x1de/0xfe0 [ 856.104292][ T39] kthread+0x70e/0x8a0 [ 856.104325][ T39] ? __pfx_watchdog+0x10/0x10 [ 856.104349][ T39] ? __pfx_kthread+0x10/0x10 [ 856.104384][ T39] ? __pfx_kthread+0x10/0x10 [ 856.104414][ T39] ret_from_fork+0x3f9/0x770 [ 856.104442][ T39] ? __pfx_ret_from_fork+0x10/0x10 [ 856.104475][ T39] ? __switch_to_asm+0x39/0x70 [ 856.104492][ T39] ? __switch_to_asm+0x33/0x70 [ 856.104508][ T39] ? __pfx_kthread+0x10/0x10 [ 856.104540][ T39] ret_from_fork_asm+0x1a/0x30 [ 856.104574][ T39] [ 856.104581][ T39] Sending NMI from CPU 1 to CPUs 0: [ 856.104606][ C0] NMI backtrace for cpu 0 [ 856.104620][ C0] CPU: 0 UID: 0 PID: 9403 Comm: kworker/0:10 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 856.104640][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 856.104652][ C0] Workqueue: wg-crypt-wg0 wg_packet_decrypt_worker [ 856.104674][ C0] RIP: 0010:unwind_next_frame+0x99/0x2390 [ 856.104700][ C0] Code: c1 ec 03 41 0f b6 04 2c 84 c0 0f 85 de 1b 00 00 41 8b 06 85 c0 0f 84 32 02 00 00 89 84 24 84 00 00 00 4c 89 bc 24 90 00 00 00 a2 10 33 00 4c 8d 3d 00 00 00 00 48 c7 c7 c0 8b 9a 8d 31 f6 31 [ 856.104728][ C0] RSP: 0018:ffffc900047ae338 EFLAGS: 00000202 [ 856.104742][ C0] RAX: 0000000000000001 RBX: ffffffff81331f6a RCX: e81eaffda1e9af00 [ 856.104754][ C0] RDX: dffffc0000000000 RSI: ffffffff81331f6a RDI: ffffc900047ae408 [ 856.104767][ C0] RBP: dffffc0000000000 R08: ffffc900047ae4d0 R09: 0000000000000016 [ 856.104779][ C0] R10: ffffc900047ae458 R11: ffffffff81aae2f0 R12: 1ffff920008f5c81 [ 856.104792][ C0] R13: ffffc900047ae440 R14: ffffc900047ae408 R15: ffffc900047aff58 [ 856.104805][ C0] FS: 0000000000000000(0000) GS:ffff8881268c1000(0000) knlGS:0000000000000000 [ 856.104818][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 856.104830][ C0] CR2: 00007f176ef9a836 CR3: 0000000075950000 CR4: 00000000003526f0 [ 856.104845][ C0] Call Trace: [ 856.104851][ C0] [ 856.104861][ C0] ? unwind_next_frame+0xa5/0x2390 [ 856.104885][ C0] ? ret_from_fork+0x3f9/0x770 [ 856.104908][ C0] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 856.104938][ C0] arch_stack_walk+0x11c/0x150 [ 856.104965][ C0] ? ret_from_fork_asm+0x1a/0x30 [ 856.104982][ C0] stack_trace_save+0x9c/0xe0 [ 856.104998][ C0] ? __pfx_stack_trace_save+0x10/0x10 [ 856.105013][ C0] ? kasan_save_free_info+0x46/0x50 [ 856.105028][ C0] ? consume_skb+0x9e/0xf0 [ 856.105047][ C0] ? nft_synproxy_eval_v4+0x376/0x560 [ 856.105072][ C0] ? nft_synproxy_do_eval+0x345/0x570 [ 856.105097][ C0] ? __lock_acquire+0xab9/0xd20 [ 856.105118][ C0] kasan_save_track+0x3e/0x80 [ 856.105135][ C0] ? kasan_save_track+0x3e/0x80 [ 856.105151][ C0] ? kasan_save_free_info+0x46/0x50 [ 856.105163][ C0] ? __kasan_slab_free+0x5b/0x80 [ 856.105181][ C0] ? kmem_cache_free+0x195/0x510 [ 856.105201][ C0] ? nft_synproxy_eval_v4+0x376/0x560 [ 856.105224][ C0] ? nft_synproxy_do_eval+0x345/0x570 [ 856.105247][ C0] ? nft_do_chain+0x40c/0x1920 [ 856.105269][ C0] ? nft_do_chain_inet+0x25d/0x340 [ 856.105292][ C0] ? nf_hook_slow+0xc2/0x220 [ 856.105310][ C0] ? NF_HOOK+0x206/0x3a0 [ 856.105327][ C0] ? NF_HOOK+0x309/0x3a0 [ 856.105344][ C0] ? __netif_receive_skb+0x143/0x380 [ 856.105360][ C0] ? process_backlog+0x31e/0x900 [ 856.105377][ C0] ? __napi_poll+0xb3/0x540 [ 856.105391][ C0] ? net_rx_action+0x707/0xe00 [ 856.105408][ C0] ? handle_softirqs+0x22f/0x710 [ 856.105426][ C0] ? __local_bh_enable_ip+0x179/0x270 [ 856.105444][ C0] ? wg_packet_decrypt_worker+0x2e0/0xce0 [ 856.105463][ C0] ? process_scheduled_works+0xade/0x17b0 [ 856.105481][ C0] ? worker_thread+0x8a0/0xda0 [ 856.105499][ C0] ? kthread+0x70e/0x8a0 [ 856.105520][ C0] ? ret_from_fork+0x3f9/0x770 [ 856.105538][ C0] ? ret_from_fork_asm+0x1a/0x30 [ 856.105571][ C0] kasan_save_free_info+0x46/0x50 [ 856.105584][ C0] __kasan_slab_free+0x5b/0x80 [ 856.105603][ C0] ? nft_synproxy_eval_v4+0x376/0x560 [ 856.105625][ C0] kmem_cache_free+0x195/0x510 [ 856.105649][ C0] nft_synproxy_eval_v4+0x376/0x560 [ 856.105676][ C0] ? __pfx_nft_synproxy_eval_v4+0x10/0x10 [ 856.105702][ C0] ? nf_ip_checksum+0x13c/0x510 [ 856.105732][ C0] nft_synproxy_do_eval+0x345/0x570 [ 856.105758][ C0] ? __pfx_nft_synproxy_do_eval+0x10/0x10 [ 856.105791][ C0] nft_do_chain+0x40c/0x1920 [ 856.105815][ C0] ? __pfx_nft_do_chain+0x10/0x10 [ 856.105837][ C0] ? do_raw_spin_lock+0x121/0x290 [ 856.105859][ C0] ? __pfx_nft_do_chain+0x10/0x10 [ 856.105901][ C0] nft_do_chain_inet+0x25d/0x340 [ 856.105924][ C0] ? __pfx_nft_do_chain_inet+0x10/0x10 [ 856.105946][ C0] ? __lock_acquire+0xab9/0xd20 [ 856.105972][ C0] ? NF_HOOK+0x9a/0x3a0 [ 856.105990][ C0] ? __pfx_nft_do_chain_inet+0x10/0x10 [ 856.106015][ C0] nf_hook_slow+0xc2/0x220 [ 856.106037][ C0] NF_HOOK+0x206/0x3a0 [ 856.106056][ C0] ? __pfx_ip_local_deliver_finish+0x10/0x10 [ 856.106075][ C0] ? NF_HOOK+0x9a/0x3a0 [ 856.106092][ C0] ? __pfx_NF_HOOK+0x10/0x10 [ 856.106109][ C0] ? ip_rcv_finish_core+0xda3/0x1c00 [ 856.106130][ C0] ? __pfx_ip_local_deliver_finish+0x10/0x10 [ 856.106150][ C0] ? skb_dst+0x4f/0xd0 [ 856.106169][ C0] ? ip_local_deliver+0x12a/0x1b0 [ 856.106189][ C0] NF_HOOK+0x309/0x3a0 [ 856.106208][ C0] ? __pfx_ip_rcv_finish+0x10/0x10 [ 856.106227][ C0] ? NF_HOOK+0x9a/0x3a0 [ 856.106261][ C0] ? __pfx_NF_HOOK+0x10/0x10 [ 856.106281][ C0] ? __pfx_ip_rcv_finish+0x10/0x10 [ 856.106307][ C0] ? __pfx_ip_rcv+0x10/0x10 [ 856.106325][ C0] __netif_receive_skb+0x143/0x380 [ 856.106342][ C0] ? rt_spin_unlock+0x65/0x80 [ 856.106362][ C0] ? process_backlog+0x27b/0x900 [ 856.106380][ C0] process_backlog+0x31e/0x900 [ 856.106406][ C0] __napi_poll+0xb3/0x540 [ 856.106425][ C0] net_rx_action+0x707/0xe00 [ 856.106455][ C0] ? __pfx_net_rx_action+0x10/0x10 [ 856.106476][ C0] ? kvm_sched_clock_read+0x11/0x20 [ 856.106501][ C0] ? __pfx_sched_clock_cpu+0x10/0x10 [ 856.106525][ C0] handle_softirqs+0x22f/0x710 [ 856.106550][ C0] ? __pfx_handle_softirqs+0x10/0x10 [ 856.106577][ C0] __local_bh_enable_ip+0x179/0x270 [ 856.106596][ C0] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 856.106617][ C0] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 856.106642][ C0] wg_packet_decrypt_worker+0x2e0/0xce0 [ 856.106668][ C0] ? wg_packet_decrypt_worker+0xcd/0xce0 [ 856.106688][ C0] ? finish_task_switch+0x18b/0x950 [ 856.106719][ C0] ? __pfx_wg_packet_decrypt_worker+0x10/0x10 [ 856.106741][ C0] ? rcu_is_watching+0x15/0xb0 [ 856.106786][ C0] ? trace_pelt_se_tp+0x39/0x130 [ 856.106807][ C0] ? __update_load_avg_se+0x751/0xbc0 [ 856.106840][ C0] ? update_se+0x91/0x5f0 [ 856.106863][ C0] ? enqueue_task+0x345/0x420 [ 856.106886][ C0] ? look_up_lock_class+0x74/0x170 [ 856.106910][ C0] ? register_lock_class+0x51/0x320 [ 856.106936][ C0] ? __lock_acquire+0xab9/0xd20 [ 856.106965][ C0] ? process_scheduled_works+0x9ef/0x17b0 [ 856.106990][ C0] ? _raw_spin_unlock_irq+0x23/0x50 [ 856.107013][ C0] ? process_scheduled_works+0x9ef/0x17b0 [ 856.107034][ C0] ? process_scheduled_works+0x9ef/0x17b0 [ 856.107056][ C0] process_scheduled_works+0xade/0x17b0 [ 856.107094][ C0] ? __pfx_process_scheduled_works+0x10/0x10 [ 856.107125][ C0] worker_thread+0x8a0/0xda0 [ 856.107149][ C0] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 856.107178][ C0] ? __kthread_parkme+0x7b/0x200 [ 856.107206][ C0] kthread+0x70e/0x8a0 [ 856.107234][ C0] ? __pfx_worker_thread+0x10/0x10 [ 856.107256][ C0] ? __pfx_kthread+0x10/0x10 [ 856.107285][ C0] ? __pfx_kthread+0x10/0x10 [ 856.107311][ C0] ret_from_fork+0x3f9/0x770 [ 856.107335][ C0] ? __pfx_ret_from_fork+0x10/0x10 [ 856.107361][ C0] ? __switch_to_asm+0x39/0x70 [ 856.107377][ C0] ? __switch_to_asm+0x33/0x70 [ 856.107392][ C0] ? __pfx_kthread+0x10/0x10 [ 856.107419][ C0] ret_from_fork_asm+0x1a/0x30 [ 856.107449][ C0] [ 857.117536][ T39] Kernel panic - not syncing: hung_task: blocked tasks [ 857.117557][ T39] CPU: 0 UID: 0 PID: 39 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 857.117575][ T39] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 857.117585][ T39] Call Trace: [ 857.117591][ T39] [ 857.117598][ T39] dump_stack_lvl+0x99/0x250 [ 857.117647][ T39] ? __asan_memcpy+0x40/0x70 [ 857.117666][ T39] ? __pfx_dump_stack_lvl+0x10/0x10 [ 857.117690][ T39] ? __pfx__printk+0x10/0x10 [ 857.117722][ T39] vpanic+0x281/0x750 [ 857.117752][ T39] ? __pfx_vpanic+0x10/0x10 [ 857.117776][ T39] ? preempt_schedule+0xae/0xc0 [ 857.117800][ T39] ? preempt_schedule_common+0x83/0xd0 [ 857.117828][ T39] panic+0xb9/0xc0 [ 857.117854][ T39] ? __pfx_panic+0x10/0x10 [ 857.117894][ T39] ? preempt_schedule_thunk+0x16/0x30 [ 857.117924][ T39] ? nmi_trigger_cpumask_backtrace+0x2bb/0x300 [ 857.117948][ T39] watchdog+0xfd2/0xfe0 [ 857.117976][ T39] ? watchdog+0x1de/0xfe0 [ 857.118005][ T39] kthread+0x70e/0x8a0 [ 857.118036][ T39] ? __pfx_watchdog+0x10/0x10 [ 857.118059][ T39] ? __pfx_kthread+0x10/0x10 [ 857.118092][ T39] ? __pfx_kthread+0x10/0x10 [ 857.118120][ T39] ret_from_fork+0x3f9/0x770 [ 857.118148][ T39] ? __pfx_ret_from_fork+0x10/0x10 [ 857.118181][ T39] ? __switch_to_asm+0x39/0x70 [ 857.118198][ T39] ? __switch_to_asm+0x33/0x70 [ 857.118216][ T39] ? __pfx_kthread+0x10/0x10 [ 857.118243][ T39] ret_from_fork_asm+0x1a/0x30 [ 857.118271][ T39] [ 857.119372][ T39] Kernel Offset: disabled