last executing test programs: 3m19.535115172s ago: executing program 2 (id=857): add_key(&(0x7f0000000000)='big_key\x00', 0x0, &(0x7f0000000080)="ae", 0xfffff, 0xffffffffffffffff) 3m19.091407144s ago: executing program 2 (id=860): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, 0x0, 0x0) write$FUSE_DIRENTPLUS(r2, &(0x7f0000000440)=ANY=[@ANYBLOB="b0000000000000ab284dc9a94095f54e34f11a5a480d2115805745f8a24d"], 0xb0) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) creat(&(0x7f0000000440)='./file0/file0\x00', 0x188) 3m18.210740975s ago: executing program 2 (id=864): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002}) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r2 = dup3(r1, r0, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(0xffffffffffffffff, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000001040)={0x4c, 0x0, &(0x7f0000000ec0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x41, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000740)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x400}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000c00)={0x44, 0x0, &(0x7f0000000a80)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x21, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 3m17.990527702s ago: executing program 2 (id=868): fanotify_init(0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) epoll_create1(0x0) getsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, 0x0, 0x0) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) ioctl$sock_SIOCGIFVLAN_ADD_VLAN_CMD(r0, 0x8982, &(0x7f00000006c0)={0x0, 'bridge0\x00', {0x101}, 0x2}) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x2241, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x68010}, 0x0) sendmsg$nl_route(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000700)=ANY=[@ANYBLOB="300000001000010800"/20, @ANYRES32=0x0, @ANYBLOB="000900006440000008001b00000000000500100004"], 0x30}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=@newqdisc={0x54, 0x10, 0x1, 0x70bd25, 0x25dfdbfc, {0x6, 0x0, 0x8100, 0x0, {0x1, 0xfff3}, {0xfff1}, {0xe, 0x10}}, [@TCA_INGRESS_BLOCK={0x8, 0xd, 0x6}, @TCA_STAB={0x28, 0x8, 0x0, 0x1, [{{0x1c, 0x11, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x2}}, {0x8, 0x1b, [0x0, 0x0]}}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x400c800}, 0x0) 3m17.222516644s ago: executing program 2 (id=870): mkdir(&(0x7f00000002c0)='./file0\x00', 0x2) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000480)='./file0\x00', 0x80101) move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x10) chroot(&(0x7f0000000780)='./file0\x00') r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x89901) move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f00000001c0)='./file0/../file0/../file0/../file0/file0\x00', 0x0) 3m16.711446199s ago: executing program 2 (id=873): syz_open_dev$sg(&(0x7f00000002c0), 0x0, 0x40283) socket$nl_generic(0x10, 0x3, 0x10) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000340)={0x38, 0x6, 0x8, 0x8001, 0x0, 0x9, 0x0, 0x5, 0xfa11, 0x8}, 0x0) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000300)=ANY=[@ANYBLOB="020000000000000082000040"]) r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_netprio_ifpriomap(r3, &(0x7f0000000040), 0x2, 0x0) sendfile(0xffffffffffffffff, r3, 0x0, 0x17) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e24, 0x3, @private2, 0xbf}, 0x1c) sendmsg$IPCTNL_MSG_EXP_NEW(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="b00000000002010400000000000000000700000608000940ffffffff08000440000000810800084000000003200001"], 0xb0}, 0x1, 0x0, 0x0, 0x8004}, 0x10) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="440000003e000701feffffff00000000017c0000040042800c00018006000600800a0000200002801c00068018"], 0x44}, 0x1, 0x0, 0x0, 0x40040c0}, 0xc000) r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r5, 0x5423, &(0x7f0000000080)=0x3) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x20}, 0x94) r6 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x1a01, 0x0) ioctl$PPPIOCSMRU1(r6, 0x40047452, &(0x7f00000003c0)=0x5) mkdirat(0xffffffffffffff9c, &(0x7f0000000380)='./file0\x00', 0x955a7adaa9d5093d) lremovexattr(&(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)=@known='system.posix_acl_default\x00') 3m11.568450424s ago: executing program 3 (id=892): ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000040)=0x1) ioctl$TCSETS(0xffffffffffffffff, 0x8926, 0x0) 3m11.17962264s ago: executing program 3 (id=894): socket$netlink(0x10, 0x3, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$IPVS_CMD_SET_INFO(r1, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) socket(0x2000000000000021, 0x2, 0xe128) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) timer_create(0x0, 0x0, 0x0) r5 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) write$uinput_user_dev(r5, &(0x7f0000000a00)={'syz1\x00', {0x6ec9, 0x7, 0x5, 0x5}, 0x3e, [0x9, 0x2, 0x8, 0x2, 0x5334, 0x400, 0x80000000, 0x5, 0x8, 0x0, 0x6, 0xf5, 0x9, 0x39, 0x747d5a13, 0x8, 0xfffffb9a, 0xfffffffc, 0x4, 0xfffffffb, 0x4, 0x3, 0x4, 0xf252, 0x4, 0x800, 0x300000, 0x7, 0xe, 0x4623b, 0x0, 0x0, 0x1ff, 0x8000, 0x3ff, 0x3, 0xd, 0x3, 0xba55, 0x1000, 0x2, 0x200, 0x2, 0x400008, 0xe, 0x4, 0x2, 0x0, 0x8, 0x9, 0x1, 0x199f, 0x8, 0x2, 0x9, 0x1, 0x4, 0x6, 0x1000, 0x5, 0x40, 0x9, 0x7, 0x5], [0x6, 0x1e, 0x3, 0x8000, 0xfffffffe, 0x3, 0x0, 0x5, 0x7, 0xfffffffc, 0x4, 0x7fff, 0x72c, 0x1c32, 0x3, 0x9, 0x10000, 0xf7, 0x8001, 0x3, 0x1, 0x297, 0x5, 0x0, 0x981, 0x4, 0x100, 0x3ff, 0x0, 0xfffffffe, 0x0, 0x1000001, 0x10, 0xfffffff9, 0x0, 0x5, 0x1, 0xffffffff, 0x6, 0x5, 0x800, 0xffff, 0x6, 0x96, 0xfffffffd, 0x101, 0x0, 0x2, 0x401, 0xc, 0x3, 0x379, 0x9, 0x200, 0x5, 0x7, 0x6, 0x2, 0x1, 0x1, 0x8, 0x6, 0x200, 0x3], [0x401, 0xc584, 0xffff, 0xcd4, 0x7, 0x20, 0x7, 0x4, 0x8, 0x10, 0x7, 0x9, 0xe8b, 0x5, 0x80000001, 0x8, 0xffffffff, 0x1000, 0x2, 0x10, 0x1, 0xfffffff9, 0xe55, 0x10, 0x80000001, 0x4, 0x4, 0x5, 0x9, 0x2, 0x20000005, 0x80, 0x9, 0x9, 0x47, 0x2, 0x3, 0x4, 0x7, 0x6d7e, 0x3, 0x8, 0x8001, 0xbf23, 0x6, 0x8, 0x95a, 0xffffffff, 0x4, 0x3, 0x6, 0x100fffd, 0x2005, 0x7, 0x4, 0xea, 0x9, 0x5, 0x2, 0xd9, 0x0, 0x7ff, 0x401, 0x5], [0x108e, 0x7fff, 0x3, 0x3, 0x88, 0x2, 0x6, 0x4, 0x50, 0x8, 0x763, 0xb, 0x402, 0x800, 0x2, 0x1000, 0x7f, 0x5, 0x3fa6, 0x4, 0x0, 0x5, 0x1e0, 0x4, 0xe47, 0x3, 0x3, 0x4, 0x200, 0x1000, 0x403b, 0x2, 0x5, 0x800, 0xa80a, 0x65f413f9, 0x4, 0x8, 0x8a8, 0x2, 0x40, 0x7, 0x2, 0x4, 0x4, 0x10, 0x0, 0x0, 0x7fff, 0x1, 0xfffffff8, 0x401, 0x1, 0x200, 0x7, 0x4edf, 0xfffffffd, 0x7, 0xe, 0x2, 0xe, 0xf, 0x133, 0x6]}, 0x45c) ioctl$UI_DEV_CREATE(r5, 0x5501) readv(r5, &(0x7f0000001900)=[{0x0, 0xea}], 0x1) write$input_event(r5, &(0x7f0000000000)={{0x77359400}, 0x15}, 0xfe4f) ptrace$PTRACE_GETSIGMASK(0x420a, 0x0, 0x0, 0x0) bpf$PROG_BIND_MAP(0xa, 0x0, 0x0) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) r6 = fsopen(&(0x7f0000000180)='proc\x00', 0x1) r7 = openat$ttyprintk(0xffffffffffffff9c, 0x0, 0x21041, 0x0) ioctl$TIOCSETD(r7, 0x5423, &(0x7f0000000000)=0xe) ioctl$VT_SETMODE(r7, 0x5602, 0x0) fsconfig$FSCONFIG_CMD_CREATE(r6, 0x6, 0x0, 0x0, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r2, @ANYBLOB="01000000020000001c0012000c000100626f6e64000000000c0002000800010005"], 0x3c}}, 0x0) 3m5.741538952s ago: executing program 3 (id=903): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000380)={'vcan0\x00', 0x0}) r2 = socket$can_j1939(0x1d, 0x2, 0x7) bind$can_j1939(r2, &(0x7f0000000080)={0x1d, r1, 0x0, {0x0, 0x0, 0x4}}, 0x18) r3 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000300)={'vcan0\x00'}) r4 = socket$can_j1939(0x1d, 0x2, 0x7) bind$can_j1939(r4, 0x0, 0x0) sendmsg$can_j1939(r4, &(0x7f00000001c0)={&(0x7f0000000040), 0x18, &(0x7f0000000180)={&(0x7f00000000c0)="92", 0x1a000}}, 0xee) sendmsg$can_j1939(r2, &(0x7f00000001c0)={&(0x7f0000000040), 0x18, &(0x7f0000000180)={&(0x7f0000000200)="0048b3c693123d4a5d", 0x9}}, 0xee) 3m5.251388449s ago: executing program 3 (id=905): mkdir(&(0x7f00000002c0)='./file0\x00', 0x2) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000480)='./file0\x00', 0x80101) move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x10) chroot(&(0x7f0000000780)='./file0\x00') r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x89901) move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f00000001c0)='./file0/../file0/../file0/../file0/file0\x00', 0x0) 3m4.896566924s ago: executing program 3 (id=908): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002}) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a}) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000001040)={0x4c, 0x0, &(0x7f0000000ec0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x41, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000740)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x400}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000c00)={0x44, 0x0, &(0x7f0000000a80)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x21, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000140)={0xc, 0x0, &(0x7f0000000100)=[@free_buffer], 0x0, 0x0, 0x0}) 3m0.237175965s ago: executing program 32 (id=873): syz_open_dev$sg(&(0x7f00000002c0), 0x0, 0x40283) socket$nl_generic(0x10, 0x3, 0x10) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000340)={0x38, 0x6, 0x8, 0x8001, 0x0, 0x9, 0x0, 0x5, 0xfa11, 0x8}, 0x0) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000300)=ANY=[@ANYBLOB="020000000000000082000040"]) r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_netprio_ifpriomap(r3, &(0x7f0000000040), 0x2, 0x0) sendfile(0xffffffffffffffff, r3, 0x0, 0x17) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e24, 0x3, @private2, 0xbf}, 0x1c) sendmsg$IPCTNL_MSG_EXP_NEW(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="b00000000002010400000000000000000700000608000940ffffffff08000440000000810800084000000003200001"], 0xb0}, 0x1, 0x0, 0x0, 0x8004}, 0x10) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="440000003e000701feffffff00000000017c0000040042800c00018006000600800a0000200002801c00068018"], 0x44}, 0x1, 0x0, 0x0, 0x40040c0}, 0xc000) r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r5, 0x5423, &(0x7f0000000080)=0x3) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x20}, 0x94) r6 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x1a01, 0x0) ioctl$PPPIOCSMRU1(r6, 0x40047452, &(0x7f00000003c0)=0x5) mkdirat(0xffffffffffffff9c, &(0x7f0000000380)='./file0\x00', 0x955a7adaa9d5093d) lremovexattr(&(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)=@known='system.posix_acl_default\x00') 2m56.892099712s ago: executing program 3 (id=927): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_DIRENTPLUS(r2, &(0x7f0000000440)=ANY=[], 0xb0) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) creat(&(0x7f0000000440)='./file0/file0\x00', 0x188) 2m55.673925839s ago: executing program 33 (id=927): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_DIRENTPLUS(r2, &(0x7f0000000440)=ANY=[], 0xb0) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) creat(&(0x7f0000000440)='./file0/file0\x00', 0x188) 2m1.902476591s ago: executing program 4 (id=1055): dup(0xffffffffffffffff) openat$udambuf(0xffffffffffffff9c, 0x0, 0x2) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, 0x0, 0x0) r2 = openat$sndseq(0xffffffffffffff9c, 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r2, 0xc058534f, 0x0) r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2982, 0x0) ioctl$TCXONC(r3, 0x540a, 0x2) 2m1.42383603s ago: executing program 0 (id=1057): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0) r2 = syz_io_uring_setup(0x10e, &(0x7f0000000140)={0x0, 0x334e, 0x10, 0x3, 0x801}, &(0x7f00000003c0)=0x0, &(0x7f0000000300)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r3, r4, &(0x7f0000000000)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, &(0x7f0000000040)='./file0/file0\x00', 0x60, 0x185100}) io_uring_enter(r2, 0x7277, 0x0, 0x28, 0x0, 0x0) 1m57.954687134s ago: executing program 4 (id=1062): socket$netlink(0x10, 0x3, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$IPVS_CMD_SET_INFO(r1, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) socket(0x2000000000000021, 0x2, 0xe128) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) timer_create(0x0, 0x0, 0x0) r5 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) write$uinput_user_dev(r5, &(0x7f0000000a00)={'syz1\x00', {0x6ec9, 0x7, 0x5, 0x5}, 0x3e, [0x9, 0x2, 0x8, 0x2, 0x5334, 0x400, 0x80000000, 0x5, 0x8, 0x0, 0x6, 0xf5, 0x9, 0x39, 0x747d5a13, 0x8, 0xfffffb9a, 0xfffffffc, 0x4, 0xfffffffb, 0x4, 0x3, 0x4, 0xf252, 0x4, 0x800, 0x300000, 0x7, 0xe, 0x4623b, 0x0, 0x0, 0x1ff, 0x8000, 0x3ff, 0x3, 0xd, 0x3, 0xba55, 0x1000, 0x2, 0x200, 0x2, 0x400008, 0xe, 0x4, 0x2, 0x0, 0x8, 0x9, 0x1, 0x199f, 0x8, 0x2, 0x9, 0x1, 0x4, 0x6, 0x1000, 0x5, 0x40, 0x9, 0x7, 0x5], [0x6, 0x1e, 0x3, 0x8000, 0xfffffffe, 0x3, 0x0, 0x5, 0x7, 0xfffffffc, 0x4, 0x7fff, 0x72c, 0x1c32, 0x3, 0x9, 0x10000, 0xf7, 0x8001, 0x3, 0x1, 0x297, 0x5, 0x0, 0x981, 0x4, 0x100, 0x3ff, 0x0, 0xfffffffe, 0x0, 0x1000001, 0x10, 0xfffffff9, 0x0, 0x5, 0x1, 0xffffffff, 0x6, 0x5, 0x800, 0xffff, 0x6, 0x96, 0xfffffffd, 0x101, 0x0, 0x2, 0x401, 0xc, 0x3, 0x379, 0x9, 0x200, 0x5, 0x7, 0x6, 0x2, 0x1, 0x1, 0x8, 0x6, 0x200, 0x3], [0x401, 0xc584, 0xffff, 0xcd4, 0x7, 0x20, 0x7, 0x4, 0x8, 0x10, 0x7, 0x9, 0xe8b, 0x5, 0x80000001, 0x8, 0xffffffff, 0x1000, 0x2, 0x10, 0x1, 0xfffffff9, 0xe55, 0x10, 0x80000001, 0x4, 0x4, 0x5, 0x9, 0x2, 0x20000005, 0x80, 0x9, 0x9, 0x47, 0x2, 0x3, 0x4, 0x7, 0x6d7e, 0x3, 0x8, 0x8001, 0xbf23, 0x6, 0x8, 0x95a, 0xffffffff, 0x4, 0x3, 0x6, 0x100fffd, 0x2005, 0x7, 0x4, 0xea, 0x9, 0x5, 0x2, 0xd9, 0x0, 0x7ff, 0x401, 0x5], [0x108e, 0x7fff, 0x3, 0x3, 0x88, 0x2, 0x6, 0x4, 0x50, 0x8, 0x763, 0xb, 0x402, 0x800, 0x2, 0x1000, 0x7f, 0x5, 0x3fa6, 0x4, 0x0, 0x5, 0x1e0, 0x4, 0xe47, 0x3, 0x3, 0x4, 0x200, 0x1000, 0x403b, 0x2, 0x5, 0x800, 0xa80a, 0x65f413f9, 0x4, 0x8, 0x8a8, 0x2, 0x40, 0x7, 0x2, 0x4, 0x4, 0x10, 0x0, 0x0, 0x7fff, 0x1, 0xfffffff8, 0x401, 0x1, 0x200, 0x7, 0x4edf, 0xfffffffd, 0x7, 0xe, 0x2, 0xe, 0xf, 0x133, 0x6]}, 0x45c) ioctl$UI_DEV_CREATE(r5, 0x5501) readv(r5, &(0x7f0000001900)=[{0x0, 0xea}], 0x1) write$input_event(r5, &(0x7f0000000000)={{0x77359400}, 0x15}, 0xfe4f) ptrace$PTRACE_GETSIGMASK(0x420a, 0x0, 0x0, 0x0) bpf$PROG_BIND_MAP(0xa, 0x0, 0x0) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) r6 = fsopen(&(0x7f0000000180)='proc\x00', 0x1) openat$ttyprintk(0xffffffffffffff9c, 0x0, 0x21041, 0x0) fsconfig$FSCONFIG_CMD_CREATE(r6, 0x6, 0x0, 0x0, 0x0) fsmount(r6, 0x0, 0x1) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r2, @ANYBLOB="01000000020000001c0012000c000100626f6e64000000000c0002000800010005"], 0x3c}}, 0x0) 1m57.778035495s ago: executing program 0 (id=1063): r0 = getpid() timer_create(0x3, &(0x7f0000533fa0)={0x0, 0x21, 0x4, @tid=r0}, &(0x7f00000001c0)) r1 = signalfd4(0xffffffffffffffff, &(0x7f00000003c0)={[0x1fffffffff]}, 0x8, 0x0) r2 = syz_io_uring_setup(0x186, &(0x7f0000000080)={0x0, 0x3416, 0x13100, 0x2, 0x4, 0x0, r1}, &(0x7f0000000180), &(0x7f0000000200)) io_uring_enter(r2, 0x2def, 0x9566, 0x0, 0x0, 0x0) timer_settime(0x0, 0x1, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) 1m56.97194499s ago: executing program 0 (id=1064): r0 = socket(0x18, 0x3, 0x3a) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r3, 0x89f3, &(0x7f0000000140)={'ip6tnl0\x00', &(0x7f00000000c0)={'syztnl1\x00', 0x0, 0x4, 0x4, 0x5, 0x10, 0x10, @remote, @dev={0xfe, 0x80, '\x00', 0x39}, 0x700, 0x80, 0x0, 0x65}}) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) r4 = openat$vimc2(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r4, 0xc100565c, &(0x7f0000000040)={0x0, 0xfff, 0x2, {0x9, @pix_mp={0xf, 0x5be7, 0x50323234, 0x0, 0xb, [{0x80000004, 0x7}, {0x7ff, 0x10001}, {0x10000001, 0x9}, {0x63d, 0x7fd}, {0x1, 0xb}, {0x4, 0x489aa92e}, {0x5, 0x94}, {0xff, 0x7}], 0x1, 0xc, 0x2, 0x0, 0x3}}, 0xfffffffd}) bind$alg(0xffffffffffffffff, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_INITMSG(r0, 0x84, 0x2, &(0x7f0000000140), &(0x7f0000000180)=0x8) r5 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000280), 0x40000, 0x0) ioctl$RTC_ALM_SET(r5, 0x40247007, &(0x7f00000002c0)={0x14, 0x10, 0x3, 0xb, 0x4, 0x2, 0x3, 0x84, 0x1}) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x4000081) r6 = socket$inet6_mptcp(0xa, 0x1, 0x106) r7 = socket(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000300)={'gretap0\x00', 0x0}) sendmsg$nl_route_sched(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000000)=@newqdisc={0x38, 0x24, 0xf0b, 0x0, 0x0, {0x60, 0x0, 0x0, r8, {0x0, 0x7}, {0xfff1, 0xffff}, {0x0, 0xd}}, [@qdisc_kind_options=@q_ingress={0xc}, @TCA_INGRESS_BLOCK={0x8, 0xd, 0x1ff}]}, 0x38}, 0x1, 0x0, 0x0, 0x20008000}, 0x0) ioctl$USBDEVFS_CONTROL(0xffffffffffffffff, 0xc0105500, &(0x7f0000000000)={0x20, 0xc, 0x3, 0x0, 0x0, 0xfffffffd, 0x0}) bind$inet6(r6, 0x0, 0x0) connect$inet6(r6, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @mcast2}, 0x1c) ioprio_set$pid(0x1, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuset.effective_cpus\x00', 0x275a, 0x0) setsockopt$inet6_tcp_TCP_CONGESTION(r6, 0x6, 0xd, 0x0, 0x0) 1m55.467974296s ago: executing program 1 (id=1067): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0, 0x1c}}, 0x0) getsockname$packet(r1, &(0x7f0000000600)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000640)=ANY=[@ANYBLOB="3c0000001000850600000000ff6122", @ANYRES32=r2, @ANYBLOB="00001000252155b21c0012000c000100626f6e64"], 0x3c}}, 0x40000) sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000680)=@newlink={0x40, 0x10, 0x503, 0x0, 0xfffffffc, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @vti={{0x8}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VTI_REMOTE={0x8, 0x5, @rand_addr=0x64010100}]}}}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x40}, 0x1, 0x0, 0x0, 0x800}, 0x4000) 1m54.831949322s ago: executing program 1 (id=1068): r0 = openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002}) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r2 = dup3(r1, r0, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000001040)={0x4c, 0x0, &(0x7f0000000ec0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x41, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000740)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x400}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000c00)={0x44, 0x0, &(0x7f0000000a80)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x21, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 1m54.800954234s ago: executing program 4 (id=1069): syz_open_dev$sndctrl(&(0x7f0000000000), 0x84, 0x0) r0 = socket(0x1e, 0x1, 0x0) write$binfmt_misc(r0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00005f5000)={0x1000000, 0x0, 0x0}, 0x0) add_key(&(0x7f0000000000)='big_key\x00', 0x0, &(0x7f0000000080)="ae", 0xfffff, 0xffffffffffffffff) 1m54.479919995s ago: executing program 1 (id=1070): mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0xfffffffffefffff6, 0x20031, 0xffffffffffffffff, 0x0) r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xf, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8}, {{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {0x85, 0x0, 0x0, 0x5}}, {}, [], {{0x7, 0x1, 0xb, 0x8}, {0x5, 0x0, 0xb, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000680)={r1, 0x0, 0x0}, 0x10) 1m54.263438885s ago: executing program 0 (id=1071): socket$inet(0xa, 0x801, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$vsock_stream(0x28, 0x1, 0x0) socket$vsock_stream(0x28, 0x1, 0x0) socket$inet(0xa, 0x801, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$vsock_stream(0x28, 0x1, 0x0) socket$kcm(0x11, 0x2, 0x300) socket$kcm(0x10, 0x2, 0x4) socket$vsock_stream(0x28, 0x1, 0x0) socket$inet_udp(0x2, 0x2, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000940)={&(0x7f00000013c0)=ANY=[@ANYBLOB="640000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="e5fda988000000002800128009000100766c616e00000000180002800c0002201c0000001f000000060001000000000008000500", @ANYRES32=r0, @ANYBLOB='\b\x00\n\x00', @ANYRES32, @ANYBLOB="0a000100000070"], 0x64}, 0x1, 0x0, 0x0, 0x8811}, 0x0) 1m54.070347788s ago: executing program 1 (id=1072): r0 = getpid() timer_create(0x3, &(0x7f0000533fa0)={0x0, 0x21, 0x4, @tid=r0}, &(0x7f00000001c0)) r1 = signalfd4(0xffffffffffffffff, &(0x7f00000003c0)={[0x1fffffffff]}, 0x8, 0x0) r2 = syz_io_uring_setup(0x186, &(0x7f0000000080)={0x0, 0x3416, 0x13100, 0x2, 0x4, 0x0, r1}, &(0x7f0000000180), &(0x7f0000000200)) io_uring_enter(r2, 0x2def, 0x9566, 0x0, 0x0, 0x0) timer_settime(0x0, 0x1, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) 1m53.892052954s ago: executing program 0 (id=1073): r0 = socket(0x10, 0x3, 0x0) r1 = getpgrp(0x0) r2 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x3c, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bond={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BOND_ARP_INTERVAL={0x8, 0x7, 0xffffffff}]}}}]}, 0x3c}}, 0x0) setsockopt$RDS_CONG_MONITOR(r0, 0x114, 0x6, &(0x7f0000000080), 0x4) sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8090}, 0x10) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) kcmp(r1, r2, 0x0, r0, r0) 1m53.725471242s ago: executing program 1 (id=1074): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x28}}, 0x0) 1m53.65252203s ago: executing program 4 (id=1075): socket$nl_netfilter(0x10, 0x3, 0xc) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x9}, 0x1c) listen(r0, 0x3) setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000100)=0x400, 0x4) syz_emit_ethernet(0x85, &(0x7f0000000340)={@local, @multicast, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "2a8435", 0x4f, 0x6, 0xff, @empty, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x4, 0x5, 0xc2}, {"53d0475126fba12ade4de4eb2747d30758db998757ae91930fde9f449ee90054c41c0603a541c44f1901e1f9f24cf64b44b6e3e31c7c0030f7e770"}}}}}}}, 0x0) 1m53.390905473s ago: executing program 4 (id=1076): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0, 0x1c}}, 0x0) getsockname$packet(r1, &(0x7f0000000600)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000640)=ANY=[@ANYBLOB="3c0000001000850600000000ff6122", @ANYRES32=r2, @ANYBLOB="00001000252155b21c0012000c000100626f6e64"], 0x3c}}, 0x40000) sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000680)=@newlink={0x40, 0x10, 0x503, 0x0, 0xfffffffc, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @vti={{0x8}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VTI_REMOTE={0x8, 0x5, @rand_addr=0x64010100}]}}}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x40}, 0x1, 0x0, 0x0, 0x800}, 0x4000) 1m53.302764057s ago: executing program 1 (id=1077): socket$netlink(0x10, 0x3, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$IPVS_CMD_SET_INFO(r1, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) socket(0x2000000000000021, 0x2, 0xe128) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) timer_create(0x0, 0x0, 0x0) r5 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) write$uinput_user_dev(r5, &(0x7f0000000a00)={'syz1\x00', {0x6ec9, 0x7, 0x5, 0x5}, 0x3e, [0x9, 0x2, 0x8, 0x2, 0x5334, 0x400, 0x80000000, 0x5, 0x8, 0x0, 0x6, 0xf5, 0x9, 0x39, 0x747d5a13, 0x8, 0xfffffb9a, 0xfffffffc, 0x4, 0xfffffffb, 0x4, 0x3, 0x4, 0xf252, 0x4, 0x800, 0x300000, 0x7, 0xe, 0x4623b, 0x0, 0x0, 0x1ff, 0x8000, 0x3ff, 0x3, 0xd, 0x3, 0xba55, 0x1000, 0x2, 0x200, 0x2, 0x400008, 0xe, 0x4, 0x2, 0x0, 0x8, 0x9, 0x1, 0x199f, 0x8, 0x2, 0x9, 0x1, 0x4, 0x6, 0x1000, 0x5, 0x40, 0x9, 0x7, 0x5], [0x6, 0x1e, 0x3, 0x8000, 0xfffffffe, 0x3, 0x0, 0x5, 0x7, 0xfffffffc, 0x4, 0x7fff, 0x72c, 0x1c32, 0x3, 0x9, 0x10000, 0xf7, 0x8001, 0x3, 0x1, 0x297, 0x5, 0x0, 0x981, 0x4, 0x100, 0x3ff, 0x0, 0xfffffffe, 0x0, 0x1000001, 0x10, 0xfffffff9, 0x0, 0x5, 0x1, 0xffffffff, 0x6, 0x5, 0x800, 0xffff, 0x6, 0x96, 0xfffffffd, 0x101, 0x0, 0x2, 0x401, 0xc, 0x3, 0x379, 0x9, 0x200, 0x5, 0x7, 0x6, 0x2, 0x1, 0x1, 0x8, 0x6, 0x200, 0x3], [0x401, 0xc584, 0xffff, 0xcd4, 0x7, 0x20, 0x7, 0x4, 0x8, 0x10, 0x7, 0x9, 0xe8b, 0x5, 0x80000001, 0x8, 0xffffffff, 0x1000, 0x2, 0x10, 0x1, 0xfffffff9, 0xe55, 0x10, 0x80000001, 0x4, 0x4, 0x5, 0x9, 0x2, 0x20000005, 0x80, 0x9, 0x9, 0x47, 0x2, 0x3, 0x4, 0x7, 0x6d7e, 0x3, 0x8, 0x8001, 0xbf23, 0x6, 0x8, 0x95a, 0xffffffff, 0x4, 0x3, 0x6, 0x100fffd, 0x2005, 0x7, 0x4, 0xea, 0x9, 0x5, 0x2, 0xd9, 0x0, 0x7ff, 0x401, 0x5], [0x108e, 0x7fff, 0x3, 0x3, 0x88, 0x2, 0x6, 0x4, 0x50, 0x8, 0x763, 0xb, 0x402, 0x800, 0x2, 0x1000, 0x7f, 0x5, 0x3fa6, 0x4, 0x0, 0x5, 0x1e0, 0x4, 0xe47, 0x3, 0x3, 0x4, 0x200, 0x1000, 0x403b, 0x2, 0x5, 0x800, 0xa80a, 0x65f413f9, 0x4, 0x8, 0x8a8, 0x2, 0x40, 0x7, 0x2, 0x4, 0x4, 0x10, 0x0, 0x0, 0x7fff, 0x1, 0xfffffff8, 0x401, 0x1, 0x200, 0x7, 0x4edf, 0xfffffffd, 0x7, 0xe, 0x2, 0xe, 0xf, 0x133, 0x6]}, 0x45c) ioctl$UI_DEV_CREATE(r5, 0x5501) readv(r5, &(0x7f0000001900)=[{0x0, 0xea}], 0x1) write$input_event(r5, &(0x7f0000000000)={{0x77359400}, 0x15}, 0xfe4f) ptrace$PTRACE_GETSIGMASK(0x420a, 0x0, 0x0, 0x0) bpf$PROG_BIND_MAP(0xa, 0x0, 0x0) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) r6 = fsopen(&(0x7f0000000180)='proc\x00', 0x1) openat$ttyprintk(0xffffffffffffff9c, 0x0, 0x21041, 0x0) fsconfig$FSCONFIG_CMD_CREATE(r6, 0x6, 0x0, 0x0, 0x0) fsmount(r6, 0x0, 0x1) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r2, @ANYBLOB="01000000020000001c0012000c000100626f6e64000000000c0002000800010005"], 0x3c}}, 0x0) 1m53.007864987s ago: executing program 4 (id=1078): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x1, 0x3, &(0x7f0000000000)=ANY=[@ANYBLOB="6a0ac4ff0000000071103e000000000095"], &(0x7f0000000480)='GPL\x00'}, 0x90) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="4000000010004b0400000000000000007a000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000200012800b0001006272696467650000100002800c00210009"], 0x40}, 0x1, 0x0, 0x0, 0x34041043}, 0x0) syz_usb_connect(0x0, 0x24, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0xff, 0x0, 0x0, 0x20, 0x572, 0xcb01, 0x663d, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x5b, 0xe8, 0xeb}}]}}]}}, 0x0) socket(0x10, 0x1, 0x0) r0 = openat$vicodec1(0xffffff9c, &(0x7f0000000280), 0x2, 0x0) ioctl$VIDIOC_G_TUNER(r0, 0xc054561d, &(0x7f0000000300)={0x5, "69592436c86c8001000000ff0f001e4e0f00", 0x1, 0x100, 0xffffbb71, 0x800, 0x1, 0x3, 0x7f, 0x6}) r1 = socket$netlink(0x10, 0x3, 0xc) r2 = open(&(0x7f00000002c0)='./file0\x00', 0x1491ff, 0x22) fcntl$setlease(r2, 0x400, 0x0) fcntl$setlease(r2, 0x400, 0x0) bind$netlink(r1, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000500)=ANY=[@ANYBLOB="3800000018000100000400000000000002000000fe00ff090034001719255f58c176180014001680100008800c000280060001000b870000"], 0x38}}, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r1, 0x10e, 0x4, &(0x7f0000000140)=0x6, 0x4) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000200), 0x4) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000002c0)={0x94, 0x0, 0x1, 0x401, 0x0, 0x0, {0xa, 0x0, 0xa}, [@CTA_TUPLE_ORIG={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @local}, {0x14, 0x4, @mcast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @local}, {0x14, 0x4, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}]}, 0x94}}, 0x0) r5 = add_key$keyring(&(0x7f00000000c0), &(0x7f00000002c0)={'syz', 0x3}, 0x0, 0x0, 0xffffffffffffffff) keyctl$restrict_keyring(0xa, r5, &(0x7f0000000300)='asymmetric\x00', &(0x7f0000000000)='dd:cb2e') lstat(&(0x7f0000000100)='./file0\x00', 0x0) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000008c0)={0xac, 0x0, 0x1, 0x401, 0x0, 0x0, {0xa}, [@CTA_TUPLE_ORIG={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @empty}, {0x14, 0x4, @mcast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @local}, {0x14, 0x4, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_SRC={0x18, 0x6, 0x0, 0x1, [@CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}]}, 0xac}}, 0x0) ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r2, 0x89f0, &(0x7f0000000540)={'sit0\x00', &(0x7f0000000440)={'ip_vti0\x00', 0x0, 0x0, 0x80, 0x5, 0x4, {{0x1b, 0x4, 0x1, 0x2, 0x6c, 0x67, 0x0, 0xa, 0x4, 0x0, @dev={0xac, 0x14, 0x14, 0x2b}, @local, {[@ssrr={0x89, 0x1b, 0x90, [@multicast1, @broadcast, @loopback, @dev={0xac, 0x14, 0x14, 0x15}, @multicast2, @broadcast]}, @ssrr={0x89, 0xb, 0x52, [@dev={0xac, 0x14, 0x14, 0x13}, @local]}, @generic={0x4, 0xd, "9ecd6f40a3f3dece2b2db9"}, @timestamp_prespec={0x44, 0x24, 0xa4, 0x3, 0x9, [{@remote, 0x3ff}, {@multicast1, 0x45}, {@dev={0xac, 0x14, 0x14, 0x2e}, 0xf}, {@loopback, 0x7}]}]}}}}}) sendmsg$nl_route(r3, &(0x7f0000000680)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000640)={&(0x7f0000000c00)=ANY=[@ANYBLOB="9c0000001800000228bd7000fedbdf250a10e708fdd4fe04001900007500088057bef88fb8619cc5110cf0c259fe65fbef22c29987556660c912e30a7741cc22c3fd6d8f2b711db32728031c6be0d68d94cfdde4aef17fa7c2dda246a328d8245467133ec24856dc441991d159d7a0bc2a29cb3830065015c6c3a1f32c40db083c8c5d3a8ecd946ec4664b9d823727118e00000008000400", @ANYRES32=r7, @ANYBLOB="5012ed18c34367d47792b75fc587686c496935b7e5ba91a90c7040d724058743ca5350be93f906bb3cd5cf8dd0bfe9bca49a93f3cf57756f50c2b9dfac0bbc37a1638fb2c54bc29637f7377d6eb5f3063f82dffc48be4d363ece683b3e7fbfe0b7746ecc2ce7775027053507d946204ff279f92be9b9c5c607fcba0db8b90eec2a00347bdaea10da2385a2d5ad2bebbc67"], 0x9c}}, 0x4001) sendmsg$OSF_MSG_REMOVE(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x1010}, 0xc, &(0x7f0000000280)={&(0x7f0000000980)={0x268, 0x1, 0x5, 0x201, 0x0, 0x0, {0xa, 0x0, 0x5}, [{{0x254, 0x1, {{0x1, 0x250ca229}, 0x2b, 0xf4, 0xff81, 0xd58, 0xf, 'syz1\x00', "c8964152e896bf8b176ad22f475ea664dd83bfc1c3fb6a51e9350860260ef4f6", "5f6f7fb654032605ab6d575f03f74d590a98a00d305c5f0bfe6c3d05992bc8e5", [{0x7fff, 0x5, {0x0, 0x5}}, {0xc1, 0x7, {0x3, 0x892}}, {0x9, 0x1d, {0x1, 0x8}}, {0x1, 0x6, {0x1, 0x2}}, {0x6, 0x2, {0x0, 0x4}}, {0x1a00, 0x3, {0x3, 0x26d}}, {0x69, 0x6, {0x1, 0xb}}, {0xffff, 0x80, {0x2, 0xff}}, {0x81, 0xeed, {0x2, 0x55fc}}, {0x1, 0x7f, {0x0, 0x7ff}}, {0x4, 0xa6, {0x2, 0x1}}, {0x2f, 0x2, {0x1, 0x7}}, {0x7, 0x1f5f, {0x3, 0x80}}, {0x6, 0x7, {0x1, 0xc6e}}, {0x5, 0x0, {0x1, 0xd}}, {0x7, 0xfff, {0x2, 0x1}}, {0x5, 0x1, {0x3, 0x9}}, {0x40, 0x2, {0x3, 0x5}}, {0x4da8, 0x8f09, {0x1, 0x4}}, {0x0, 0x20, {0x1, 0xa}}, {0x3, 0x2, {0x2, 0xe40}}, {0x729, 0x3, {0x0, 0x80000001}}, {0x6417, 0x8, {0x2, 0xfff}}, {0xff, 0x3984, {0x0, 0x1}}, {0x9, 0x5, {0x0, 0x8}}, {0x2, 0x5, {0x2, 0x3}}, {0x2, 0x5, {0x0, 0x1}}, {0x401, 0x2, {0x3, 0x3}}, {0x657f, 0xf5e, {0x1, 0x9}}, {0x8e59, 0x100, {0x3, 0x7ff}}, {0x9, 0x6, {0x0, 0xfff}}, {0x40, 0x80, {0x3, 0x8}}, {0x8, 0x6, {0x3, 0xfffffffe}}, {0x2, 0xd2b}, {0x9, 0x8, {0x2, 0x9}}, {0xfe0a, 0x1ff, {0x2}}, {0x8, 0xe, {0x0, 0x8}}, {0x7, 0x0, {0x1, 0x5e69}}, {0x4, 0x8, {0x1, 0x4}}, {0x0, 0x3, {0x2, 0x7ff000}}]}}}]}, 0x268}, 0x1, 0x0, 0x0, 0x48800}, 0x840) umount2(&(0x7f00000001c0)='./file0\x00', 0xc) sendmsg$IPCTNL_MSG_EXP_GET(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0}, 0x1, 0x0, 0x0, 0x8010}, 0x800) sendmsg$IPCTNL_MSG_CT_GET(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB="14000000010101870100000000000000000005"], 0x14}, 0x1, 0x0, 0x0, 0x10000880}, 0x4) 1m52.637754676s ago: executing program 0 (id=1079): socket$inet(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x3, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, 0x0, 0x0) sched_setattr(0x0, 0x0, 0x0) socket$packet(0x11, 0x3, 0x300) socket$vsock_stream(0x28, 0x1, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=@newlink={0x3c, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x2031}, [@IFLA_XDP={0x14, 0x2b, 0x0, 0x1, [@IFLA_XDP_FD={0x8}, @IFLA_XDP_FLAGS={0x8, 0x3, 0x2}]}, @IFLA_GROUP={0x8}]}, 0x3c}, 0x1, 0x0, 0x0, 0x20048054}, 0x0) syz_open_procfs(0x0, 0x0) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$inet_tcp_int(r2, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4) r3 = syz_open_dev$vim2m(&(0x7f0000000200), 0x3, 0x2) ioctl$vim2m_VIDIOC_REQBUFS(r3, 0xc0145608, &(0x7f00000000c0)={0x1, 0x2, 0x1}) bind$inet(r2, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r2, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r2, &(0x7f0000000580)="17", 0xfdef, 0x10008095, 0x0, 0x0) syz_usb_connect$cdc_ncm(0x6, 0x76, 0x0, 0x0) 1m14.679778147s ago: executing program 34 (id=1079): socket$inet(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x3, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, 0x0, 0x0) sched_setattr(0x0, 0x0, 0x0) socket$packet(0x11, 0x3, 0x300) socket$vsock_stream(0x28, 0x1, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=@newlink={0x3c, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x2031}, [@IFLA_XDP={0x14, 0x2b, 0x0, 0x1, [@IFLA_XDP_FD={0x8}, @IFLA_XDP_FLAGS={0x8, 0x3, 0x2}]}, @IFLA_GROUP={0x8}]}, 0x3c}, 0x1, 0x0, 0x0, 0x20048054}, 0x0) syz_open_procfs(0x0, 0x0) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$inet_tcp_int(r2, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4) r3 = syz_open_dev$vim2m(&(0x7f0000000200), 0x3, 0x2) ioctl$vim2m_VIDIOC_REQBUFS(r3, 0xc0145608, &(0x7f00000000c0)={0x1, 0x2, 0x1}) bind$inet(r2, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r2, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r2, &(0x7f0000000580)="17", 0xfdef, 0x10008095, 0x0, 0x0) syz_usb_connect$cdc_ncm(0x6, 0x76, 0x0, 0x0) 41.013921288s ago: executing program 35 (id=1077): socket$netlink(0x10, 0x3, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$IPVS_CMD_SET_INFO(r1, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) socket(0x2000000000000021, 0x2, 0xe128) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) timer_create(0x0, 0x0, 0x0) r5 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) write$uinput_user_dev(r5, &(0x7f0000000a00)={'syz1\x00', {0x6ec9, 0x7, 0x5, 0x5}, 0x3e, [0x9, 0x2, 0x8, 0x2, 0x5334, 0x400, 0x80000000, 0x5, 0x8, 0x0, 0x6, 0xf5, 0x9, 0x39, 0x747d5a13, 0x8, 0xfffffb9a, 0xfffffffc, 0x4, 0xfffffffb, 0x4, 0x3, 0x4, 0xf252, 0x4, 0x800, 0x300000, 0x7, 0xe, 0x4623b, 0x0, 0x0, 0x1ff, 0x8000, 0x3ff, 0x3, 0xd, 0x3, 0xba55, 0x1000, 0x2, 0x200, 0x2, 0x400008, 0xe, 0x4, 0x2, 0x0, 0x8, 0x9, 0x1, 0x199f, 0x8, 0x2, 0x9, 0x1, 0x4, 0x6, 0x1000, 0x5, 0x40, 0x9, 0x7, 0x5], [0x6, 0x1e, 0x3, 0x8000, 0xfffffffe, 0x3, 0x0, 0x5, 0x7, 0xfffffffc, 0x4, 0x7fff, 0x72c, 0x1c32, 0x3, 0x9, 0x10000, 0xf7, 0x8001, 0x3, 0x1, 0x297, 0x5, 0x0, 0x981, 0x4, 0x100, 0x3ff, 0x0, 0xfffffffe, 0x0, 0x1000001, 0x10, 0xfffffff9, 0x0, 0x5, 0x1, 0xffffffff, 0x6, 0x5, 0x800, 0xffff, 0x6, 0x96, 0xfffffffd, 0x101, 0x0, 0x2, 0x401, 0xc, 0x3, 0x379, 0x9, 0x200, 0x5, 0x7, 0x6, 0x2, 0x1, 0x1, 0x8, 0x6, 0x200, 0x3], [0x401, 0xc584, 0xffff, 0xcd4, 0x7, 0x20, 0x7, 0x4, 0x8, 0x10, 0x7, 0x9, 0xe8b, 0x5, 0x80000001, 0x8, 0xffffffff, 0x1000, 0x2, 0x10, 0x1, 0xfffffff9, 0xe55, 0x10, 0x80000001, 0x4, 0x4, 0x5, 0x9, 0x2, 0x20000005, 0x80, 0x9, 0x9, 0x47, 0x2, 0x3, 0x4, 0x7, 0x6d7e, 0x3, 0x8, 0x8001, 0xbf23, 0x6, 0x8, 0x95a, 0xffffffff, 0x4, 0x3, 0x6, 0x100fffd, 0x2005, 0x7, 0x4, 0xea, 0x9, 0x5, 0x2, 0xd9, 0x0, 0x7ff, 0x401, 0x5], [0x108e, 0x7fff, 0x3, 0x3, 0x88, 0x2, 0x6, 0x4, 0x50, 0x8, 0x763, 0xb, 0x402, 0x800, 0x2, 0x1000, 0x7f, 0x5, 0x3fa6, 0x4, 0x0, 0x5, 0x1e0, 0x4, 0xe47, 0x3, 0x3, 0x4, 0x200, 0x1000, 0x403b, 0x2, 0x5, 0x800, 0xa80a, 0x65f413f9, 0x4, 0x8, 0x8a8, 0x2, 0x40, 0x7, 0x2, 0x4, 0x4, 0x10, 0x0, 0x0, 0x7fff, 0x1, 0xfffffff8, 0x401, 0x1, 0x200, 0x7, 0x4edf, 0xfffffffd, 0x7, 0xe, 0x2, 0xe, 0xf, 0x133, 0x6]}, 0x45c) ioctl$UI_DEV_CREATE(r5, 0x5501) readv(r5, &(0x7f0000001900)=[{0x0, 0xea}], 0x1) write$input_event(r5, &(0x7f0000000000)={{0x77359400}, 0x15}, 0xfe4f) ptrace$PTRACE_GETSIGMASK(0x420a, 0x0, 0x0, 0x0) bpf$PROG_BIND_MAP(0xa, 0x0, 0x0) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) r6 = fsopen(&(0x7f0000000180)='proc\x00', 0x1) openat$ttyprintk(0xffffffffffffff9c, 0x0, 0x21041, 0x0) fsconfig$FSCONFIG_CMD_CREATE(r6, 0x6, 0x0, 0x0, 0x0) fsmount(r6, 0x0, 0x1) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r2, @ANYBLOB="01000000020000001c0012000c000100626f6e64000000000c0002000800010005"], 0x3c}}, 0x0) 0s ago: executing program 36 (id=1078): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x1, 0x3, &(0x7f0000000000)=ANY=[@ANYBLOB="6a0ac4ff0000000071103e000000000095"], &(0x7f0000000480)='GPL\x00'}, 0x90) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="4000000010004b0400000000000000007a000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000200012800b0001006272696467650000100002800c00210009"], 0x40}, 0x1, 0x0, 0x0, 0x34041043}, 0x0) syz_usb_connect(0x0, 0x24, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0xff, 0x0, 0x0, 0x20, 0x572, 0xcb01, 0x663d, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x5b, 0xe8, 0xeb}}]}}]}}, 0x0) socket(0x10, 0x1, 0x0) r0 = openat$vicodec1(0xffffff9c, &(0x7f0000000280), 0x2, 0x0) ioctl$VIDIOC_G_TUNER(r0, 0xc054561d, &(0x7f0000000300)={0x5, "69592436c86c8001000000ff0f001e4e0f00", 0x1, 0x100, 0xffffbb71, 0x800, 0x1, 0x3, 0x7f, 0x6}) r1 = socket$netlink(0x10, 0x3, 0xc) r2 = open(&(0x7f00000002c0)='./file0\x00', 0x1491ff, 0x22) fcntl$setlease(r2, 0x400, 0x0) fcntl$setlease(r2, 0x400, 0x0) bind$netlink(r1, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000500)=ANY=[@ANYBLOB="3800000018000100000400000000000002000000fe00ff090034001719255f58c176180014001680100008800c000280060001000b870000"], 0x38}}, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r1, 0x10e, 0x4, &(0x7f0000000140)=0x6, 0x4) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000200), 0x4) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000002c0)={0x94, 0x0, 0x1, 0x401, 0x0, 0x0, {0xa, 0x0, 0xa}, [@CTA_TUPLE_ORIG={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @local}, {0x14, 0x4, @mcast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @local}, {0x14, 0x4, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}]}, 0x94}}, 0x0) r5 = add_key$keyring(&(0x7f00000000c0), &(0x7f00000002c0)={'syz', 0x3}, 0x0, 0x0, 0xffffffffffffffff) keyctl$restrict_keyring(0xa, r5, &(0x7f0000000300)='asymmetric\x00', &(0x7f0000000000)='dd:cb2e') lstat(&(0x7f0000000100)='./file0\x00', 0x0) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000008c0)={0xac, 0x0, 0x1, 0x401, 0x0, 0x0, {0xa}, [@CTA_TUPLE_ORIG={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @empty}, {0x14, 0x4, @mcast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @local}, {0x14, 0x4, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_SRC={0x18, 0x6, 0x0, 0x1, [@CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}]}, 0xac}}, 0x0) ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r2, 0x89f0, &(0x7f0000000540)={'sit0\x00', &(0x7f0000000440)={'ip_vti0\x00', 0x0, 0x0, 0x80, 0x5, 0x4, {{0x1b, 0x4, 0x1, 0x2, 0x6c, 0x67, 0x0, 0xa, 0x4, 0x0, @dev={0xac, 0x14, 0x14, 0x2b}, @local, {[@ssrr={0x89, 0x1b, 0x90, [@multicast1, @broadcast, @loopback, @dev={0xac, 0x14, 0x14, 0x15}, @multicast2, @broadcast]}, @ssrr={0x89, 0xb, 0x52, [@dev={0xac, 0x14, 0x14, 0x13}, @local]}, @generic={0x4, 0xd, "9ecd6f40a3f3dece2b2db9"}, @timestamp_prespec={0x44, 0x24, 0xa4, 0x3, 0x9, [{@remote, 0x3ff}, {@multicast1, 0x45}, {@dev={0xac, 0x14, 0x14, 0x2e}, 0xf}, {@loopback, 0x7}]}]}}}}}) sendmsg$nl_route(r3, &(0x7f0000000680)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000640)={&(0x7f0000000c00)=ANY=[@ANYBLOB="9c0000001800000228bd7000fedbdf250a10e708fdd4fe04001900007500088057bef88fb8619cc5110cf0c259fe65fbef22c29987556660c912e30a7741cc22c3fd6d8f2b711db32728031c6be0d68d94cfdde4aef17fa7c2dda246a328d8245467133ec24856dc441991d159d7a0bc2a29cb3830065015c6c3a1f32c40db083c8c5d3a8ecd946ec4664b9d823727118e00000008000400", @ANYRES32=r7, @ANYBLOB="5012ed18c34367d47792b75fc587686c496935b7e5ba91a90c7040d724058743ca5350be93f906bb3cd5cf8dd0bfe9bca49a93f3cf57756f50c2b9dfac0bbc37a1638fb2c54bc29637f7377d6eb5f3063f82dffc48be4d363ece683b3e7fbfe0b7746ecc2ce7775027053507d946204ff279f92be9b9c5c607fcba0db8b90eec2a00347bdaea10da2385a2d5ad2bebbc67"], 0x9c}}, 0x4001) sendmsg$OSF_MSG_REMOVE(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x1010}, 0xc, &(0x7f0000000280)={&(0x7f0000000980)={0x268, 0x1, 0x5, 0x201, 0x0, 0x0, {0xa, 0x0, 0x5}, [{{0x254, 0x1, {{0x1, 0x250ca229}, 0x2b, 0xf4, 0xff81, 0xd58, 0xf, 'syz1\x00', "c8964152e896bf8b176ad22f475ea664dd83bfc1c3fb6a51e9350860260ef4f6", "5f6f7fb654032605ab6d575f03f74d590a98a00d305c5f0bfe6c3d05992bc8e5", [{0x7fff, 0x5, {0x0, 0x5}}, {0xc1, 0x7, {0x3, 0x892}}, {0x9, 0x1d, {0x1, 0x8}}, {0x1, 0x6, {0x1, 0x2}}, {0x6, 0x2, {0x0, 0x4}}, {0x1a00, 0x3, {0x3, 0x26d}}, {0x69, 0x6, {0x1, 0xb}}, {0xffff, 0x80, {0x2, 0xff}}, {0x81, 0xeed, {0x2, 0x55fc}}, {0x1, 0x7f, {0x0, 0x7ff}}, {0x4, 0xa6, {0x2, 0x1}}, {0x2f, 0x2, {0x1, 0x7}}, {0x7, 0x1f5f, {0x3, 0x80}}, {0x6, 0x7, {0x1, 0xc6e}}, {0x5, 0x0, {0x1, 0xd}}, {0x7, 0xfff, {0x2, 0x1}}, {0x5, 0x1, {0x3, 0x9}}, {0x40, 0x2, {0x3, 0x5}}, {0x4da8, 0x8f09, {0x1, 0x4}}, {0x0, 0x20, {0x1, 0xa}}, {0x3, 0x2, {0x2, 0xe40}}, {0x729, 0x3, {0x0, 0x80000001}}, {0x6417, 0x8, {0x2, 0xfff}}, {0xff, 0x3984, {0x0, 0x1}}, {0x9, 0x5, {0x0, 0x8}}, {0x2, 0x5, {0x2, 0x3}}, {0x2, 0x5, {0x0, 0x1}}, {0x401, 0x2, {0x3, 0x3}}, {0x657f, 0xf5e, {0x1, 0x9}}, {0x8e59, 0x100, {0x3, 0x7ff}}, {0x9, 0x6, {0x0, 0xfff}}, {0x40, 0x80, {0x3, 0x8}}, {0x8, 0x6, {0x3, 0xfffffffe}}, {0x2, 0xd2b}, {0x9, 0x8, {0x2, 0x9}}, {0xfe0a, 0x1ff, {0x2}}, {0x8, 0xe, {0x0, 0x8}}, {0x7, 0x0, {0x1, 0x5e69}}, {0x4, 0x8, {0x1, 0x4}}, {0x0, 0x3, {0x2, 0x7ff000}}]}}}]}, 0x268}, 0x1, 0x0, 0x0, 0x48800}, 0x840) umount2(&(0x7f00000001c0)='./file0\x00', 0xc) sendmsg$IPCTNL_MSG_EXP_GET(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0}, 0x1, 0x0, 0x0, 0x8010}, 0x800) sendmsg$IPCTNL_MSG_CT_GET(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB="14000000010101870100000000000000000005"], 0x14}, 0x1, 0x0, 0x0, 0x10000880}, 0x4) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.108' (ED25519) to the list of known hosts. [ 89.736621][ T5825] cgroup: Unknown subsys name 'net' [ 90.041007][ T5825] cgroup: Unknown subsys name 'cpuset' [ 90.076230][ T5825] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 92.106640][ T5825] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 92.210403][ T992] cfg80211: failed to load regulatory.db [ 95.262324][ T5843] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 95.276102][ T5843] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 95.277344][ T5843] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 95.279392][ T5843] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 95.280446][ T5843] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 95.281699][ T5843] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 95.297903][ T5845] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 95.300653][ T5845] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 95.301675][ T5850] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 95.303041][ T5850] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 95.335459][ T5848] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 95.337939][ T5850] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 95.343025][ T5850] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 95.343565][ T5850] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 95.349282][ T5157] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 95.350652][ T5157] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 95.351231][ T5157] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 95.354400][ T5157] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 95.359065][ T5846] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 95.362773][ T5846] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 95.449459][ T5846] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 95.475467][ T5846] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 95.477358][ T5846] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 95.478631][ T5846] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 95.479756][ T5846] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 96.497562][ T5836] chnl_net:caif_netlink_parms(): no params data found [ 96.595148][ T5838] chnl_net:caif_netlink_parms(): no params data found [ 96.612674][ T5851] chnl_net:caif_netlink_parms(): no params data found [ 96.730489][ T5842] chnl_net:caif_netlink_parms(): no params data found [ 96.755565][ T5837] chnl_net:caif_netlink_parms(): no params data found [ 97.404904][ T5836] bridge0: port 1(bridge_slave_0) entered blocking state [ 97.407606][ T5846] Bluetooth: hci1: command tx timeout [ 97.407768][ T5846] Bluetooth: hci3: command tx timeout [ 97.416004][ T5836] bridge0: port 1(bridge_slave_0) entered disabled state [ 97.416759][ T5836] bridge_slave_0: entered allmulticast mode [ 97.425725][ T5836] bridge_slave_0: entered promiscuous mode [ 97.485698][ T5840] Bluetooth: hci2: command tx timeout [ 97.485891][ T5840] Bluetooth: hci0: command tx timeout [ 97.569753][ T5846] Bluetooth: hci4: command tx timeout [ 97.640416][ T5836] bridge0: port 2(bridge_slave_1) entered blocking state [ 97.640531][ T5836] bridge0: port 2(bridge_slave_1) entered disabled state [ 97.640733][ T5836] bridge_slave_1: entered allmulticast mode [ 97.642615][ T5836] bridge_slave_1: entered promiscuous mode [ 98.077124][ T5838] bridge0: port 1(bridge_slave_0) entered blocking state [ 98.077292][ T5838] bridge0: port 1(bridge_slave_0) entered disabled state [ 98.077487][ T5838] bridge_slave_0: entered allmulticast mode [ 98.080384][ T5838] bridge_slave_0: entered promiscuous mode [ 98.082131][ T5851] bridge0: port 1(bridge_slave_0) entered blocking state [ 98.082268][ T5851] bridge0: port 1(bridge_slave_0) entered disabled state [ 98.082447][ T5851] bridge_slave_0: entered allmulticast mode [ 98.084693][ T5851] bridge_slave_0: entered promiscuous mode [ 98.314047][ T5838] bridge0: port 2(bridge_slave_1) entered blocking state [ 98.314194][ T5838] bridge0: port 2(bridge_slave_1) entered disabled state [ 98.314398][ T5838] bridge_slave_1: entered allmulticast mode [ 98.324227][ T5838] bridge_slave_1: entered promiscuous mode [ 98.326535][ T5851] bridge0: port 2(bridge_slave_1) entered blocking state [ 98.326719][ T5851] bridge0: port 2(bridge_slave_1) entered disabled state [ 98.327323][ T5851] bridge_slave_1: entered allmulticast mode [ 98.330479][ T5851] bridge_slave_1: entered promiscuous mode [ 98.367946][ T5842] bridge0: port 1(bridge_slave_0) entered blocking state [ 98.368114][ T5842] bridge0: port 1(bridge_slave_0) entered disabled state [ 98.368341][ T5842] bridge_slave_0: entered allmulticast mode [ 98.371966][ T5842] bridge_slave_0: entered promiscuous mode [ 98.412501][ T5836] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 98.412835][ T5837] bridge0: port 1(bridge_slave_0) entered blocking state [ 98.412974][ T5837] bridge0: port 1(bridge_slave_0) entered disabled state [ 98.413147][ T5837] bridge_slave_0: entered allmulticast mode [ 98.417708][ T5837] bridge_slave_0: entered promiscuous mode [ 98.672200][ T5842] bridge0: port 2(bridge_slave_1) entered blocking state [ 98.672349][ T5842] bridge0: port 2(bridge_slave_1) entered disabled state [ 98.672609][ T5842] bridge_slave_1: entered allmulticast mode [ 98.687540][ T5842] bridge_slave_1: entered promiscuous mode [ 98.699806][ T5836] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 98.700475][ T5837] bridge0: port 2(bridge_slave_1) entered blocking state [ 98.700717][ T5837] bridge0: port 2(bridge_slave_1) entered disabled state [ 98.700932][ T5837] bridge_slave_1: entered allmulticast mode [ 98.719627][ T5837] bridge_slave_1: entered promiscuous mode [ 99.180333][ T5838] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 99.198125][ T5851] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 99.472096][ T5838] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 99.479920][ T5851] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 99.484700][ T5842] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 99.490510][ T5836] team0: Port device team_slave_0 added [ 99.495682][ T5846] Bluetooth: hci3: command tx timeout [ 99.495714][ T5846] Bluetooth: hci1: command tx timeout [ 99.502312][ T5837] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 99.565652][ T5840] Bluetooth: hci0: command tx timeout [ 99.565678][ T5846] Bluetooth: hci2: command tx timeout [ 99.646004][ T5846] Bluetooth: hci4: command tx timeout [ 99.670872][ T5842] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 99.673391][ T5836] team0: Port device team_slave_1 added [ 99.678711][ T5837] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 100.250070][ T5838] team0: Port device team_slave_0 added [ 100.252485][ T5851] team0: Port device team_slave_0 added [ 100.461267][ T5838] team0: Port device team_slave_1 added [ 100.464413][ T5851] team0: Port device team_slave_1 added [ 100.466955][ T5836] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 100.466974][ T5836] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 100.467004][ T5836] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 100.472637][ T5842] team0: Port device team_slave_0 added [ 100.488794][ T5837] team0: Port device team_slave_0 added [ 100.649087][ T5836] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 100.649105][ T5836] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 100.649133][ T5836] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 100.652121][ T5842] team0: Port device team_slave_1 added [ 100.655312][ T5837] team0: Port device team_slave_1 added [ 101.065597][ T5838] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 101.065611][ T5838] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 101.065630][ T5838] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 101.208525][ T5851] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 101.208546][ T5851] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 101.208574][ T5851] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 101.398951][ T5838] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 101.398970][ T5838] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 101.398999][ T5838] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 101.403419][ T5851] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 101.403438][ T5851] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 101.403467][ T5851] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 101.405173][ T5842] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 101.405187][ T5842] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 101.405215][ T5842] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 101.412505][ T5837] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 101.412525][ T5837] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 101.412558][ T5837] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 101.565573][ T5846] Bluetooth: hci1: command tx timeout [ 101.565606][ T5846] Bluetooth: hci3: command tx timeout [ 101.571063][ T5842] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 101.571083][ T5842] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 101.571114][ T5842] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 101.573083][ T5837] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 101.573100][ T5837] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 101.573130][ T5837] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 101.645660][ T5840] Bluetooth: hci2: command tx timeout [ 101.645669][ T5846] Bluetooth: hci0: command tx timeout [ 101.725825][ T5840] Bluetooth: hci4: command tx timeout [ 101.729770][ T5836] hsr_slave_0: entered promiscuous mode [ 101.731463][ T5836] hsr_slave_1: entered promiscuous mode [ 102.205072][ T5838] hsr_slave_0: entered promiscuous mode [ 102.212613][ T5838] hsr_slave_1: entered promiscuous mode [ 102.213706][ T5838] debugfs: 'hsr0' already exists in 'hsr' [ 102.213801][ T5838] Cannot create hsr debugfs directory [ 102.313741][ T5851] hsr_slave_0: entered promiscuous mode [ 102.314681][ T5851] hsr_slave_1: entered promiscuous mode [ 102.316905][ T5851] debugfs: 'hsr0' already exists in 'hsr' [ 102.316933][ T5851] Cannot create hsr debugfs directory [ 102.573164][ T5837] hsr_slave_0: entered promiscuous mode [ 102.574110][ T5837] hsr_slave_1: entered promiscuous mode [ 102.574805][ T5837] debugfs: 'hsr0' already exists in 'hsr' [ 102.574828][ T5837] Cannot create hsr debugfs directory [ 102.598830][ T5842] hsr_slave_0: entered promiscuous mode [ 102.600789][ T5842] hsr_slave_1: entered promiscuous mode [ 102.601725][ T5842] debugfs: 'hsr0' already exists in 'hsr' [ 102.601751][ T5842] Cannot create hsr debugfs directory [ 103.645700][ T5840] Bluetooth: hci3: command tx timeout [ 103.645736][ T5840] Bluetooth: hci1: command tx timeout [ 103.725565][ T5846] Bluetooth: hci2: command tx timeout [ 103.725601][ T5846] Bluetooth: hci0: command tx timeout [ 103.805770][ T5840] Bluetooth: hci4: command tx timeout [ 104.398065][ T5836] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 104.429730][ T5836] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 104.468943][ T5836] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 104.521421][ T5836] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 104.658356][ T5838] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 104.698627][ T5838] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 104.742233][ T5838] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 104.793676][ T5838] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 104.962267][ T5837] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 104.998363][ T5837] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 105.033583][ T5837] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 105.123159][ T5837] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 105.301873][ T5851] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 105.361000][ T5851] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 105.414930][ T5851] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 105.459785][ T5851] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 105.584034][ T5836] 8021q: adding VLAN 0 to HW filter on device bond0 [ 105.665009][ T5842] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 105.712632][ T5842] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 105.751209][ T5842] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 105.791325][ T5842] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 105.842323][ T5836] 8021q: adding VLAN 0 to HW filter on device team0 [ 105.894899][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 105.895604][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 105.952065][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 105.952224][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 106.001087][ T5838] 8021q: adding VLAN 0 to HW filter on device bond0 [ 106.125365][ T5838] 8021q: adding VLAN 0 to HW filter on device team0 [ 106.202019][ T5837] 8021q: adding VLAN 0 to HW filter on device bond0 [ 106.222029][ T67] bridge0: port 1(bridge_slave_0) entered blocking state [ 106.222265][ T67] bridge0: port 1(bridge_slave_0) entered forwarding state [ 106.267876][ T1490] bridge0: port 2(bridge_slave_1) entered blocking state [ 106.268006][ T1490] bridge0: port 2(bridge_slave_1) entered forwarding state [ 106.353677][ T5837] 8021q: adding VLAN 0 to HW filter on device team0 [ 106.403425][ T5851] 8021q: adding VLAN 0 to HW filter on device bond0 [ 106.454526][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 106.454753][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 106.494650][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 106.494861][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 106.661913][ T5851] 8021q: adding VLAN 0 to HW filter on device team0 [ 106.694810][ T5842] 8021q: adding VLAN 0 to HW filter on device bond0 [ 106.731104][ T4280] bridge0: port 1(bridge_slave_0) entered blocking state [ 106.731379][ T4280] bridge0: port 1(bridge_slave_0) entered forwarding state [ 106.807846][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 106.808001][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 106.897580][ T5842] 8021q: adding VLAN 0 to HW filter on device team0 [ 106.936691][ T5836] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 106.952546][ T796] bridge0: port 1(bridge_slave_0) entered blocking state [ 106.953361][ T796] bridge0: port 1(bridge_slave_0) entered forwarding state [ 107.041032][ T3131] bridge0: port 2(bridge_slave_1) entered blocking state [ 107.041185][ T3131] bridge0: port 2(bridge_slave_1) entered forwarding state [ 107.375047][ T5838] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 107.483656][ T5836] veth0_vlan: entered promiscuous mode [ 107.576647][ T5836] veth1_vlan: entered promiscuous mode [ 107.681289][ T5837] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 107.799720][ T5838] veth0_vlan: entered promiscuous mode [ 107.854238][ T5836] veth0_macvtap: entered promiscuous mode [ 107.870708][ T5838] veth1_vlan: entered promiscuous mode [ 107.904737][ T5836] veth1_macvtap: entered promiscuous mode [ 107.933045][ T5851] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 108.022057][ T5836] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 108.049082][ T5837] veth0_vlan: entered promiscuous mode [ 108.067585][ T5836] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 108.123293][ T5842] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 108.145746][ T67] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 108.152480][ T5837] veth1_vlan: entered promiscuous mode [ 108.154484][ T67] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 108.180331][ T5838] veth0_macvtap: entered promiscuous mode [ 108.186554][ T67] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 108.209153][ T67] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 108.250948][ T5838] veth1_macvtap: entered promiscuous mode [ 108.435757][ T5851] veth0_vlan: entered promiscuous mode [ 108.542254][ T5838] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 108.628476][ T5838] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 108.629415][ T5851] veth1_vlan: entered promiscuous mode [ 108.693947][ T5837] veth0_macvtap: entered promiscuous mode [ 108.743231][ T796] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 108.748794][ T5837] veth1_macvtap: entered promiscuous mode [ 108.753675][ T796] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 108.763204][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 108.763232][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 108.791515][ T796] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 108.822675][ T796] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 109.004842][ T3587] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 109.004865][ T3587] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 109.031266][ T5837] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 109.169822][ T5837] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 109.170851][ T5851] veth0_macvtap: entered promiscuous mode [ 109.260653][ T13] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 109.286891][ T5851] veth1_macvtap: entered promiscuous mode [ 109.310053][ T13] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 109.346724][ T13] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 109.349685][ T5842] veth0_vlan: entered promiscuous mode [ 109.359375][ T67] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 109.359399][ T67] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 109.373417][ T3131] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 109.556904][ T5842] veth1_vlan: entered promiscuous mode [ 109.601609][ T67] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 109.601633][ T67] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 109.630392][ T5851] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 109.756789][ T5851] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 109.892716][ T3587] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 109.909265][ T3587] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 109.921946][ T3587] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 109.947030][ T5962] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 109.976909][ T3587] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 109.982324][ T1516] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 109.982347][ T1516] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 110.114964][ T5842] veth0_macvtap: entered promiscuous mode [ 110.173079][ T5965] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 110.190762][ T5965] netlink: 8 bytes leftover after parsing attributes in process `syz.3.6'. [ 110.393794][ T5965] syz_tun: entered promiscuous mode [ 110.531453][ T5842] veth1_macvtap: entered promiscuous mode [ 110.544299][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 110.544319][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 110.878824][ T5842] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 110.954478][ T5842] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 111.143547][ T13] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 111.175931][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 111.175954][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 111.177045][ T3131] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 111.180547][ T3131] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 111.181149][ T3131] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 111.451656][ T5971] binder_alloc: 5970: pid 5970 spamming oneway? 1 buffers allocated for a total size of 4096 [ 111.463270][ T5971] binder_alloc: 5970: pid 5970 spamming oneway? 2 buffers allocated for a total size of 5120 [ 111.816777][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 111.839952][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 111.845627][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 111.933954][ T796] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 111.933971][ T796] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 111.955845][ T9] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 112.145036][ T9] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 112.145089][ T9] usb 2-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1024 [ 112.179736][ T9] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 112.179769][ T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 112.179790][ T9] usb 2-1: Product: syz [ 112.179804][ T9] usb 2-1: Manufacturer: syz [ 112.179818][ T9] usb 2-1: SerialNumber: syz [ 112.425849][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 112.425927][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 112.426103][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 112.694339][ T5971] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 112.855446][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 112.935105][ T9] cdc_ncm 2-1:1.0: bind() failure [ 113.047161][ T9] cdc_ncm 2-1:1.1: probe with driver cdc_ncm failed with error -71 [ 113.048105][ T9] cdc_mbim 2-1:1.1: probe with driver cdc_mbim failed with error -71 [ 113.051405][ T9] usbtest 2-1:1.1: probe with driver usbtest failed with error -71 [ 113.152262][ T9] usb 2-1: USB disconnect, device number 2 [ 113.285480][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 113.285911][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 113.286417][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 113.491539][ T3131] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 113.491557][ T3131] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 114.267883][ T44] usb 2-1: new full-speed USB device number 3 using dummy_hcd [ 114.288517][ T43] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 114.288532][ T43] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 114.435263][ T44] usb 2-1: config 5 has an invalid interface number: 3 but max is 0 [ 114.435292][ T44] usb 2-1: config 5 has no interface number 0 [ 114.452141][ T44] usb 2-1: New USB device found, idVendor=09fb, idProduct=602a, bcdDevice=fd.36 [ 114.452174][ T44] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 114.452195][ T44] usb 2-1: Product: syz [ 114.452210][ T44] usb 2-1: Manufacturer: syz [ 114.452226][ T44] usb 2-1: SerialNumber: syz [ 114.582114][ T44] ftdi_sio 2-1:5.3: FTDI USB Serial Device converter detected [ 114.584458][ T44] ftdi_sio ttyUSB0: unknown device type: 0xfd36 [ 114.763210][ T5981] netlink: 4 bytes leftover after parsing attributes in process `syz.1.8'. [ 114.780347][ T5981] erspan0: entered promiscuous mode [ 114.780381][ T5981] erspan0: entered allmulticast mode [ 117.118395][ T44] usb 2-1: USB disconnect, device number 3 [ 117.219195][ T44] ftdi_sio 2-1:5.3: device disconnected [ 117.573502][ C0] vcan0: j1939_tp_rxtimer: 0xffff888036c1f000: rx timeout, send abort [ 117.575570][ C0] vcan0: j1939_tp_rxtimer: 0xffff888036c1f400: rx timeout, send abort [ 117.575850][ C0] vcan0: j1939_xtp_rx_abort_one: 0xffff888036c1f000: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 117.576877][ C0] vcan0: j1939_xtp_rx_abort_one: 0xffff888036c1f400: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 126.239193][ T6079] input: syz1 as /devices/virtual/input/input5 [ 126.463114][ T6078] netlink: 'syz.3.22': attribute type 1 has an invalid length. [ 127.995849][ T10] usb 1-1: new full-speed USB device number 2 using dummy_hcd [ 131.784373][ T6128] IPVS: sync thread started: state = MASTER, mcast_ifn = ip6tnl0, syncid = 3, id = 0 [ 132.562522][ T6122] mmap: syz.0.29 (6122) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 134.243425][ T6156] netlink: 'syz.4.40': attribute type 7 has an invalid length. [ 134.243449][ T6156] netlink: 'syz.4.40': attribute type 8 has an invalid length. [ 134.700304][ T6163] tun0: tun_chr_ioctl cmd 1074025675 [ 134.700321][ T6163] tun0: persist enabled [ 134.700454][ T6163] tun0: tun_chr_ioctl cmd 1074025675 [ 134.700465][ T6163] tun0: persist disabled [ 134.867808][ T6163] netlink: 'syz.2.43': attribute type 1 has an invalid length. [ 134.867824][ T6163] netlink: 'syz.2.43': attribute type 2 has an invalid length. [ 134.876365][ T6163] Zero length message leads to an empty skb [ 135.265548][ T44] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 135.441977][ T44] usb 3-1: config 86 has an invalid interface number: 125 but max is 1 [ 135.442007][ T44] usb 3-1: config 86 has an invalid interface descriptor of length 5, skipping [ 135.442027][ T44] usb 3-1: config 86 has 1 interface, different from the descriptor's value: 2 [ 135.442048][ T44] usb 3-1: config 86 has no interface number 0 [ 135.442103][ T44] usb 3-1: config 86 interface 125 altsetting 7 has 0 endpoint descriptors, different from the interface descriptor's value: 13 [ 135.442123][ T44] usb 3-1: config 86 interface 125 has no altsetting 0 [ 135.448703][ T44] usb 3-1: New USB device found, idVendor=0bb4, idProduct=0a44, bcdDevice= a.45 [ 135.448739][ T44] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 135.448760][ T44] usb 3-1: Product: 쟣蝖驢趫噑놵秷묮年⧲凉섢肁晒籨膿Ꭵ熡穆밒⬫ର⸣鏗襥ᛤ⛡璺墫攘Ɯ䊝箰쇊㵒 [ 135.448791][ T44] usb 3-1: Manufacturer: 笌↏밠面㐉贩㨟⧨Ꭳ녢錙텋꫎뵸﹈鎠렊│₷骑㦤㹘뎩⪲ﺊꞄ靴ꍿ㼘랾 [ 135.448813][ T44] usb 3-1: SerialNumber: 뇩䭕넞붙벻輭Ȃ䓊蜎샄灈엂Ꮅ錅暑웟쓅㌢陋훇鰴谻⾭꧉琔棝굒㮑匷績둴ᨽ═㮺ハ [ 135.859933][ T44] usb 3-1: USB disconnect, device number 2 [ 135.909283][ T5986] udevd[5986]: setting mode of /dev/bus/usb/003/002 to 020664 failed: No such file or directory [ 135.909496][ T5986] udevd[5986]: setting owner of /dev/bus/usb/003/002 to uid=0, gid=0 failed: No such file or directory [ 137.208408][ T6180] tipc: Started in network mode [ 137.208442][ T6180] tipc: Node identity 320981a2aef7, cluster identity 4711 [ 137.212060][ T6180] tipc: Enabled bearer , priority 0 [ 137.212780][ T6180] syzkaller0: entered promiscuous mode [ 137.212798][ T6180] syzkaller0: entered allmulticast mode [ 137.536950][ T6182] tipc: Resetting bearer [ 137.622278][ T6179] tipc: Resetting bearer [ 137.906643][ T6179] tipc: Disabling bearer [ 138.303652][ T1320] ieee802154 phy0 wpan0: encryption failed: -22 [ 138.303756][ T1320] ieee802154 phy1 wpan1: encryption failed: -22 [ 138.315768][ T37] audit: type=1326 audit(1759017471.605:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6202 comm="syz.4.58" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7efe9d54eec9 code=0x0 [ 138.380274][ T6206] netlink: 92 bytes leftover after parsing attributes in process `syz.4.58'. [ 138.380310][ T6206] netlink: 56 bytes leftover after parsing attributes in process `syz.4.58'. [ 138.443670][ T6207] kAFS: unable to lookup cell '' [ 138.573443][ T6210] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(11) [ 138.573471][ T6210] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 138.620047][ T6210] vhci_hcd vhci_hcd.0: Device attached [ 138.642793][ T6213] vhci_hcd vhci_hcd.0: pdev(0) rhport(1) sockfd(13) [ 138.642824][ T6213] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 138.642879][ T6213] vhci_hcd vhci_hcd.0: Device attached [ 138.678947][ T6196] syz.1.56 (6196) used greatest stack depth: 18008 bytes left [ 138.753942][ T6210] vhci_hcd vhci_hcd.0: pdev(0) rhport(2) sockfd(16) [ 138.753974][ T6210] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 138.774383][ T6210] vhci_hcd vhci_hcd.0: Device attached [ 138.776765][ T6210] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 138.823569][ T6210] vhci_hcd vhci_hcd.0: pdev(0) rhport(4) sockfd(20) [ 138.823598][ T6210] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 138.823696][ T6210] vhci_hcd vhci_hcd.0: Device attached [ 138.855885][ T10] usb 33-1: new low-speed USB device number 2 using vhci_hcd [ 138.866842][ T6210] vhci_hcd vhci_hcd.0: pdev(0) rhport(5) sockfd(22) [ 138.866877][ T6210] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 138.866985][ T6210] vhci_hcd vhci_hcd.0: Device attached [ 138.895628][ T6210] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 139.040328][ T6221] vhci_hcd: connection closed [ 139.045611][ T6218] vhci_hcd: connection closed [ 139.054071][ T6214] vhci_hcd: connection closed [ 139.054145][ T67] vhci_hcd: stop threads [ 139.054756][ T67] vhci_hcd: release socket [ 139.102524][ T67] vhci_hcd: disconnect device [ 139.110507][ T67] vhci_hcd: stop threads [ 139.110526][ T67] vhci_hcd: release socket [ 139.110605][ T67] vhci_hcd: disconnect device [ 139.110763][ T67] vhci_hcd: stop threads [ 139.110772][ T67] vhci_hcd: release socket [ 139.110833][ T67] vhci_hcd: disconnect device [ 139.154811][ T6211] vhci_hcd: connection reset by peer [ 139.161871][ T67] vhci_hcd: stop threads [ 139.161890][ T67] vhci_hcd: release socket [ 139.163081][ T67] vhci_hcd: disconnect device [ 139.215420][ T6224] vhci_hcd: connection closed [ 139.215721][ T796] vhci_hcd: stop threads [ 139.215739][ T796] vhci_hcd: release socket [ 139.215813][ T796] vhci_hcd: disconnect device [ 140.913925][ T9] IPVS: starting estimator thread 0... [ 141.005933][ T6264] IPVS: using max 10 ests per chain, 24000 per kthread [ 141.155649][ T5930] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 141.285662][ T5930] usb 4-1: device descriptor read/64, error -71 [ 141.557129][ T5930] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 141.726956][ T5930] usb 4-1: device descriptor read/64, error -71 [ 141.840195][ T5930] usb usb4-port1: attempt power cycle [ 141.875585][ T44] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 142.027676][ T44] usb 2-1: config index 0 descriptor too short (expected 45, got 36) [ 142.027724][ T44] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 142.027743][ T44] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 142.027761][ T44] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 142.027779][ T44] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 142.027809][ T44] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 142.027826][ T44] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 142.129172][ T44] usb 2-1: config 0 descriptor?? [ 142.170243][ T6270] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 142.276986][ T5930] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 142.311639][ T5930] usb 4-1: device descriptor read/8, error -71 [ 142.545648][ T5930] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 142.572098][ T5930] usb 4-1: device descriptor read/8, error -71 [ 142.674827][ T44] plantronics 0003:047F:FFFF.0001: reserved main item tag 0xd [ 142.689314][ T5930] usb usb4-port1: unable to enumerate USB device [ 142.848717][ T44] plantronics 0003:047F:FFFF.0001: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 143.147803][ T5930] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 143.173622][ T6269] delete_channel: no stack [ 143.184976][ T5929] usb 2-1: USB disconnect, device number 4 [ 143.236484][ T5930] hid-generic 0000:0000:0000.0002: hidraw1: HID v0.00 Device [syz1] on syz0 [ 143.456558][ T6284] fido_id[6284]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory [ 143.985911][ T10] vhci_hcd: vhci_device speed not set [ 144.835557][ T5929] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 144.985574][ T5929] usb 5-1: Using ep0 maxpacket: 32 [ 144.994959][ T5929] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 144.994987][ T5929] usb 5-1: config 0 has no interfaces? [ 144.995019][ T5929] usb 5-1: New USB device found, idVendor=9022, idProduct=d662, bcdDevice=b3.0e [ 144.995043][ T5929] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 145.054125][ T5929] usb 5-1: config 0 descriptor?? [ 145.238209][ T6308] netlink: 8 bytes leftover after parsing attributes in process `syz.0.91'. [ 145.282200][ T5930] usb 5-1: USB disconnect, device number 2 [ 145.689561][ T6313] netlink: 'syz.2.94': attribute type 5 has an invalid length. [ 146.257658][ T6330] netlink: 68 bytes leftover after parsing attributes in process `syz.1.101'. [ 146.299869][ T10] usb 3-1: new full-speed USB device number 3 using dummy_hcd [ 146.463906][ T10] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 146.463935][ T10] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 146.463990][ T10] usb 3-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8 [ 146.464015][ T10] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 146.547425][ T10] usb 3-1: config 0 descriptor?? [ 146.610821][ T10] dvb-usb: found a 'Artec T1 USB2.0' in warm state. [ 146.611197][ T10] dvb-usb: bulk message failed: -22 (3/0) [ 146.727770][ T10] dvb-usb: will use the device's hardware PID filter (table count: 16). [ 146.731423][ T10] dvbdev: DVB: registering new adapter (Artec T1 USB2.0) [ 146.731512][ T10] usb 3-1: media controller created [ 146.802661][ T10] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 146.829134][ T6325] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 146.836309][ T6325] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 146.944698][ T10] dvb-usb: bulk message failed: -22 (6/0) [ 146.944821][ T10] dvb-usb: no frontend was attached by 'Artec T1 USB2.0' [ 146.946062][ T6274] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 146.988481][ T10] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.2/usb3/3-1/input/input7 [ 147.032025][ T10] dvb-usb: schedule remote query interval to 150 msecs. [ 147.032052][ T10] dvb-usb: Artec T1 USB2.0 successfully initialized and connected. [ 147.057201][ T10] usb 3-1: USB disconnect, device number 3 [ 147.108304][ T6274] usb 2-1: config index 0 descriptor too short (expected 39, got 27) [ 147.108366][ T6274] usb 2-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 147.108391][ T6274] usb 2-1: config 0 interface 0 has no altsetting 0 [ 147.118615][ T6274] usb 2-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 147.118650][ T6274] usb 2-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 147.118676][ T6274] usb 2-1: Product: syz [ 147.118694][ T6274] usb 2-1: Manufacturer: syz [ 147.118709][ T6274] usb 2-1: SerialNumber: syz [ 147.177793][ T5913] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 147.203567][ T6274] usb 2-1: config 0 descriptor?? [ 147.304883][ T6274] hub 2-1:0.0: bad descriptor, ignoring hub [ 147.304925][ T6274] hub 2-1:0.0: probe with driver hub failed with error -5 [ 147.343660][ T6274] usb 2-1: selecting invalid altsetting 0 [ 147.345578][ T5913] usb 5-1: Using ep0 maxpacket: 32 [ 147.367644][ T5913] usb 5-1: config index 0 descriptor too short (expected 29220, got 36) [ 147.367677][ T5913] usb 5-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 147.367698][ T5913] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 147.367753][ T5913] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 147.367777][ T5913] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 147.367803][ T5913] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 147.367848][ T5913] usb 5-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 147.367871][ T5913] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 147.529722][ T6350] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 147.560979][ T5913] usb 5-1: config 0 descriptor?? [ 147.875080][ T5913] usblp 5-1:0.0: usblp0: USB Bidirectional printer dev 3 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 147.914533][ T10] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected. [ 148.018391][ T5913] usb 5-1: USB disconnect, device number 3 [ 148.107115][ T6361] netlink: 12 bytes leftover after parsing attributes in process `syz.2.112'. [ 148.107233][ T6361] netlink: 20 bytes leftover after parsing attributes in process `syz.2.112'. [ 148.424772][ T5913] usblp0: removed [ 148.886914][ T5913] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 149.027244][ T6274] usb 2-1: reset high-speed USB device number 5 using dummy_hcd [ 149.046148][ T5913] usb 5-1: Using ep0 maxpacket: 32 [ 149.051945][ T5913] usb 5-1: config index 0 descriptor too short (expected 29220, got 36) [ 149.051975][ T5913] usb 5-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 149.051997][ T5913] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 149.052052][ T5913] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 149.052075][ T5913] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 149.052108][ T5913] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 149.052152][ T5913] usb 5-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 149.052177][ T5913] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 149.193399][ T5913] usb 5-1: config 0 descriptor?? [ 149.365589][ T6274] usb 2-1: device descriptor read/64, error -71 [ 149.457455][ T5913] usblp 5-1:0.0: usblp0: USB Bidirectional printer dev 4 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 149.635650][ T6274] usb 2-1: reset high-speed USB device number 5 using dummy_hcd [ 149.731752][ T31] usb 5-1: USB disconnect, device number 4 [ 149.820498][ T31] usblp0: removed [ 150.671869][ T6389] syz.0.120 uses obsolete (PF_INET,SOCK_PACKET) [ 150.764677][ T6274] usb 2-1: USB disconnect, device number 5 [ 151.303285][ T6392] syz.0.120 (6392) used greatest stack depth: 16760 bytes left [ 151.389861][ T6397] process 'syz.2.124' launched '/dev/fd/3' with NULL argv: empty string added [ 151.947949][ T5977] udevd[5977]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 152.318649][ T6410] netlink: 'syz.2.129': attribute type 16 has an invalid length. [ 152.318674][ T6410] netlink: 'syz.2.129': attribute type 17 has an invalid length. [ 152.414825][ T6409] bridge0: port 1(bridge_slave_0) entered disabled state [ 152.428545][ T6409] bridge0: port 2(bridge_slave_1) entered disabled state [ 152.799932][ T6410] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 152.931271][ T6421] tipc: Started in network mode [ 152.931302][ T6421] tipc: Node identity baebb9aa46cf, cluster identity 4711 [ 152.931515][ T6421] tipc: Enabled bearer , priority 0 [ 152.992556][ T6423] syzkaller0: entered promiscuous mode [ 152.992588][ T6423] syzkaller0: entered allmulticast mode [ 153.395185][ T6421] tipc: Resetting bearer [ 153.400957][ T6417] syzkaller1: entered promiscuous mode [ 153.400994][ T6417] syzkaller1: entered allmulticast mode [ 153.948381][ T6274] tipc: Node number set to 4230265258 [ 154.243853][ T6413] tipc: Resetting bearer [ 154.577366][ T6413] tipc: Disabling bearer [ 158.857316][ T6490] netlink: 'syz.0.153': attribute type 16 has an invalid length. [ 158.857340][ T6490] netlink: 'syz.0.153': attribute type 17 has an invalid length. [ 159.038794][ T6494] netlink: 8 bytes leftover after parsing attributes in process `syz.3.154'. [ 159.038816][ T6494] netlink: 'syz.3.154': attribute type 7 has an invalid length. [ 159.135165][ T6490] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 159.666903][ T6500] netlink: 'syz.0.157': attribute type 10 has an invalid length. [ 160.005582][ T31] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 160.206896][ T6500] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 160.213589][ T31] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 160.213624][ T31] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 160.213652][ T31] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 160.213675][ T31] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 160.213720][ T31] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 160.213743][ T31] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 160.259088][ T31] usb 4-1: config 0 descriptor?? [ 160.397910][ T796] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 160.397927][ T796] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 160.797581][ T31] plantronics 0003:047F:FFFF.0003: ignoring exceeding usage max [ 160.846203][ T31] plantronics 0003:047F:FFFF.0003: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 161.319234][ T6513] tipc: Started in network mode [ 161.319247][ T6513] tipc: Node identity , cluster identity 4711 [ 161.319258][ T6513] tipc: Failed to obtain node identity [ 161.319278][ T6513] tipc: Enabling of bearer rejected, failed to enable media [ 161.320192][ T6513] syzkaller0: entered promiscuous mode [ 161.320210][ T6513] syzkaller0: entered allmulticast mode [ 162.446096][ T6527] netlink: 'syz.1.168': attribute type 16 has an invalid length. [ 162.446120][ T6527] netlink: 'syz.1.168': attribute type 17 has an invalid length. [ 162.554903][ T6527] erspan0: left promiscuous mode [ 162.554936][ T6527] erspan0: left allmulticast mode [ 162.805165][ T6532] af_packet: tpacket_rcv: packet too big, clamped from 28 to 4294967272. macoff=96 [ 162.838875][ T6527] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 162.920059][ T5930] usb 4-1: USB disconnect, device number 6 [ 163.074715][ T6538] (unnamed net_device) (uninitialized): option arp_interval: invalid value (18446744073709551615) [ 163.074743][ T6538] (unnamed net_device) (uninitialized): option arp_interval: allowed values 0 - 2147483647 [ 163.095994][ T6044] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 163.248154][ T6044] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 163.248185][ T6044] usb 1-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 163.248206][ T6044] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 163.248260][ T6044] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9 [ 163.248354][ T6044] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024 [ 163.252892][ T6044] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 163.252924][ T6044] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 163.252946][ T6044] usb 1-1: Product: syz [ 163.252961][ T6044] usb 1-1: Manufacturer: syz [ 163.401311][ T6044] cdc_wdm 1-1:1.0: skipping garbage [ 163.401332][ T6044] cdc_wdm 1-1:1.0: skipping garbage [ 163.454943][ T6044] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 163.454978][ T6044] cdc_wdm 1-1:1.0: Unknown control protocol [ 166.903699][ T6274] usb 1-1: USB disconnect, device number 3 [ 167.624388][ T6576] netlink: 'syz.0.184': attribute type 16 has an invalid length. [ 167.624409][ T6576] netlink: 'syz.0.184': attribute type 17 has an invalid length. [ 167.871831][ T6576] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 172.708010][ T6629] netlink: 'syz.4.201': attribute type 16 has an invalid length. [ 172.708032][ T6629] netlink: 'syz.4.201': attribute type 17 has an invalid length. [ 173.124778][ T6629] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 173.132327][ T6633] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 173.996841][ T6274] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 174.148224][ T6274] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 174.148251][ T6274] usb 5-1: config 0 has no interfaces? [ 174.148283][ T6274] usb 5-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 174.148307][ T6274] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 174.222483][ T6274] usb 5-1: config 0 descriptor?? [ 174.649724][ T6655] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 174.650838][ T6655] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 176.151202][ T6274] usb 4-1: new low-speed USB device number 7 using dummy_hcd [ 176.357639][ T6274] usb 4-1: unable to get BOS descriptor or descriptor too short [ 176.360224][ T6274] usb 4-1: config 127 has an invalid interface number: 106 but max is 0 [ 176.360253][ T6274] usb 4-1: config 127 has no interface number 0 [ 176.360305][ T6274] usb 4-1: config 127 interface 106 altsetting 8 endpoint 0xF has invalid wMaxPacketSize 0 [ 176.360329][ T6274] usb 4-1: config 127 interface 106 has no altsetting 0 [ 176.422358][ T6274] usb 4-1: string descriptor 0 read error: -22 [ 176.422547][ T6274] usb 4-1: New USB device found, idVendor=0403, idProduct=e80a, bcdDevice= 0.b8 [ 176.422572][ T6274] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 176.461328][ T6274] ftdi_sio 4-1:127.106: FTDI USB Serial Device converter detected [ 176.462605][ T6274] usb 4-1: Detected SIO [ 176.462617][ T6274] ftdi_sio ttyUSB0: Overriding wMaxPacketSize on endpoint 15 [ 176.487024][ T6274] usb 4-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 177.435057][ T6679] netlink: 'syz.2.215': attribute type 16 has an invalid length. [ 177.435074][ T6679] netlink: 'syz.2.215': attribute type 17 has an invalid length. [ 177.510918][ T6679] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 179.729540][ T5930] usb 4-1: USB disconnect, device number 7 [ 179.856626][ T5913] usb 5-1: USB disconnect, device number 5 [ 179.879218][ T5930] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 179.915750][ T5930] ftdi_sio 4-1:127.106: device disconnected [ 180.392321][ T6707] netlink: 'syz.1.226': attribute type 16 has an invalid length. [ 180.392348][ T6707] netlink: 'syz.1.226': attribute type 17 has an invalid length. [ 180.653612][ T6710] bridge0: port 1(bridge_slave_0) entered disabled state [ 180.673987][ T6710] bridge0: port 2(bridge_slave_1) entered disabled state [ 181.595539][ T6707] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 185.252756][ T6766] netlink: 'syz.3.245': attribute type 16 has an invalid length. [ 185.252779][ T6766] netlink: 'syz.3.245': attribute type 17 has an invalid length. [ 185.502264][ T6762] bridge0: port 1(bridge_slave_0) entered disabled state [ 185.537418][ T6762] bridge0: port 2(bridge_slave_1) entered disabled state [ 186.075621][ T6766] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 186.886028][ T6802] netlink: 12 bytes leftover after parsing attributes in process `syz.2.262'. [ 187.122015][ T6805] binder_alloc: 6804: pid 6804 spamming oneway? 1 buffers allocated for a total size of 4096 [ 187.540325][ T6812] netlink: 'syz.2.266': attribute type 16 has an invalid length. [ 187.540349][ T6812] netlink: 'syz.2.266': attribute type 17 has an invalid length. [ 187.687001][ T6812] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 188.087647][ T6822] bond_slave_0: entered promiscuous mode [ 188.087710][ T6822] bond_slave_1: entered promiscuous mode [ 188.095861][ T6822] vlan2: entered promiscuous mode [ 188.095886][ T6822] bond0: entered promiscuous mode [ 188.523829][ T6831] netlink: 12 bytes leftover after parsing attributes in process `syz.4.274'. [ 188.726877][ T6833] binder_alloc: 6832: pid 6832 spamming oneway? 1 buffers allocated for a total size of 4096 [ 190.345980][ T6861] netlink: 12 bytes leftover after parsing attributes in process `syz.4.288'. [ 191.796617][ T6888] netlink: 12 bytes leftover after parsing attributes in process `syz.2.301'. [ 193.056613][ T6915] netlink: 12 bytes leftover after parsing attributes in process `syz.1.313'. [ 194.116691][ T6934] netlink: 188 bytes leftover after parsing attributes in process `syz.1.318'. [ 194.484007][ T6935] ptrace attach of "./syz-executor exec"[5836] was attempted by "./syz-executor exec"[6935] [ 194.867942][ T37] audit: type=1326 audit(1759017528.155:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6903 comm="syz.3.308" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb58ee6eec9 code=0x7ffc0000 [ 194.995559][ T37] audit: type=1326 audit(1759017528.225:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6903 comm="syz.3.308" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb58ee6eec9 code=0x7ffc0000 [ 196.237397][ T6951] 9pnet_fd: Insufficient options for proto=fd [ 196.613289][ T6955] netlink: 12 bytes leftover after parsing attributes in process `syz.2.325'. [ 198.293712][ T6979] 9pnet_fd: Insufficient options for proto=fd [ 198.345995][ T6980] netlink: 'syz.2.334': attribute type 16 has an invalid length. [ 198.346029][ T6980] netlink: 'syz.2.334': attribute type 17 has an invalid length. [ 198.677681][ T6980] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 199.734084][ T1320] ieee802154 phy0 wpan0: encryption failed: -22 [ 199.734398][ T1320] ieee802154 phy1 wpan1: encryption failed: -22 [ 200.112922][ T7010] vxcan1: tx address claim with different name [ 200.854718][ T7021] netlink: 'syz.4.353': attribute type 16 has an invalid length. [ 200.854742][ T7021] netlink: 'syz.4.353': attribute type 17 has an invalid length. [ 201.062724][ T7021] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 201.718242][ T7034] tun0: tun_chr_ioctl cmd 1074025675 [ 201.718265][ T7034] tun0: persist enabled [ 201.718485][ T7034] tun0: tun_chr_ioctl cmd 1074025675 [ 201.718500][ T7034] tun0: persist disabled [ 201.728552][ T7030] netlink: 'syz.2.357': attribute type 1 has an invalid length. [ 201.728577][ T7030] netlink: 'syz.2.357': attribute type 2 has an invalid length. [ 203.203895][ T7055] netlink: 'syz.3.367': attribute type 16 has an invalid length. [ 203.203918][ T7055] netlink: 'syz.3.367': attribute type 17 has an invalid length. [ 203.314794][ T7055] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 203.452926][ T7058] binder: BINDER_SET_CONTEXT_MGR already set [ 203.452943][ T7058] binder: 7057:7058 ioctl 4018620d 200000000040 returned -16 [ 204.642938][ T7086] netlink: 'syz.3.381': attribute type 16 has an invalid length. [ 204.642962][ T7086] netlink: 'syz.3.381': attribute type 17 has an invalid length. [ 204.895718][ T7086] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 204.975540][ T10] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 205.145534][ T10] usb 5-1: Using ep0 maxpacket: 32 [ 205.151739][ T10] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 8 [ 205.151791][ T10] usb 5-1: New USB device found, idVendor=056e, idProduct=00fe, bcdDevice= 0.00 [ 205.151816][ T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 205.182033][ T10] usb 5-1: config 0 descriptor?? [ 205.636815][ T10] elecom 0003:056E:00FE.0004: item fetching failed at offset 2/5 [ 205.637555][ T10] elecom 0003:056E:00FE.0004: probe with driver elecom failed with error -22 [ 206.851055][ T5929] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 206.851095][ T5929] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 206.851122][ T5929] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 206.851149][ T5929] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 206.851185][ T5929] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 206.851212][ T5929] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 206.851238][ T5929] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 206.851265][ T5929] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 206.851291][ T5929] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 206.851317][ T5929] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 206.952837][ T7115] ptrace attach of "./syz-executor exec"[5851] was attempted by "./syz-executor exec"[7115] [ 206.986565][ T5929] hid-generic 0000:0000:0000.0005: hidraw0: HID v0.03 Device [syz1] on syz1 [ 207.197634][ T37] audit: type=1326 audit(1759017540.485:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7088 comm="syz.0.383" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f668bf2eec9 code=0x7ffc0000 [ 207.197691][ T37] audit: type=1326 audit(1759017540.485:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7088 comm="syz.0.383" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f668bf2eec9 code=0x7ffc0000 [ 207.197738][ T37] audit: type=1326 audit(1759017540.495:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7088 comm="syz.0.383" exe="/root/syz-executor" sig=0 arch=c000003e syscall=160 compat=0 ip=0x7f668bf2eec9 code=0x7ffc0000 [ 207.197783][ T37] audit: type=1326 audit(1759017540.495:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7088 comm="syz.0.383" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f668bf2eec9 code=0x7ffc0000 [ 207.197839][ T37] audit: type=1326 audit(1759017540.495:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7088 comm="syz.0.383" exe="/root/syz-executor" sig=0 arch=c000003e syscall=25 compat=0 ip=0x7f668bf2eec9 code=0x7ffc0000 [ 207.197889][ T37] audit: type=1326 audit(1759017540.495:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7088 comm="syz.0.383" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f668bf2eec9 code=0x7ffc0000 [ 207.197938][ T37] audit: type=1326 audit(1759017540.495:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7088 comm="syz.0.383" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f668bf2eec9 code=0x7ffc0000 [ 207.197985][ T37] audit: type=1326 audit(1759017540.495:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7088 comm="syz.0.383" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f668bf2eec9 code=0x7ffc0000 [ 207.198037][ T37] audit: type=1326 audit(1759017540.495:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7088 comm="syz.0.383" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f668bf2eec9 code=0x7ffc0000 [ 207.198085][ T37] audit: type=1326 audit(1759017540.495:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7088 comm="syz.0.383" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f668bf2eec9 code=0x7ffc0000 [ 207.656222][ T7120] fido_id[7120]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 207.715888][ T5930] usb 5-1: USB disconnect, device number 6 [ 208.890468][ T7155] bridge0: port 1(bridge_slave_0) entered disabled state [ 208.896202][ T7155] bridge0: port 2(bridge_slave_1) entered disabled state [ 209.945614][ C0] vkms_vblank_simulate: vblank timer overrun [ 210.009566][ C0] vkms_vblank_simulate: vblank timer overrun [ 210.090471][ C0] vkms_vblank_simulate: vblank timer overrun [ 210.139347][ C0] vkms_vblank_simulate: vblank timer overrun [ 210.159524][ C0] vkms_vblank_simulate: vblank timer overrun [ 210.253437][ C0] vkms_vblank_simulate: vblank timer overrun [ 210.307389][ C0] vkms_vblank_simulate: vblank timer overrun [ 210.562117][ C0] vkms_vblank_simulate: vblank timer overrun [ 210.626123][ C0] vkms_vblank_simulate: vblank timer overrun [ 210.959697][ C0] vkms_vblank_simulate: vblank timer overrun [ 211.030891][ C0] vkms_vblank_simulate: vblank timer overrun [ 211.123323][ C0] vkms_vblank_simulate: vblank timer overrun [ 211.210622][ C0] vkms_vblank_simulate: vblank timer overrun [ 211.290322][ C0] vkms_vblank_simulate: vblank timer overrun [ 211.325280][ C0] vkms_vblank_simulate: vblank timer overrun [ 211.359350][ C0] vkms_vblank_simulate: vblank timer overrun [ 211.418912][ C0] vkms_vblank_simulate: vblank timer overrun [ 211.508857][ C0] vkms_vblank_simulate: vblank timer overrun [ 212.606561][ C0] vcan0: j1939_tp_rxtimer: 0xffff888031627c00: rx timeout, send abort [ 212.606672][ C0] vcan0: j1939_tp_rxtimer: 0xffff888031626000: rx timeout, send abort [ 212.606804][ C0] vcan0: j1939_xtp_rx_abort_one: 0xffff888031627c00: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 212.606917][ C0] vcan0: j1939_xtp_rx_abort_one: 0xffff888031626000: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 213.292666][ T7203] tun0: tun_chr_ioctl cmd 1074025675 [ 213.292690][ T7203] tun0: persist enabled [ 213.292892][ T7203] tun0: tun_chr_ioctl cmd 1074025675 [ 213.292907][ T7203] tun0: persist disabled [ 213.352730][ T7203] netlink: 'syz.4.430': attribute type 1 has an invalid length. [ 213.352753][ T7203] netlink: 'syz.4.430': attribute type 2 has an invalid length. [ 213.725563][ T5913] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 213.900364][ T5913] usb 5-1: config 86 has an invalid interface number: 125 but max is 1 [ 213.900394][ T5913] usb 5-1: config 86 has an invalid interface descriptor of length 5, skipping [ 213.900414][ T5913] usb 5-1: config 86 has 1 interface, different from the descriptor's value: 2 [ 213.900437][ T5913] usb 5-1: config 86 has no interface number 0 [ 213.900489][ T5913] usb 5-1: config 86 interface 125 altsetting 7 has 0 endpoint descriptors, different from the interface descriptor's value: 13 [ 213.900517][ T5913] usb 5-1: config 86 interface 125 has no altsetting 0 [ 213.918656][ T5913] usb 5-1: New USB device found, idVendor=0bb4, idProduct=0a44, bcdDevice= a.45 [ 213.918694][ T5913] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 213.918718][ T5913] usb 5-1: Product: 쟣蝖驢趫噑놵秷묮年⧲凉섢肁晒籨膿Ꭵ熡穆밒⬫ର⸣鏗襥ᛤ⛡璺墫攘Ɯ䊝箰쇊㵒 [ 213.918742][ T5913] usb 5-1: Manufacturer: 笌↏밠面㐉贩㨟⧨Ꭳ녢錙텋꫎뵸﹈鎠렊│₷骑㦤㹘뎩⪲ﺊꞄ靴ꍿ㼘랾 [ 213.918765][ T5913] usb 5-1: SerialNumber: 뇩䭕넞붙벻輭Ȃ䓊蜎샄灈엂Ꮅ錅暑웟쓅㌢陋훇鰴谻⾭꧉琔棝굒㮑匷績둴ᨽ═㮺ハ [ 214.251659][ T5913] usb 5-1: USB disconnect, device number 7 [ 214.479723][ C0] vkms_vblank_simulate: vblank timer overrun [ 214.570146][ C0] vkms_vblank_simulate: vblank timer overrun [ 214.618053][ C0] vkms_vblank_simulate: vblank timer overrun [ 214.690444][ C0] vkms_vblank_simulate: vblank timer overrun [ 214.724288][ C0] vkms_vblank_simulate: vblank timer overrun [ 214.774376][ C0] vkms_vblank_simulate: vblank timer overrun [ 214.828310][ C0] vkms_vblank_simulate: vblank timer overrun [ 214.856340][ C0] vkms_vblank_simulate: vblank timer overrun [ 214.958662][ C0] vkms_vblank_simulate: vblank timer overrun [ 215.041725][ C0] vkms_vblank_simulate: vblank timer overrun [ 215.099154][ C0] vkms_vblank_simulate: vblank timer overrun [ 215.128502][ C0] vkms_vblank_simulate: vblank timer overrun [ 215.157571][ C0] vkms_vblank_simulate: vblank timer overrun [ 215.211081][ C0] vkms_vblank_simulate: vblank timer overrun [ 215.325171][ C0] vkms_vblank_simulate: vblank timer overrun [ 215.380039][ C0] vkms_vblank_simulate: vblank timer overrun [ 215.490390][ C0] vkms_vblank_simulate: vblank timer overrun [ 215.547997][ C0] vkms_vblank_simulate: vblank timer overrun [ 215.599125][ C0] vkms_vblank_simulate: vblank timer overrun [ 215.710490][ C0] vkms_vblank_simulate: vblank timer overrun [ 215.762570][ C0] vkms_vblank_simulate: vblank timer overrun [ 215.813368][ C0] vkms_vblank_simulate: vblank timer overrun [ 215.840436][ C0] vkms_vblank_simulate: vblank timer overrun [ 215.976034][ C0] vkms_vblank_simulate: vblank timer overrun [ 216.027717][ C0] vkms_vblank_simulate: vblank timer overrun [ 216.078528][ C0] vkms_vblank_simulate: vblank timer overrun [ 216.130944][ C0] vkms_vblank_simulate: vblank timer overrun [ 216.156988][ C0] vkms_vblank_simulate: vblank timer overrun [ 216.244672][ C0] vkms_vblank_simulate: vblank timer overrun [ 216.327715][ C0] vkms_vblank_simulate: vblank timer overrun [ 216.356737][ C0] vkms_vblank_simulate: vblank timer overrun [ 216.417099][ C0] vkms_vblank_simulate: vblank timer overrun [ 216.673576][ C0] vkms_vblank_simulate: vblank timer overrun [ 216.724811][ C0] vkms_vblank_simulate: vblank timer overrun [ 216.777561][ C0] vkms_vblank_simulate: vblank timer overrun [ 216.852785][ C0] vkms_vblank_simulate: vblank timer overrun [ 216.883179][ C0] vkms_vblank_simulate: vblank timer overrun [ 216.932433][ C0] vkms_vblank_simulate: vblank timer overrun [ 216.982212][ C0] vkms_vblank_simulate: vblank timer overrun [ 217.032025][ C0] vkms_vblank_simulate: vblank timer overrun [ 217.083627][ C0] vkms_vblank_simulate: vblank timer overrun [ 217.106882][ C0] vkms_vblank_simulate: vblank timer overrun [ 217.145198][ C0] vkms_vblank_simulate: vblank timer overrun [ 217.219752][ C0] vkms_vblank_simulate: vblank timer overrun [ 217.971925][ C0] vcan0: j1939_tp_rxtimer: 0xffff8880335fbc00: rx timeout, send abort [ 218.085421][ T7258] netlink: 'syz.4.451': attribute type 1 has an invalid length. [ 218.085441][ T7258] netlink: 'syz.4.451': attribute type 2 has an invalid length. [ 218.109406][ T7263] binder_alloc: 7261: binder_alloc_buf, no vma [ 218.472006][ C0] vcan0: j1939_tp_rxtimer: 0xffff8880335fbc00: abort rx timeout. Force session deactivation [ 218.485556][ T5826] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 218.778132][ T5826] usb 5-1: config 86 has an invalid interface number: 125 but max is 1 [ 218.778162][ T5826] usb 5-1: config 86 has an invalid interface descriptor of length 5, skipping [ 218.778183][ T5826] usb 5-1: config 86 has 1 interface, different from the descriptor's value: 2 [ 218.778206][ T5826] usb 5-1: config 86 has no interface number 0 [ 218.778262][ T5826] usb 5-1: config 86 interface 125 altsetting 7 has 0 endpoint descriptors, different from the interface descriptor's value: 13 [ 218.778291][ T5826] usb 5-1: config 86 interface 125 has no altsetting 0 [ 218.781379][ T5826] usb 5-1: New USB device found, idVendor=0bb4, idProduct=0a44, bcdDevice= a.45 [ 218.781407][ T5826] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 218.781428][ T5826] usb 5-1: Product: 쟣蝖驢趫噑놵秷묮年⧲凉섢肁晒籨膿Ꭵ熡穆밒⬫ର⸣鏗襥ᛤ⛡璺墫攘Ɯ䊝箰쇊㵒 [ 218.781449][ T5826] usb 5-1: Manufacturer: 笌↏밠面㐉贩㨟⧨Ꭳ녢錙텋꫎뵸﹈鎠렊│₷骑㦤㹘뎩⪲ﺊꞄ靴ꍿ㼘랾 [ 218.781470][ T5826] usb 5-1: SerialNumber: 뇩䭕넞붙벻輭Ȃ䓊蜎샄灈엂Ꮅ錅暑웟쓅㌢陋훇鰴谻⾭꧉琔棝굒㮑匷績둴ᨽ═㮺ハ [ 219.218338][ T5826] usb 5-1: USB disconnect, device number 8 [ 219.457111][ C0] vkms_vblank_simulate: vblank timer overrun [ 219.767739][ C0] vkms_vblank_simulate: vblank timer overrun [ 220.058435][ C0] vkms_vblank_simulate: vblank timer overrun [ 220.251066][ C0] vkms_vblank_simulate: vblank timer overrun [ 220.438842][ C0] vkms_vblank_simulate: vblank timer overrun [ 220.479136][ C0] vkms_vblank_simulate: vblank timer overrun [ 220.521993][ C0] vkms_vblank_simulate: vblank timer overrun [ 220.587827][ C0] vkms_vblank_simulate: vblank timer overrun [ 220.606782][ C0] vkms_vblank_simulate: vblank timer overrun [ 220.692216][ C0] vkms_vblank_simulate: vblank timer overrun [ 220.911349][ C0] vkms_vblank_simulate: vblank timer overrun [ 221.485780][ T5913] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 221.640340][ T7287] binder_alloc: 7286: binder_alloc_buf, no vma [ 221.668041][ T5913] usb 4-1: config 0 has an invalid interface number: 16 but max is 0 [ 221.668071][ T5913] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 221.668092][ T5913] usb 4-1: config 0 has no interface number 0 [ 221.668141][ T5913] usb 4-1: New USB device found, idVendor=28bd, idProduct=0905, bcdDevice= 0.00 [ 221.668166][ T5913] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 221.757660][ T5913] usb 4-1: config 0 descriptor?? [ 221.962608][ C0] vcan0: j1939_tp_rxtimer: 0xffff88805cfc7c00: rx timeout, send abort [ 221.962780][ C0] vcan0: j1939_tp_rxtimer: 0xffff88805cfc5c00: rx timeout, send abort [ 221.962982][ C0] vcan0: j1939_xtp_rx_abort_one: 0xffff88805cfc7c00: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 221.964786][ C0] vcan0: j1939_xtp_rx_abort_one: 0xffff88805cfc5c00: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 222.188470][ T7302] 9pnet_fd: Insufficient options for proto=fd [ 222.301212][ T5845] Bluetooth: hci3: command 0x0406 tx timeout [ 222.301256][ T5845] Bluetooth: hci1: command 0x0406 tx timeout [ 222.301283][ T5845] Bluetooth: hci0: command 0x0406 tx timeout [ 222.301309][ T5845] Bluetooth: hci2: command 0x0406 tx timeout [ 222.301335][ T5845] Bluetooth: hci4: command 0x0406 tx timeout [ 222.932234][ T7320] netlink: 12 bytes leftover after parsing attributes in process `syz.1.471'. [ 223.209787][ T7324] binder: BINDER_SET_CONTEXT_MGR already set [ 223.209798][ T7324] binder: 7322:7324 ioctl 4018620d 200000000040 returned -16 [ 223.897954][ T9] usb 4-1: USB disconnect, device number 8 [ 226.815329][ C0] vcan0: j1939_tp_rxtimer: 0xffff888039832800: rx timeout, send abort [ 226.815515][ C0] vcan0: j1939_tp_rxtimer: 0xffff88805db23400: rx timeout, send abort [ 226.815823][ C0] vcan0: j1939_xtp_rx_abort_one: 0xffff888039832800: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 226.815971][ C0] vcan0: j1939_xtp_rx_abort_one: 0xffff88805db23400: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 227.869692][ T7368] kAFS: No cell specified [ 228.223933][ T7376] netlink: 'syz.4.494': attribute type 16 has an invalid length. [ 228.223956][ T7376] netlink: 'syz.4.494': attribute type 17 has an invalid length. [ 228.355729][ T7376] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 229.015570][ T10] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 229.315138][ T10] usb 5-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config [ 229.315188][ T10] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 229.315205][ T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 229.452745][ T10] usb 5-1: Quirk or no altset; falling back to MIDI 1.0 [ 229.711791][ T7387] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 229.753006][ T7387] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 229.758192][ T7387] openvswitch: netlink: Flow set message rejected, Key attribute missing. [ 229.792857][ T7391] kAFS: No cell specified [ 229.988914][ T10] snd-usb-audio 5-1:27.0: probe with driver snd-usb-audio failed with error -2 [ 230.038990][ T10] usb 5-1: USB disconnect, device number 9 [ 230.595583][ T6044] usb 4-1: new full-speed USB device number 9 using dummy_hcd [ 230.751278][ T6044] usb 4-1: config 5 has an invalid interface number: 3 but max is 0 [ 230.751299][ T6044] usb 4-1: config 5 has no interface number 0 [ 230.774980][ T6044] usb 4-1: New USB device found, idVendor=09fb, idProduct=602a, bcdDevice=fd.36 [ 230.775130][ T6044] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 230.775152][ T6044] usb 4-1: Product: syz [ 230.775166][ T6044] usb 4-1: Manufacturer: syz [ 230.775181][ T6044] usb 4-1: SerialNumber: syz [ 230.848852][ T6044] ftdi_sio 4-1:5.3: FTDI USB Serial Device converter detected [ 230.853090][ T6044] ftdi_sio ttyUSB0: unknown device type: 0xfd36 [ 231.171978][ T7399] netlink: 4 bytes leftover after parsing attributes in process `syz.3.501'. [ 231.256775][ T7399] dummy0: entered promiscuous mode [ 231.256961][ T7399] macvtap1: entered promiscuous mode [ 231.257133][ T7399] macvtap1: entered allmulticast mode [ 231.257144][ T7399] dummy0: entered allmulticast mode [ 231.633173][ T7410] dummy0: left allmulticast mode [ 231.633479][ T7410] dummy0: left promiscuous mode [ 231.738054][ T10] usb 4-1: USB disconnect, device number 9 [ 231.740575][ T10] ftdi_sio 4-1:5.3: device disconnected [ 233.745840][ T7440] kAFS: No cell specified [ 235.580803][ T7467] bridge0: port 1(bridge_slave_0) entered disabled state [ 235.597755][ T7468] netlink: 'syz.0.521': attribute type 16 has an invalid length. [ 235.597771][ T7468] netlink: 'syz.0.521': attribute type 17 has an invalid length. [ 235.605324][ T7467] bridge0: port 2(bridge_slave_1) entered disabled state [ 236.393412][ T7468] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 236.888031][ T7488] kAFS: No cell specified [ 239.803240][ T7545] afs: Unknown parameter 'dy' [ 239.846246][ T7544] netlink: 'syz.0.538': attribute type 16 has an invalid length. [ 239.846268][ T7544] netlink: 'syz.0.538': attribute type 17 has an invalid length. [ 240.477507][ T7544] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 242.442666][ T7580] input: syz1 as /devices/virtual/input/input14 [ 242.815594][ T7580] netlink: 'syz.4.548': attribute type 1 has an invalid length. [ 243.415837][ T7602] afs: Unknown parameter 'dy' [ 248.281396][ T7657] afs: Unknown parameter 'dy' [ 249.963149][ T7691] netlink: 'syz.4.572': attribute type 16 has an invalid length. [ 249.972239][ T7691] netlink: 'syz.4.572': attribute type 17 has an invalid length. [ 250.321803][ T7691] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 250.735844][ T7696] IPVS: sync thread started: state = MASTER, mcast_ifn = ip6tnl0, syncid = 3, id = 0 [ 252.697223][ T7723] netlink: 76 bytes leftover after parsing attributes in process `syz.2.581'. [ 254.680863][ T7747] netlink: 12 bytes leftover after parsing attributes in process `syz.2.591'. [ 256.190571][ T7780] input: syz1 as /devices/virtual/input/input15 [ 256.295622][ T7780] netlink: 'syz.1.598': attribute type 1 has an invalid length. [ 256.388450][ T7782] netlink: 'syz.0.600': attribute type 16 has an invalid length. [ 256.388473][ T7782] netlink: 'syz.0.600': attribute type 17 has an invalid length. [ 256.727935][ T7790] netlink: 12 bytes leftover after parsing attributes in process `syz.4.603'. [ 257.439093][ T7799] netlink: 76 bytes leftover after parsing attributes in process `syz.4.607'. [ 257.552023][ T7782] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 258.912249][ T7834] netlink: 28 bytes leftover after parsing attributes in process `syz.0.618'. [ 259.359856][ T7841] netlink: 32 bytes leftover after parsing attributes in process `syz.3.619'. [ 259.948160][ T7844] netlink: 'syz.0.620': attribute type 16 has an invalid length. [ 259.948183][ T7844] netlink: 'syz.0.620': attribute type 17 has an invalid length. [ 260.281713][ T7844] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 261.191606][ T1320] ieee802154 phy0 wpan0: encryption failed: -22 [ 261.191661][ T1320] ieee802154 phy1 wpan1: encryption failed: -22 [ 261.680166][ T7873] netlink: 28 bytes leftover after parsing attributes in process `syz.1.631'. [ 262.957345][ T7907] input: syz1 as /devices/virtual/input/input16 [ 263.408153][ T7912] netlink: 28 bytes leftover after parsing attributes in process `syz.0.645'. [ 266.013566][ T7952] netlink: 28 bytes leftover after parsing attributes in process `syz.0.660'. [ 268.454799][ T8003] input: syz1 as /devices/virtual/input/input17 [ 268.991007][ T8012] input: syz1 as /devices/virtual/input/input18 [ 269.222910][ T8013] netlink: 28 bytes leftover after parsing attributes in process `syz.1.682'. [ 276.638955][ T8095] input: syz1 as /devices/virtual/input/input19 [ 276.976888][ C1] vkms_vblank_simulate: vblank timer overrun [ 277.867188][ C1] vkms_vblank_simulate: vblank timer overrun [ 278.120443][ C1] vkms_vblank_simulate: vblank timer overrun [ 279.576396][ C1] vcan0: j1939_tp_rxtimer: 0xffff888039649c00: rx timeout, send abort [ 279.576564][ C1] vcan0: j1939_tp_rxtimer: 0xffff88803964a000: rx timeout, send abort [ 279.576766][ C1] vcan0: j1939_xtp_rx_abort_one: 0xffff888039649c00: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 279.576919][ C1] vcan0: j1939_xtp_rx_abort_one: 0xffff88803964a000: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 280.025517][ T10] usb 1-1: new full-speed USB device number 4 using dummy_hcd [ 280.201082][ T10] usb 1-1: config 5 has an invalid interface number: 3 but max is 0 [ 280.201111][ T10] usb 1-1: config 5 has no interface number 0 [ 280.223496][ T10] usb 1-1: New USB device found, idVendor=09fb, idProduct=602a, bcdDevice=fd.36 [ 280.223530][ T10] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 280.223551][ T10] usb 1-1: Product: syz [ 280.223567][ T10] usb 1-1: Manufacturer: syz [ 280.223583][ T10] usb 1-1: SerialNumber: syz [ 280.307805][ T10] ftdi_sio 1-1:5.3: FTDI USB Serial Device converter detected [ 280.309812][ T10] ftdi_sio ttyUSB0: unknown device type: 0xfd36 [ 280.536760][ T8116] netlink: 4 bytes leftover after parsing attributes in process `syz.0.715'. [ 280.788412][ T8116] dummy0: entered promiscuous mode [ 280.788571][ T8116] macvtap1: entered promiscuous mode [ 280.788731][ T8116] macvtap1: entered allmulticast mode [ 280.788741][ T8116] dummy0: entered allmulticast mode [ 282.467127][ T8128] dummy0: left allmulticast mode [ 282.467430][ T8128] dummy0: left promiscuous mode [ 282.752810][ T31] usb 1-1: USB disconnect, device number 4 [ 282.754678][ T31] ftdi_sio 1-1:5.3: device disconnected [ 285.219051][ T8174] netlink: 'syz.4.734': attribute type 16 has an invalid length. [ 285.219074][ T8174] netlink: 'syz.4.734': attribute type 17 has an invalid length. [ 285.479322][ T8174] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 287.885723][ T8184] netlink: 12 bytes leftover after parsing attributes in process `syz.2.738'. [ 288.033984][ T8182] netlink: 8 bytes leftover after parsing attributes in process `syz.1.737'. [ 288.355093][ T8182] syz_tun: entered promiscuous mode [ 288.444982][ C0] vcan0: j1939_tp_rxtimer: 0xffff888059d3ec00: rx timeout, send abort [ 288.445897][ C0] vcan0: j1939_tp_rxtimer: 0xffff88805cf09000: rx timeout, send abort [ 288.446289][ C0] vcan0: j1939_xtp_rx_abort_one: 0xffff888059d3ec00: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 288.446443][ C0] vcan0: j1939_xtp_rx_abort_one: 0xffff88805cf09000: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 293.124507][ T8223] netlink: 'syz.1.748': attribute type 10 has an invalid length. [ 293.327045][ T8226] netlink: 12 bytes leftover after parsing attributes in process `syz.2.750'. [ 293.497685][ T8234] netlink: 'syz.3.751': attribute type 16 has an invalid length. [ 293.497708][ T8234] netlink: 'syz.3.751': attribute type 17 has an invalid length. [ 294.044571][ T8223] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 294.472722][ T8244] netlink: 12 bytes leftover after parsing attributes in process `syz.1.757'. [ 294.775595][ T8234] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 295.925605][ T8266] input: syz1 as /devices/virtual/input/input20 [ 299.095783][ T8286] netlink: 12 bytes leftover after parsing attributes in process `syz.4.769'. [ 299.200766][ T8289] netlink: 12 bytes leftover after parsing attributes in process `syz.0.770'. [ 299.932113][ T8295] netlink: 'syz.4.771': attribute type 16 has an invalid length. [ 299.932137][ T8295] netlink: 'syz.4.771': attribute type 17 has an invalid length. [ 300.630102][ T8295] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 301.859104][ T6049] IPVS: starting estimator thread 0... [ 301.954866][ T8327] IPVS: using max 6 ests per chain, 14400 per kthread [ 301.963758][ T8332] netlink: 12 bytes leftover after parsing attributes in process `syz.4.781'. [ 302.085565][ T3109] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 302.219803][ T3109] usb 2-1: device descriptor read/64, error -71 [ 302.821858][ T3109] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 302.995546][ T3109] usb 2-1: device descriptor read/64, error -71 [ 303.105829][ T3109] usb usb2-port1: attempt power cycle [ 303.455497][ T3109] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 303.476444][ T3109] usb 2-1: device descriptor read/8, error -71 [ 303.715579][ T3109] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 303.747796][ T3109] usb 2-1: device descriptor read/8, error -71 [ 303.879607][ T3109] usb usb2-port1: unable to enumerate USB device [ 304.560679][ T8356] netlink: 12 bytes leftover after parsing attributes in process `syz.2.786'. [ 306.352415][ T8372] input: syz1 as /devices/virtual/input/input21 [ 308.059621][ T8382] netlink: 'syz.2.789': attribute type 16 has an invalid length. [ 308.059646][ T8382] netlink: 'syz.2.789': attribute type 17 has an invalid length. [ 309.064230][ T8396] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 309.140017][ T8382] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 309.570335][ T8404] netlink: 12 bytes leftover after parsing attributes in process `syz.2.797'. [ 313.482833][ T8448] input: syz1 as /devices/virtual/input/input22 [ 316.930567][ C1] vcan0: j1939_tp_rxtimer: 0xffff88805aa3dc00: rx timeout, send abort [ 316.930730][ C1] vcan0: j1939_tp_rxtimer: 0xffff88805aa3e400: rx timeout, send abort [ 316.930939][ C1] vcan0: j1939_xtp_rx_abort_one: 0xffff88805aa3dc00: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 316.931085][ C1] vcan0: j1939_xtp_rx_abort_one: 0xffff88805aa3e400: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 317.373041][ T37] audit: type=1326 audit(1759017650.675:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8456 comm="syz.2.808" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f48e7cfeec9 code=0x0 [ 317.425631][ T8459] netlink: 12 bytes leftover after parsing attributes in process `syz.4.809'. [ 317.632711][ T8463] netlink: 92 bytes leftover after parsing attributes in process `syz.2.808'. [ 317.632739][ T8463] netlink: 56 bytes leftover after parsing attributes in process `syz.2.808'. [ 317.922246][ T8463] kAFS: unable to lookup cell '' [ 318.370723][ T8471] input: syz1 as /devices/virtual/input/input23 [ 319.113615][ T8476] netlink: 40 bytes leftover after parsing attributes in process `syz.1.813'. [ 320.229045][ T8498] netlink: 12 bytes leftover after parsing attributes in process `syz.1.820'. [ 321.010538][ T8508] binder_alloc: 8504: binder_alloc_buf, no vma [ 321.294569][ T8514] netlink: 4 bytes leftover after parsing attributes in process `syz.2.826'. [ 321.294644][ T8514] netlink: 4 bytes leftover after parsing attributes in process `syz.2.826'. [ 321.694147][ T8523] input: syz1 as /devices/virtual/input/input24 [ 321.769613][ T8514] netlink: 4 bytes leftover after parsing attributes in process `syz.2.826'. [ 321.769681][ T8514] netlink: 4 bytes leftover after parsing attributes in process `syz.2.826'. [ 322.610034][ T1320] ieee802154 phy0 wpan0: encryption failed: -22 [ 322.610089][ T1320] ieee802154 phy1 wpan1: encryption failed: -22 [ 323.758572][ T8549] netlink: 16 bytes leftover after parsing attributes in process `syz.1.836'. [ 324.115785][ T8556] syzkaller0: entered promiscuous mode [ 324.115819][ T8556] syzkaller0: entered allmulticast mode [ 324.563084][ T8565] netlink: 4 bytes leftover after parsing attributes in process `syz.4.843'. [ 324.563146][ T8565] netlink: 4 bytes leftover after parsing attributes in process `syz.4.843'. [ 325.023830][ T8565] netlink: 4 bytes leftover after parsing attributes in process `syz.4.843'. [ 325.023878][ T8565] netlink: 4 bytes leftover after parsing attributes in process `syz.4.843'. [ 325.074724][ T8572] input: syz1 as /devices/virtual/input/input25 [ 325.185013][ T8572] netlink: 'syz.3.844': attribute type 1 has an invalid length. [ 326.189654][ T8584] netlink: 'syz.4.846': attribute type 16 has an invalid length. [ 326.189671][ T8584] netlink: 'syz.4.846': attribute type 17 has an invalid length. [ 327.548294][ T8593] netlink: 16 bytes leftover after parsing attributes in process `syz.0.851'. [ 327.952573][ T8572] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR [ 328.386328][ T8603] netlink: 4 bytes leftover after parsing attributes in process `syz.3.856'. [ 328.386392][ T8603] netlink: 4 bytes leftover after parsing attributes in process `syz.3.856'. [ 328.431118][ T8584] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 328.859162][ T8617] input: syz1 as /devices/virtual/input/input26 [ 329.021123][ T8603] netlink: 4 bytes leftover after parsing attributes in process `syz.3.856'. [ 329.021170][ T8603] netlink: 4 bytes leftover after parsing attributes in process `syz.3.856'. [ 329.121073][ T8617] netlink: 'syz.1.859': attribute type 1 has an invalid length. [ 330.057722][ T8639] input: syz1 as /devices/virtual/input/input27 [ 330.194912][ T8642] netlink: 'syz.2.868': attribute type 16 has an invalid length. [ 330.194929][ T8642] netlink: 'syz.2.868': attribute type 17 has an invalid length. [ 330.673833][ T8642] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 330.773129][ T8639] netlink: 'syz.4.866': attribute type 1 has an invalid length. [ 331.267293][ T8654] netlink: 16 bytes leftover after parsing attributes in process `syz.0.872'. [ 333.395972][ T8674] netlink: 'syz.0.881': attribute type 16 has an invalid length. [ 333.395996][ T8674] netlink: 'syz.0.881': attribute type 17 has an invalid length. [ 333.807491][ T8674] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 334.435485][ T31] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 334.623174][ T31] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 334.623203][ T31] usb 2-1: config 0 has no interfaces? [ 334.623237][ T31] usb 2-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 334.623260][ T31] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 334.654771][ T31] usb 2-1: config 0 descriptor?? [ 335.133336][ T8691] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 335.134406][ T8691] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 337.410528][ T8711] input: syz1 as /devices/virtual/input/input28 [ 337.517881][ T8711] netlink: 'syz.3.894': attribute type 1 has an invalid length. [ 340.465471][ T8716] binder: BINDER_SET_CONTEXT_MGR already set [ 340.465488][ T8716] binder: 8715:8716 ioctl 4018620d 200000000040 returned -16 [ 340.949017][ T5826] usb 2-1: USB disconnect, device number 10 [ 341.656189][ T8711] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR [ 347.502053][ T5836] syz_tun (unregistering): left promiscuous mode [ 348.237374][ T8778] binder: BINDER_SET_CONTEXT_MGR already set [ 348.237390][ T8778] binder: 8777:8778 ioctl 4018620d 200000000040 returned -16 [ 349.263792][ T5846] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 349.285770][ T5846] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 349.288102][ T5846] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 349.289912][ T5846] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 349.292332][ T5846] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 350.853734][ T37] audit: type=1326 audit(1759017684.155:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8800 comm="syz.4.926" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7efe9d54eec9 code=0x0 [ 350.964539][ T8803] netlink: 92 bytes leftover after parsing attributes in process `syz.4.926'. [ 350.964567][ T8803] netlink: 56 bytes leftover after parsing attributes in process `syz.4.926'. [ 351.138213][ T8802] kAFS: unable to lookup cell '' [ 351.405725][ T5848] Bluetooth: hci1: command tx timeout [ 351.818369][ T8786] gretap0: entered promiscuous mode [ 351.818498][ T8786] vlan2: entered promiscuous mode [ 352.466008][ T8807] binder: BINDER_SET_CONTEXT_MGR already set [ 352.466025][ T8807] binder: 8806:8807 ioctl 4018620d 200000000040 returned -16 [ 353.034493][ T4280] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 353.205586][ T8815] tun0: tun_chr_ioctl cmd 1074025675 [ 353.205611][ T8815] tun0: persist enabled [ 353.205650][ T8816] tun0: tun_chr_ioctl cmd 1074025675 [ 353.205665][ T8816] tun0: persist disabled [ 353.292496][ T8819] netlink: 'syz.0.930': attribute type 1 has an invalid length. [ 353.292520][ T8819] netlink: 'syz.0.930': attribute type 2 has an invalid length. [ 353.485611][ T5848] Bluetooth: hci1: command tx timeout [ 354.279895][ T5846] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 354.302043][ T5846] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 354.304061][ T5846] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 354.306900][ T5846] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 354.311046][ T5846] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 354.936365][ T8845] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 355.202365][ T37] audit: type=1326 audit(1759017688.505:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8846 comm="syz.0.940" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f668bf2eec9 code=0x0 [ 355.263959][ T4280] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 355.308017][ T8849] netlink: 92 bytes leftover after parsing attributes in process `syz.0.940'. [ 355.308066][ T8849] netlink: 56 bytes leftover after parsing attributes in process `syz.0.940'. [ 355.383368][ T8848] kAFS: unable to lookup cell '' [ 355.566982][ T5846] Bluetooth: hci1: command tx timeout [ 355.851788][ T4280] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 356.445572][ T5846] Bluetooth: hci2: command tx timeout [ 356.702927][ T4280] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 357.649661][ T5846] Bluetooth: hci1: command tx timeout [ 357.961544][ T8871] tun0: tun_chr_ioctl cmd 1074025675 [ 357.961569][ T8871] tun0: persist enabled [ 357.961642][ T8873] tun0: tun_chr_ioctl cmd 1074025675 [ 357.961657][ T8873] tun0: persist disabled [ 358.152724][ T8876] netlink: 'syz.1.947': attribute type 1 has an invalid length. [ 358.152748][ T8876] netlink: 'syz.1.947': attribute type 2 has an invalid length. [ 358.414921][ T37] audit: type=1326 audit(1759017691.715:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8880 comm="syz.0.949" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f668bf2eec9 code=0x0 [ 358.525490][ T5846] Bluetooth: hci2: command tx timeout [ 358.531009][ T8885] netlink: 92 bytes leftover after parsing attributes in process `syz.0.949'. [ 358.531034][ T8885] netlink: 56 bytes leftover after parsing attributes in process `syz.0.949'. [ 358.614632][ T8884] kAFS: unable to lookup cell '' [ 358.689329][ T8787] chnl_net:caif_netlink_parms(): no params data found [ 358.764059][ T4280] bridge_slave_1: left allmulticast mode [ 358.773302][ T4280] bridge_slave_1: left promiscuous mode [ 358.777753][ T4280] bridge0: port 2(bridge_slave_1) entered disabled state [ 358.920983][ T4280] bridge_slave_0: left allmulticast mode [ 358.921019][ T4280] bridge_slave_0: left promiscuous mode [ 358.921288][ T4280] bridge0: port 1(bridge_slave_0) entered disabled state [ 360.605862][ T5846] Bluetooth: hci2: command tx timeout [ 362.685522][ T5846] Bluetooth: hci2: command tx timeout [ 364.936119][ T4280] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 365.020437][ T4280] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 365.106790][ T4280] bond0 (unregistering): Released all slaves [ 365.300433][ T8945] binder: BINDER_SET_CONTEXT_MGR already set [ 365.300451][ T8945] binder: 8944:8945 ioctl 4018620d 200000000040 returned -16 [ 365.488987][ T8921] vlan2: entered promiscuous mode [ 365.847159][ T4280] tipc: Left network mode [ 365.872493][ T8953] binder: BINDER_SET_CONTEXT_MGR already set [ 365.872510][ T8953] binder: 8952:8953 ioctl 4018620d 200000000040 returned -16 [ 368.037124][ T8841] chnl_net:caif_netlink_parms(): no params data found [ 368.579191][ T8787] bridge0: port 1(bridge_slave_0) entered blocking state [ 368.579403][ T8787] bridge0: port 1(bridge_slave_0) entered disabled state [ 368.579653][ T8787] bridge_slave_0: entered allmulticast mode [ 368.582640][ T8787] bridge_slave_0: entered promiscuous mode [ 368.680015][ T8787] bridge0: port 2(bridge_slave_1) entered blocking state [ 368.680174][ T8787] bridge0: port 2(bridge_slave_1) entered disabled state [ 368.680372][ T8787] bridge_slave_1: entered allmulticast mode [ 368.682411][ T8787] bridge_slave_1: entered promiscuous mode [ 368.858391][ T8981] binder: BINDER_SET_CONTEXT_MGR already set [ 368.858403][ T8981] binder: 8980:8981 ioctl 4018620d 200000000040 returned -16 [ 369.011796][ T4280] hsr_slave_0: left promiscuous mode [ 369.045556][ T4280] hsr_slave_1: left promiscuous mode [ 369.046871][ T4280] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 369.046966][ T4280] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 369.097643][ T4280] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 369.097677][ T4280] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 369.320450][ T4280] veth1_macvtap: left promiscuous mode [ 369.320740][ T4280] veth0_macvtap: left promiscuous mode [ 369.321000][ T4280] veth1_vlan: left promiscuous mode [ 369.321304][ T4280] veth0_vlan: left promiscuous mode [ 369.566417][ T8995] binder: BINDER_SET_CONTEXT_MGR already set [ 369.566445][ T8995] binder: 8994:8995 ioctl 4018620d 200000000040 returned -16 [ 369.833507][ T9003] netlink: 'syz.0.989': attribute type 16 has an invalid length. [ 369.833530][ T9003] netlink: 'syz.0.989': attribute type 17 has an invalid length. [ 372.746423][ T4280] team0 (unregistering): Port device team_slave_1 removed [ 373.011844][ T4280] team0 (unregistering): Port device team_slave_0 removed [ 375.554404][ T8992] tun0: tun_chr_ioctl cmd 1074025675 [ 375.554429][ T8992] tun0: persist enabled [ 375.554715][ T8996] tun0: tun_chr_ioctl cmd 1074025675 [ 375.554735][ T8996] tun0: persist disabled [ 375.554835][ T8998] netlink: 'syz.4.986': attribute type 1 has an invalid length. [ 375.554854][ T8998] netlink: 'syz.4.986': attribute type 2 has an invalid length. [ 375.730422][ T9003] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 375.799326][ T8787] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 376.079169][ T8787] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 377.089344][ T8787] team0: Port device team_slave_0 added [ 377.111541][ T8841] bridge0: port 1(bridge_slave_0) entered blocking state [ 377.111639][ T8841] bridge0: port 1(bridge_slave_0) entered disabled state [ 377.111930][ T8841] bridge_slave_0: entered allmulticast mode [ 377.113814][ T8841] bridge_slave_0: entered promiscuous mode [ 377.173325][ T8787] team0: Port device team_slave_1 added [ 377.224159][ T8841] bridge0: port 2(bridge_slave_1) entered blocking state [ 377.224312][ T8841] bridge0: port 2(bridge_slave_1) entered disabled state [ 377.224577][ T8841] bridge_slave_1: entered allmulticast mode [ 377.264079][ T8841] bridge_slave_1: entered promiscuous mode [ 377.931096][ T8787] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 377.931114][ T8787] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 377.931142][ T8787] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 377.997301][ T8841] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 378.283940][ T8787] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 378.283957][ T8787] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 378.283988][ T8787] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 378.305146][ T8841] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 378.391877][ T9052] input: syz1 as /devices/virtual/input/input29 [ 378.640506][ T9052] netlink: 'syz.1.1001': attribute type 1 has an invalid length. [ 378.941136][ T9064] netlink: 'syz.0.1003': attribute type 16 has an invalid length. [ 378.941152][ T9064] netlink: 'syz.0.1003': attribute type 17 has an invalid length. [ 379.198048][ T8841] team0: Port device team_slave_0 added [ 379.282717][ T9064] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 379.372110][ T8841] team0: Port device team_slave_1 added [ 380.142926][ T9078] tun0: tun_chr_ioctl cmd 1074025675 [ 380.142946][ T9078] tun0: persist enabled [ 380.329487][ T9080] tun0: tun_chr_ioctl cmd 1074025675 [ 380.329512][ T9080] tun0: persist disabled [ 380.329613][ T9081] netlink: 'syz.0.1007': attribute type 1 has an invalid length. [ 380.329630][ T9081] netlink: 'syz.0.1007': attribute type 2 has an invalid length. [ 381.423770][ T8787] hsr_slave_0: entered promiscuous mode [ 381.431105][ T8787] hsr_slave_1: entered promiscuous mode [ 381.436537][ T8787] debugfs: 'hsr0' already exists in 'hsr' [ 381.436567][ T8787] Cannot create hsr debugfs directory [ 381.592038][ T8841] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 381.592057][ T8841] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 381.592085][ T8841] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 381.616199][ T8841] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 381.616221][ T8841] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 381.616252][ T8841] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 382.215212][ T4280] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 382.911287][ T4280] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 382.950117][ T9116] input: syz1 as /devices/virtual/input/input30 [ 383.062276][ T9116] netlink: 'syz.1.1019': attribute type 1 has an invalid length. [ 383.800534][ T9116] workqueue: Failed to create a rescuer kthread for wq "bond4": -EINTR [ 384.072261][ T1320] ieee802154 phy0 wpan0: encryption failed: -22 [ 384.072347][ T1320] ieee802154 phy1 wpan1: encryption failed: -22 [ 384.507572][ T4280] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 384.701902][ T8841] hsr_slave_0: entered promiscuous mode [ 384.702900][ T8841] hsr_slave_1: entered promiscuous mode [ 384.703515][ T8841] debugfs: 'hsr0' already exists in 'hsr' [ 384.703532][ T8841] Cannot create hsr debugfs directory [ 385.605747][ T4280] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 389.032176][ T4280] bridge_slave_1: left allmulticast mode [ 389.032296][ T4280] bridge_slave_1: left promiscuous mode [ 389.036146][ T4280] bridge0: port 2(bridge_slave_1) entered disabled state [ 389.234859][ T4280] bridge_slave_0: left allmulticast mode [ 389.234890][ T4280] bridge_slave_0: left promiscuous mode [ 389.235839][ T4280] bridge0: port 1(bridge_slave_0) entered disabled state [ 390.110237][ T9183] input: syz1 as /devices/virtual/input/input31 [ 390.363060][ T9183] netlink: 'syz.4.1034': attribute type 1 has an invalid length. [ 394.480522][ T4280] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 394.537812][ T4280] bond_slave_0: left promiscuous mode [ 394.566062][ T4280] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 394.606246][ T4280] bond_slave_1: left promiscuous mode [ 394.610829][ T4280] bond0 (unregistering): Released all slaves [ 394.891503][ T9182] (unnamed net_device) (uninitialized): option arp_interval: invalid value (18446744073709551615) [ 394.891532][ T9182] (unnamed net_device) (uninitialized): option arp_interval: allowed values 0 - 2147483647 [ 394.892537][ T9183] workqueue: Failed to create a rescuer kthread for wq "bond3": -EINTR [ 395.350547][ T4280] IPVS: stopping master sync thread 6128 ... [ 395.391251][ T8787] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 396.160090][ T8787] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 396.433848][ T8787] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 397.112770][ T8787] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 398.586579][ T4280] hsr_slave_0: left promiscuous mode [ 398.629660][ T4280] hsr_slave_1: left promiscuous mode [ 398.630771][ T4280] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 398.630801][ T4280] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 398.688782][ T4280] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 398.688815][ T4280] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 398.928247][ T4280] veth1_macvtap: left promiscuous mode [ 398.928383][ T4280] veth0_macvtap: left promiscuous mode [ 398.928695][ T4280] veth1_vlan: left promiscuous mode [ 398.932235][ T4280] veth0_vlan: left promiscuous mode [ 399.058354][ T9256] input: syz1 as /devices/virtual/input/input32 [ 399.363857][ T9258] netlink: 'syz.4.1049': attribute type 1 has an invalid length. [ 403.214891][ T4280] team0 (unregistering): Port device team_slave_1 removed [ 403.419390][ T4280] team0 (unregistering): Port device team_slave_0 removed [ 405.670068][ T9247] (unnamed net_device) (uninitialized): option arp_interval: invalid value (18446744073709551615) [ 405.670097][ T9247] (unnamed net_device) (uninitialized): option arp_interval: allowed values 0 - 2147483647 [ 405.684780][ T9258] workqueue: Failed to create a rescuer kthread for wq "bond3": -EINTR [ 405.945466][ T8841] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 406.131147][ T8841] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 406.240668][ T8841] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 406.423200][ T8841] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 407.362056][ T8787] 8021q: adding VLAN 0 to HW filter on device bond0 [ 407.411395][ T8787] 8021q: adding VLAN 0 to HW filter on device team0 [ 407.440320][ T43] bridge0: port 1(bridge_slave_0) entered blocking state [ 407.440478][ T43] bridge0: port 1(bridge_slave_0) entered forwarding state [ 407.471281][ T43] bridge0: port 2(bridge_slave_1) entered blocking state [ 407.471437][ T43] bridge0: port 2(bridge_slave_1) entered forwarding state [ 407.512557][ T8841] 8021q: adding VLAN 0 to HW filter on device bond0 [ 407.572410][ T8841] 8021q: adding VLAN 0 to HW filter on device team0 [ 407.602150][ T3118] bridge0: port 1(bridge_slave_0) entered blocking state [ 407.602626][ T3118] bridge0: port 1(bridge_slave_0) entered forwarding state [ 407.806033][ T9223] bridge0: port 2(bridge_slave_1) entered blocking state [ 407.806159][ T9223] bridge0: port 2(bridge_slave_1) entered forwarding state [ 408.507621][ T9316] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1058'. [ 408.729351][ T4280] IPVS: stop unused estimator thread 0... [ 409.718739][ T8841] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 410.126459][ T9333] (unnamed net_device) (uninitialized): option arp_interval: invalid value (18446744073709551615) [ 410.126488][ T9333] (unnamed net_device) (uninitialized): option arp_interval: allowed values 0 - 2147483647 [ 410.246934][ T5848] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 410.275683][ T5848] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 410.285177][ T5848] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 410.312730][ T5848] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 410.320013][ T5848] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 410.371544][ T9343] input: syz1 as /devices/virtual/input/input33 [ 410.600660][ T9343] netlink: 'syz.4.1062': attribute type 1 has an invalid length. [ 412.526029][ T5846] Bluetooth: hci5: command tx timeout [ 412.636177][ T9370] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1067'. [ 413.403394][ T5848] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 413.407441][ T5848] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 413.423487][ T5848] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 413.430081][ T5848] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 413.431763][ T5848] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 414.556032][ T9389] (unnamed net_device) (uninitialized): option arp_interval: invalid value (18446744073709551615) [ 414.556063][ T9389] (unnamed net_device) (uninitialized): option arp_interval: allowed values 0 - 2147483647 [ 414.607007][ T5846] Bluetooth: hci5: command tx timeout [ 414.737016][ T9401] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1076'. [ 415.066843][ T9411] input: syz1 as /devices/virtual/input/input34 [ 415.287463][ T9408] netlink: 'syz.1.1077': attribute type 1 has an invalid length. [ 415.475584][ T31] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 415.491206][ T5846] Bluetooth: hci1: command tx timeout [ 415.651002][ T31] usb 5-1: Using ep0 maxpacket: 32 [ 415.664194][ T31] usb 5-1: New USB device found, idVendor=0572, idProduct=cb01, bcdDevice=66.3d [ 415.664225][ T31] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 415.690548][ T31] usb 5-1: config 0 descriptor?? [ 415.693889][ T31] cx82310_eth 5-1:0.0: probe with driver cx82310_eth failed with error -22 [ 415.716612][ T31] cxacru 5-1:0.0: usbatm_usb_probe: bind failed: -19! [ 416.780447][ T5846] Bluetooth: hci5: command tx timeout [ 417.808570][ T5846] Bluetooth: hci1: command tx timeout [ 418.859392][ T5846] Bluetooth: hci5: command tx timeout [ 420.400601][ T5846] Bluetooth: hci1: command tx timeout [ 423.394285][ T5846] Bluetooth: hci1: command tx timeout [ 442.145291][ C1] sched: DL replenish lagged too much [ 465.919928][ T5929] usb 5-1: USB disconnect, device number 10 [ 500.317066][ T5848] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 501.583747][ T5848] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 502.243050][ T5848] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 502.244667][ T5848] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 502.245591][ T5848] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 509.040472][ T1320] ieee802154 phy0 wpan0: encryption failed: -22 [ 511.070676][ T1320] ieee802154 phy1 wpan1: encryption failed: -22 [ 514.263842][ T9440] Bluetooth: hci2: Opcode 0x0c03 failed: -110 [ 517.016954][ T5848] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 527.757208][ T5850] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 527.768200][ T5850] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 527.769546][ T5850] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 527.770812][ T5850] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 527.771632][ T5850] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 535.996818][ T5850] Bluetooth: hci5: command 0x0406 tx timeout [ 541.481240][ T5840] Bluetooth: hci1: command 0x0406 tx timeout [ 541.482187][ T5840] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 541.491534][ T5840] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 541.492801][ T5840] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 541.494049][ T5840] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 541.494901][ T5840] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 543.859086][ T5846] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 544.884239][ T5846] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 544.884715][ T5846] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 544.886918][ T5846] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 544.887759][ T5846] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 561.384052][ T38] INFO: task kworker/u8:2:43 blocked for more than 143 seconds. [ 561.384092][ T38] Not tainted syzkaller #0 [ 561.384105][ T38] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 561.384115][ T38] task:kworker/u8:2 state:D stack:20264 pid:43 tgid:43 ppid:2 task_flags:0x4208060 flags:0x00004000 [ 561.384186][ T38] Workqueue: netns cleanup_net [ 561.384238][ T38] Call Trace: [ 561.384246][ T38] [ 561.384261][ T38] __schedule+0x16f3/0x4c20 [ 561.384326][ T38] ? __pfx___schedule+0x10/0x10 [ 561.384378][ T38] ? _raw_spin_unlock_irq+0x23/0x50 [ 561.384416][ T38] rt_mutex_schedule+0x77/0xf0 [ 561.384439][ T38] rt_mutex_slowlock_block+0x5ba/0x6d0 [ 561.384467][ T38] ? task_blocks_on_rt_mutex+0xf12/0x1380 [ 561.384514][ T38] rt_mutex_slowlock+0x2b1/0x6e0 [ 561.384545][ T38] ? rt_mutex_slowlock+0x1c9/0x6e0 [ 561.384574][ T38] ? __pfx_rt_mutex_slowlock+0x10/0x10 [ 561.384600][ T38] ? __lock_acquire+0xab9/0xd20 [ 561.384642][ T38] ? unregister_netdevice_notifier_net+0x8d/0x2a0 [ 561.384678][ T38] ? reacquire_held_locks+0x127/0x1d0 [ 561.384712][ T38] ? __pfx_migrate_enable+0x10/0x10 [ 561.384746][ T38] ? unregister_netdevice_notifier_net+0x8d/0x2a0 [ 561.384777][ T38] mutex_lock_nested+0x16a/0x1d0 [ 561.384811][ T38] unregister_netdevice_notifier_net+0x8d/0x2a0 [ 561.384846][ T38] ? mntput_no_expire+0x2eb/0x9d0 [ 561.384880][ T38] ? __pfx_unregister_netdevice_notifier_net+0x10/0x10 [ 561.384918][ T38] ? __pfx_mntput_no_expire+0x10/0x10 [ 561.384942][ T38] ? rt_spin_unlock+0x65/0x80 [ 561.384977][ T38] ? simple_release_fs+0x9c/0xd0 [ 561.385009][ T38] nsim_dev_hwstats_exit+0x83/0x2a0 [ 561.385037][ T38] ? kfree+0x195/0x550 [ 561.385071][ T38] nsim_dev_reload_destroy+0x2af/0x490 [ 561.385108][ T38] nsim_dev_reload_down+0x8a/0xc0 [ 561.385141][ T38] devlink_reload+0x1b6/0x8d0 [ 561.385172][ T38] ? xa_get_mark+0x67/0x7b0 [ 561.522142][ T38] ? __pfx_devlink_reload+0x10/0x10 [ 561.522181][ T38] ? xa_get_mark+0x70f/0x7b0 [ 561.522221][ T38] devlink_pernet_pre_exit+0x1d9/0x3d0 [ 561.522250][ T38] ? __pfx_devlink_pernet_pre_exit+0x10/0x10 [ 561.522283][ T38] ? class_remove_file_ns+0x124/0x160 [ 561.522317][ T38] ops_undo_list+0x187/0x990 [ 561.522357][ T38] ? __pfx_ops_undo_list+0x10/0x10 [ 561.522402][ T38] cleanup_net+0x4cb/0x800 [ 561.522438][ T38] ? __pfx_cleanup_net+0x10/0x10 [ 561.522473][ T38] ? _raw_spin_unlock_irq+0x23/0x50 [ 561.522506][ T38] ? process_scheduled_works+0x9ef/0x17b0 [ 561.522533][ T38] ? process_scheduled_works+0x9ef/0x17b0 [ 561.522563][ T38] process_scheduled_works+0xae1/0x17b0 [ 561.522623][ T38] ? __pfx_process_scheduled_works+0x10/0x10 [ 561.522670][ T38] worker_thread+0x8a0/0xda0 [ 561.522702][ T38] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 561.522746][ T38] ? __kthread_parkme+0x7b/0x200 [ 561.522787][ T38] kthread+0x711/0x8a0 [ 561.522824][ T38] ? __pfx_worker_thread+0x10/0x10 [ 561.522852][ T38] ? __pfx_kthread+0x10/0x10 [ 561.522890][ T38] ? __pfx_kthread+0x10/0x10 [ 561.522933][ T38] ret_from_fork+0x436/0x7d0 [ 561.522965][ T38] ? __pfx_ret_from_fork+0x10/0x10 [ 561.523002][ T38] ? __switch_to_asm+0x39/0x70 [ 561.523022][ T38] ? __switch_to_asm+0x33/0x70 [ 561.523042][ T38] ? __pfx_kthread+0x10/0x10 [ 561.523077][ T38] ret_from_fork_asm+0x1a/0x30 [ 561.523116][ T38] [ 561.523169][ T38] INFO: task kworker/u8:6:1409 blocked for more than 143 seconds. [ 561.523186][ T38] Not tainted syzkaller #0 [ 561.523197][ T38] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 561.523207][ T38] task:kworker/u8:6 state:D stack:23176 pid:1409 tgid:1409 ppid:2 task_flags:0x4208060 flags:0x00004000 [ 561.523270][ T38] Workqueue: events_unbound linkwatch_event [ 561.523295][ T38] Call Trace: [ 561.523302][ T38] [ 561.523315][ T38] __schedule+0x16f3/0x4c20 [ 561.523377][ T38] ? __pfx___schedule+0x10/0x10 [ 561.523429][ T38] ? _raw_spin_unlock_irq+0x23/0x50 [ 561.523466][ T38] rt_mutex_schedule+0x77/0xf0 [ 561.523488][ T38] rt_mutex_slowlock_block+0x5ba/0x6d0 [ 561.523517][ T38] ? task_blocks_on_rt_mutex+0xf12/0x1380 [ 561.523564][ T38] rt_mutex_slowlock+0x2b1/0x6e0 [ 561.523595][ T38] ? rt_mutex_slowlock+0x1c9/0x6e0 [ 561.523624][ T38] ? __pfx_rt_mutex_slowlock+0x10/0x10 [ 561.523665][ T38] ? linkwatch_event+0xe/0x60 [ 561.523695][ T38] ? process_scheduled_works+0x9ef/0x17b0 [ 561.523728][ T38] ? linkwatch_event+0xe/0x60 [ 561.523748][ T38] mutex_lock_nested+0x16a/0x1d0 [ 561.523776][ T38] ? _raw_spin_unlock_irq+0x23/0x50 [ 561.523810][ T38] ? process_scheduled_works+0x9ef/0x17b0 [ 561.523839][ T38] linkwatch_event+0xe/0x60 [ 561.523861][ T38] process_scheduled_works+0xae1/0x17b0 [ 561.523930][ T38] ? __pfx_process_scheduled_works+0x10/0x10 [ 561.523978][ T38] worker_thread+0x8a0/0xda0 [ 561.524036][ T38] kthread+0x711/0x8a0 [ 561.524073][ T38] ? __pfx_worker_thread+0x10/0x10 [ 561.524102][ T38] ? __pfx_kthread+0x10/0x10 [ 561.524142][ T38] ? __pfx_kthread+0x10/0x10 [ 561.524177][ T38] ret_from_fork+0x436/0x7d0 [ 561.524209][ T38] ? __pfx_ret_from_fork+0x10/0x10 [ 561.524245][ T38] ? __switch_to_asm+0x39/0x70 [ 561.524265][ T38] ? __switch_to_asm+0x33/0x70 [ 561.524285][ T38] ? __pfx_kthread+0x10/0x10 [ 561.524320][ T38] ret_from_fork_asm+0x1a/0x30 [ 561.524360][ T38] [ 561.524411][ T38] INFO: task kworker/u8:14:4280 blocked for more than 143 seconds. [ 561.524426][ T38] Not tainted syzkaller #0 [ 561.524438][ T38] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 561.524448][ T38] task:kworker/u8:14 state:D stack:23320 pid:4280 tgid:4280 ppid:2 task_flags:0x4208060 flags:0x00004000 [ 561.524510][ T38] Workqueue: ipv6_addrconf addrconf_dad_work [ 561.524534][ T38] Call Trace: [ 561.524541][ T38] [ 561.524554][ T38] __schedule+0x16f3/0x4c20 [ 561.524615][ T38] ? __pfx___schedule+0x10/0x10 [ 561.524652][ T38] ? preempt_schedule+0xae/0xc0 [ 561.524696][ T38] ? preempt_schedule_thunk+0x16/0x30 [ 561.524727][ T38] rt_mutex_schedule+0x77/0xf0 [ 561.524749][ T38] rt_mutex_slowlock_block+0x5ba/0x6d0 [ 561.524777][ T38] ? task_blocks_on_rt_mutex+0xf12/0x1380 [ 561.524823][ T38] rt_mutex_slowlock+0x2b1/0x6e0 [ 561.524854][ T38] ? rt_mutex_slowlock+0x1c9/0x6e0 [ 561.524884][ T38] ? __pfx_rt_mutex_slowlock+0x10/0x10 [ 561.524918][ T38] ? __lock_acquire+0xab9/0xd20 [ 561.524960][ T38] ? addrconf_dad_work+0x119/0x15a0 [ 561.524999][ T38] ? addrconf_dad_work+0x119/0x15a0 [ 561.525022][ T38] mutex_lock_nested+0x16a/0x1d0 [ 561.525055][ T38] addrconf_dad_work+0x119/0x15a0 [ 561.525083][ T38] ? __lock_acquire+0xab9/0xd20 [ 561.525121][ T38] ? __pfx_addrconf_dad_work+0x10/0x10 [ 561.525146][ T38] ? process_scheduled_works+0x9ef/0x17b0 [ 561.525182][ T38] ? _raw_spin_unlock_irq+0x23/0x50 [ 561.679612][ T38] ? process_scheduled_works+0x9ef/0x17b0 [ 561.679656][ T38] ? process_scheduled_works+0x9ef/0x17b0 [ 561.679687][ T38] process_scheduled_works+0xae1/0x17b0 [ 561.679748][ T38] ? __pfx_process_scheduled_works+0x10/0x10 [ 561.679796][ T38] worker_thread+0x8a0/0xda0 [ 561.679829][ T38] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 561.679876][ T38] ? __kthread_parkme+0x7b/0x200 [ 561.679930][ T38] kthread+0x711/0x8a0 [ 561.679968][ T38] ? __pfx_worker_thread+0x10/0x10 [ 561.679997][ T38] ? __pfx_kthread+0x10/0x10 [ 561.680036][ T38] ? __pfx_kthread+0x10/0x10 [ 561.680071][ T38] ret_from_fork+0x436/0x7d0 [ 561.680103][ T38] ? __pfx_ret_from_fork+0x10/0x10 [ 561.680140][ T38] ? __switch_to_asm+0x39/0x70 [ 561.680162][ T38] ? __switch_to_asm+0x33/0x70 [ 561.680182][ T38] ? __pfx_kthread+0x10/0x10 [ 561.680217][ T38] ret_from_fork_asm+0x1a/0x30 [ 561.680257][ T38] [ 561.680314][ T38] INFO: task syz-executor:9340 blocked for more than 144 seconds. [ 561.680331][ T38] Not tainted syzkaller #0 [ 561.680343][ T38] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 561.680353][ T38] task:syz-executor state:D stack:22632 pid:9340 tgid:9340 ppid:1 task_flags:0x400140 flags:0x00004004 [ 561.680415][ T38] Call Trace: [ 561.680423][ T38] [ 561.680437][ T38] __schedule+0x16f3/0x4c20 [ 561.680491][ T38] ? __kernel_text_address+0xd/0x40 [ 561.680519][ T38] ? __pfx___schedule+0x10/0x10 [ 561.680572][ T38] ? _raw_spin_unlock_irq+0x23/0x50 [ 561.680609][ T38] rt_mutex_schedule+0x77/0xf0 [ 561.680631][ T38] rt_mutex_slowlock_block+0x5ba/0x6d0 [ 561.680659][ T38] ? task_blocks_on_rt_mutex+0x78c/0x1380 [ 561.680706][ T38] rt_mutex_slowlock+0x2b1/0x6e0 [ 561.680737][ T38] ? rt_mutex_slowlock+0x1c9/0x6e0 [ 561.680767][ T38] ? __pfx_rt_mutex_slowlock+0x10/0x10 [ 561.680806][ T38] ? lockdep_hardirqs_on+0x9c/0x150 [ 561.680844][ T38] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 561.680881][ T38] ? bpf_lsm_capable+0x9/0x20 [ 561.680916][ T38] ? security_capable+0x7e/0x2e0 [ 561.680954][ T38] ? rtnl_newlink+0x8db/0x1c70 [ 561.680983][ T38] mutex_lock_nested+0x16a/0x1d0 [ 561.681010][ T38] ? rtnl_newlink+0x8db/0x1c70 [ 561.681046][ T38] rtnl_newlink+0x8db/0x1c70 [ 561.681085][ T38] ? __lock_acquire+0xab9/0xd20 [ 561.681118][ T38] ? __pfx_rtnl_newlink+0x10/0x10 [ 561.681158][ T38] ? __lock_acquire+0xab9/0xd20 [ 561.681195][ T38] ? __lock_acquire+0xab9/0xd20 [ 561.681237][ T38] ? __lock_acquire+0xab9/0xd20 [ 561.681289][ T38] ? is_bpf_text_address+0x26/0x2b0 [ 561.681326][ T38] ? is_bpf_text_address+0x292/0x2b0 [ 561.681356][ T38] ? is_bpf_text_address+0x26/0x2b0 [ 561.681397][ T38] ? __lock_acquire+0xab9/0xd20 [ 561.681454][ T38] ? __pfx_rtnl_newlink+0x10/0x10 [ 561.681484][ T38] rtnetlink_rcv_msg+0x7cf/0xb70 [ 561.681514][ T38] ? __lock_acquire+0xab9/0xd20 [ 561.681547][ T38] ? rtnetlink_rcv_msg+0x1ab/0xb70 [ 561.681577][ T38] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 561.681627][ T38] netlink_rcv_skb+0x205/0x470 [ 561.681657][ T38] ? __lock_acquire+0xab9/0xd20 [ 561.681687][ T38] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 561.681721][ T38] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 561.681765][ T38] ? netlink_deliver_tap+0x2e/0x1b0 [ 561.681805][ T38] netlink_unicast+0x843/0xa10 [ 561.681844][ T38] ? __pfx_netlink_unicast+0x10/0x10 [ 561.681875][ T38] ? netlink_sendmsg+0x642/0xb30 [ 561.681913][ T38] ? skb_put+0x11b/0x210 [ 561.681952][ T38] netlink_sendmsg+0x805/0xb30 [ 561.681995][ T38] ? __pfx_netlink_sendmsg+0x10/0x10 [ 561.682037][ T38] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 561.682060][ T38] ? __pfx_netlink_sendmsg+0x10/0x10 [ 561.682093][ T38] __sock_sendmsg+0x21c/0x270 [ 561.682126][ T38] __sys_sendto+0x3c7/0x520 [ 561.682163][ T38] ? __pfx___sys_sendto+0x10/0x10 [ 561.682211][ T38] ? blkcg_maybe_throttle_current+0x1a8/0xbc0 [ 561.682257][ T38] ? rcu_is_watching+0x15/0xb0 [ 561.682297][ T38] __x64_sys_sendto+0xde/0x100 [ 561.682336][ T38] do_syscall_64+0xfa/0x3b0 [ 561.682357][ T38] ? lockdep_hardirqs_on+0x9c/0x150 [ 561.682392][ T38] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 561.682415][ T38] ? clear_bhb_loop+0x60/0xb0 [ 561.682441][ T38] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 561.682476][ T38] RIP: 0033:0x7fa2e6670d5c [ 561.682500][ T38] RSP: 002b:00007fffe517ec40 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 561.682523][ T38] RAX: ffffffffffffffda RBX: 00007fa2e73f4620 RCX: 00007fa2e6670d5c [ 561.682540][ T38] RDX: 0000000000000038 RSI: 00007fa2e73f4670 RDI: 0000000000000003 [ 561.682555][ T38] RBP: 0000000000000000 R08: 00007fffe517ec94 R09: 000000000000000c [ 561.682569][ T38] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003 [ 561.682582][ T38] R13: 0000000000000000 R14: 00007fa2e73f4670 R15: 0000000000000000 [ 561.682616][ T38] [ 561.682627][ T38] INFO: task syz-executor:9375 blocked for more than 144 seconds. [ 561.682642][ T38] Not tainted syzkaller #0 [ 561.682654][ T38] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 561.682663][ T38] task:syz-executor state:D stack:25544 pid:9375 tgid:9375 ppid:1 task_flags:0x400140 flags:0x00004006 [ 561.682725][ T38] Call Trace: [ 561.682733][ T38] [ 561.682746][ T38] __schedule+0x16f3/0x4c20 [ 561.682807][ T38] ? __pfx___schedule+0x10/0x10 [ 561.682860][ T38] ? _raw_spin_unlock_irq+0x23/0x50 [ 561.682904][ T38] rt_mutex_schedule+0x77/0xf0 [ 561.682926][ T38] rt_mutex_slowlock_block+0x5ba/0x6d0 [ 561.682955][ T38] ? task_blocks_on_rt_mutex+0x78c/0x1380 [ 561.683002][ T38] rt_mutex_slowlock+0x2b1/0x6e0 [ 561.683033][ T38] ? rt_mutex_slowlock+0x1c9/0x6e0 [ 561.683063][ T38] ? __pfx_rt_mutex_slowlock+0x10/0x10 [ 561.683103][ T38] ? lockdep_hardirqs_on+0x9c/0x150 [ 561.683141][ T38] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 561.683187][ T38] ? ip_tunnel_init_net+0x2ab/0x800 [ 561.683213][ T38] mutex_lock_nested+0x16a/0x1d0 [ 561.683240][ T38] ? ip_tunnel_init_net+0x2ab/0x800 [ 561.683272][ T38] ip_tunnel_init_net+0x2ab/0x800 [ 561.683308][ T38] ? __pfx_ip_tunnel_init_net+0x10/0x10 [ 561.683355][ T38] ops_init+0x35c/0x5c0 [ 561.683398][ T38] setup_net+0x10c/0x320 [ 561.683427][ T38] ? copy_net_ns+0x304/0x4d0 [ 561.683458][ T38] ? __pfx_setup_net+0x10/0x10 [ 561.683492][ T38] ? __mutex_rt_init+0x3b/0x50 [ 561.683522][ T38] copy_net_ns+0x31b/0x4d0 [ 561.683558][ T38] create_new_namespaces+0x3f3/0x720 [ 561.683590][ T38] ? security_capable+0x7e/0x2e0 [ 561.683631][ T38] unshare_nsproxy_namespaces+0x11c/0x170 [ 561.683663][ T38] ksys_unshare+0x4c8/0x8c0 [ 561.683704][ T38] ? __pfx_ksys_unshare+0x10/0x10 [ 561.683738][ T38] ? rt_spin_unlock+0x65/0x80 [ 561.683777][ T38] __x64_sys_unshare+0x38/0x50 [ 561.683810][ T38] do_syscall_64+0xfa/0x3b0 [ 561.683831][ T38] ? lockdep_hardirqs_on+0x9c/0x150 [ 561.683864][ T38] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 561.683885][ T38] ? clear_bhb_loop+0x60/0xb0 [ 561.683918][ T38] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 561.683937][ T38] RIP: 0033:0x7f1c1fba06c7 [ 561.683955][ T38] RSP: 002b:00007ffdba90fde8 EFLAGS: 00000206 ORIG_RAX: 0000000000000110 [ 561.683977][ T38] RAX: ffffffffffffffda RBX: 00007f1c1fdf5f40 RCX: 00007f1c1fba06c7 [ 561.683994][ T38] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000000 [ 561.684008][ T38] RBP: 00007f1c1fdf67b8 R08: 0000000000000000 R09: 0000000000000000 [ 561.684022][ T38] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000008 [ 561.684036][ T38] R13: 0000000000000003 R14: 0000000000000009 R15: 0000000000000000 [ 561.684068][ T38] [ 561.684078][ T38] INFO: task syz.1.1077:9408 blocked for more than 144 seconds. [ 561.684093][ T38] Not tainted syzkaller #0 [ 561.684104][ T38] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 561.684115][ T38] task:syz.1.1077 state:D stack:25864 pid:9408 tgid:9403 ppid:5837 task_flags:0x400140 flags:0x00004004 [ 561.684175][ T38] Call Trace: [ 561.684182][ T38] [ 561.684195][ T38] __schedule+0x16f3/0x4c20 [ 561.684256][ T38] ? __pfx___schedule+0x10/0x10 [ 561.684309][ T38] ? _raw_spin_unlock_irq+0x23/0x50 [ 561.684347][ T38] rt_mutex_schedule+0x77/0xf0 [ 561.684369][ T38] rt_mutex_slowlock_block+0x5ba/0x6d0 [ 561.684397][ T38] ? task_blocks_on_rt_mutex+0xf12/0x1380 [ 561.684444][ T38] rt_mutex_slowlock+0x2b1/0x6e0 [ 561.684476][ T38] ? rt_mutex_slowlock+0x1c9/0x6e0 [ 561.684504][ T38] ? __pfx_rt_mutex_slowlock+0x10/0x10 [ 561.684531][ T38] ? __lock_acquire+0xab9/0xd20 [ 561.684572][ T38] ? rtnl_newlink+0x8db/0x1c70 [ 561.684604][ T38] ? safesetid_security_capable+0xa9/0x1a0 [ 561.684634][ T38] ? bpf_lsm_capable+0x9/0x20 [ 561.684661][ T38] ? security_capable+0x7e/0x2e0 [ 561.684698][ T38] ? rtnl_newlink+0x8db/0x1c70 [ 561.684726][ T38] mutex_lock_nested+0x16a/0x1d0 [ 561.684759][ T38] rtnl_newlink+0x8db/0x1c70 [ 561.684804][ T38] ? __pfx_rtnl_newlink+0x10/0x10 [ 561.684832][ T38] ? migrate_enable+0x29c/0x3c0 [ 561.684860][ T38] ? reacquire_held_locks+0x127/0x1d0 [ 561.684902][ T38] ? __pfx_migrate_enable+0x10/0x10 [ 561.684931][ T38] ? __pfx_migrate_enable+0x10/0x10 [ 561.684973][ T38] ? __local_bh_enable+0x23f/0x3d0 [ 561.685001][ T38] ? reacquire_held_locks+0x127/0x1d0 [ 561.685037][ T38] ? __pfx___local_bh_enable+0x10/0x10 [ 561.685074][ T38] ? __local_bh_enable_ip+0x1b2/0x270 [ 561.685102][ T38] ? lockdep_hardirqs_on+0x9c/0x150 [ 561.685140][ T38] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 561.685167][ T38] ? dev_hard_start_xmit+0x7f5/0x870 [ 561.736688][ T38] ? __dev_queue_xmit+0x26f/0x3b70 [ 561.736742][ T38] ? __dev_queue_xmit+0x26f/0x3b70 [ 561.736768][ T38] ? __dev_queue_xmit+0x26f/0x3b70 [ 561.736795][ T38] ? __dev_queue_xmit+0x1d3d/0x3b70 [ 561.736826][ T38] ? __lock_acquire+0xab9/0xd20 [ 561.736884][ T38] ? __pfx_rtnl_newlink+0x10/0x10 [ 561.736928][ T38] rtnetlink_rcv_msg+0x7cf/0xb70 [ 561.736965][ T38] ? rtnetlink_rcv_msg+0x1ab/0xb70 [ 561.736995][ T38] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 561.737024][ T38] ? ref_tracker_free+0x61e/0x7c0 [ 561.737061][ T38] ? __asan_memcpy+0x40/0x70 [ 561.737085][ T38] ? __pfx_ref_tracker_free+0x10/0x10 [ 561.737117][ T38] ? __skb_clone+0x63/0x7a0 [ 561.737151][ T38] netlink_rcv_skb+0x205/0x470 [ 561.737185][ T38] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 561.737218][ T38] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 561.737263][ T38] ? netlink_deliver_tap+0x2e/0x1b0 [ 561.737304][ T38] netlink_unicast+0x843/0xa10 [ 561.737343][ T38] ? __pfx_netlink_unicast+0x10/0x10 [ 561.737374][ T38] ? netlink_sendmsg+0x642/0xb30 [ 561.737403][ T38] ? skb_put+0x11b/0x210 [ 561.737447][ T38] netlink_sendmsg+0x805/0xb30 [ 561.737488][ T38] ? __pfx_netlink_sendmsg+0x10/0x10 [ 561.737530][ T38] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 561.737553][ T38] ? __pfx_netlink_sendmsg+0x10/0x10 [ 561.737586][ T38] __sock_sendmsg+0x21c/0x270 [ 561.737619][ T38] ____sys_sendmsg+0x508/0x820 [ 561.737649][ T38] ? __pfx_____sys_sendmsg+0x10/0x10 [ 561.737684][ T38] ? import_iovec+0x74/0xa0 [ 561.737716][ T38] ___sys_sendmsg+0x21f/0x2a0 [ 561.737742][ T38] ? __pfx____sys_sendmsg+0x10/0x10 [ 561.737805][ T38] ? __fget_files+0x2a/0x420 [ 561.737837][ T38] ? __fget_files+0x3a6/0x420 [ 561.737881][ T38] __x64_sys_sendmsg+0x1a1/0x260 [ 561.737915][ T38] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 561.737951][ T38] ? rcu_is_watching+0x15/0xb0 [ 561.737991][ T38] ? do_syscall_64+0xbe/0x3b0 [ 561.738019][ T38] do_syscall_64+0xfa/0x3b0 [ 561.738040][ T38] ? lockdep_hardirqs_on+0x9c/0x150 [ 561.738074][ T38] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 561.738096][ T38] ? clear_bhb_loop+0x60/0xb0 [ 561.738124][ T38] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 561.738147][ T38] RIP: 0033:0x7f397befeec9 [ 561.738167][ T38] RSP: 002b:00007f397a11c038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 561.738191][ T38] RAX: ffffffffffffffda RBX: 00007f397c156180 RCX: 00007f397befeec9 [ 561.738209][ T38] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000000000000004 [ 561.738223][ T38] RBP: 00007f397bf81f91 R08: 0000000000000000 R09: 0000000000000000 [ 561.738238][ T38] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 561.738252][ T38] R13: 00007f397c156218 R14: 00007f397c156180 R15: 00007ffe58eb8a68 [ 561.738287][ T38] [ 561.738330][ T38] [ 561.738330][ T38] Showing all locks held in the system: [ 561.738341][ T38] 4 locks held by kworker/0:0/9: [ 561.738354][ T38] #0: ffff88805a3a1538 ((wq_completion)wg-crypt-wg0#5){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 561.738420][ T38] #1: ffffc900000e7bc0 ((work_completion)(&peer->transmit_packet_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 561.738478][ T38] #2: ffffffff8d84a9a0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 561.738535][ T38] #3: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 561.738592][ T38] 4 locks held by kworker/0:1/10: [ 561.738605][ T38] #0: ffff88805a97cd38 ((wq_completion)wg-crypt-wg0#3){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 561.738668][ T38] #1: ffffc900000f7bc0 ((work_completion)(&peer->transmit_packet_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 561.738726][ T38] #2: ffffffff8d84a9a0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 561.738782][ T38] #3: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 561.738840][ T38] 4 locks held by kworker/u8:1/13: [ 561.738852][ T38] #0: ffff88814d7c3138 ((wq_completion)bat_events){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 561.738917][ T38] #1: ffffc90000127bc0 ((work_completion)(&(&bat_priv->nc.work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 561.738976][ T38] #2: ffffffff8d84a9a0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 561.739031][ T38] #3: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 561.739089][ T38] 2 locks held by ksoftirqd/0/15: [ 561.739101][ T38] #0: ffffffff8d84a9a0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 561.739157][ T38] #1: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 561.739214][ T38] 6 locks held by ktimers/0/16: [ 561.739228][ T38] 2 locks held by rcuc/0/20: [ 561.739240][ T38] #0: ffffffff8d84a9a0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 561.739296][ T38] #1: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 561.739355][ T38] 2 locks held by rcuc/1/28: [ 561.739366][ T38] #0: ffffffff8d84a9a0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 561.739422][ T38] #1: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 561.739480][ T38] 1 lock held by khungtaskd/38: [ 561.739492][ T38] #0: ffffffff8d9a8dc0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180 [ 561.739545][ T38] 2 locks held by kcompactd0/41: [ 561.739557][ T38] #0: ffffffff8d84a9a0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 561.739614][ T38] #1: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 561.739671][ T38] 6 locks held by kworker/u8:2/43: [ 561.739683][ T38] #0: ffff88801a6f4138 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 561.739741][ T38] #1: ffffc90000b47bc0 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 561.739796][ T38] #2: ffffffff8ecc69a0 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xf7/0x800 [ 561.739857][ T38] #3: ffff888029dc00d8 (&dev->mutex){....}-{4:4}, at: devlink_pernet_pre_exit+0x10a/0x3d0 [ 561.739917][ T38] #4: ffff88805b137300 (&devlink->lock_key#6){+.+.}-{4:4}, at: devlink_pernet_pre_exit+0x11c/0x3d0 [ 561.739975][ T38] #5: ffffffff8ecd38b8 (rtnl_mutex){+.+.}-{4:4}, at: unregister_netdevice_notifier_net+0x8d/0x2a0 [ 561.740039][ T38] 4 locks held by kworker/1:1/44: [ 561.740051][ T38] #0: ffff88805a97c938 ((wq_completion)wg-kex-wg0#6){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 561.740114][ T38] #1: ffffc90000b57bc0 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __ptr = (unsigned long) ((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker)))); (typeof((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker))))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 561.740192][ T38] #2: ffff88805a8555f8 (&wg->static_identity.lock){++++}-{4:4}, at: wg_noise_handshake_consume_initiation+0x150/0x900 [ 561.740249][ T38] #3: ffff88805c5b6350 (&handshake->lock){++++}-{4:4}, at: wg_noise_handshake_consume_initiation+0x4de/0x900 [ 561.740313][ T38] 7 locks held by kworker/u8:5/796: [ 561.740326][ T38] #0: ffff888019881138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 561.740382][ T38] #1: ffffc900040ffbc0 ((work_completion)(&(&nsim_dev->trap_data->trap_report_dw)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 561.740442][ T38] #2: ffff888026acb300 (&devlink->lock_key#7){+.+.}-{4:4}, at: nsim_dev_trap_report_work+0x57/0xbc0 [ 561.740509][ T38] #3: ffff88805d551d20 (&nsim_trap_data->trap_lock){+.+.}-{3:3}, at: nsim_dev_trap_report_work+0x1ad/0xbc0 [ 561.740574][ T38] #4: ffffffff8d9a8dc0 (rcu_read_lock){....}-{1:3}, at: rt_spin_lock+0x1bb/0x2c0 [ 561.740630][ T38] #5: ffffffff8d84a9a0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 561.740686][ T38] #6: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 561.740747][ T38] 2 locks held by aoe_tx0/1320: [ 561.740759][ T38] #0: ffffffff8d84a9a0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 561.740815][ T38] #1: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 561.740872][ T38] 3 locks held by kworker/u8:6/1409: [ 561.740885][ T38] #0: ffff888019881138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 561.740949][ T38] #1: ffffc900050f7bc0 ((linkwatch_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 561.741006][ T38] #2: ffffffff8ecd38b8 (rtnl_mutex){+.+.}-{4:4}, at: linkwatch_event+0xe/0x60 [ 561.741058][ T38] 5 locks held by kworker/u8:8/1490: [ 561.741071][ T38] #0: ffff888019881138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 561.741128][ T38] #1: ffffc900054f7bc0 ((work_completion)(&rdev->wiphy_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 561.741186][ T38] #2: ffff88805ed60898 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: cfg80211_wiphy_work+0xc4/0x470 [ 561.741247][ T38] #3: ffffffff8d84a9a0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 561.741303][ T38] #4: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 561.741360][ T38] 5 locks held by kworker/u8:9/1516: [ 561.741373][ T38] #0: ffff888019881138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 561.741430][ T38] #1: ffffc900054c7bc0 ((work_completion)(&rdev->wiphy_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 561.741488][ T38] #2: ffff88805eb00898 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: cfg80211_wiphy_work+0xc4/0x470 [ 561.741549][ T38] #3: ffffffff8d84a9a0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 561.741605][ T38] #4: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 561.741672][ T38] 4 locks held by kworker/0:2/3109: [ 561.741685][ T38] #0: ffff88805a3a0938 ((wq_completion)wg-kex-wg1#8){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 561.741748][ T38] #1: ffffc9000d16fbc0 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __ptr = (unsigned long) ((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker)))); (typeof((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker))))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 561.741826][ T38] #2: ffffffff8d84a9a0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 561.741882][ T38] #3: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 561.741947][ T38] 3 locks held by kworker/u8:11/3118: [ 561.741961][ T38] 5 locks held by kworker/u8:12/3131: [ 561.741973][ T38] #0: ffff888019881138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 561.742031][ T38] #1: ffffc9000d0bfbc0 ((work_completion)(&rdev->wiphy_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 561.742088][ T38] #2: ffff88805f140898 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: cfg80211_wiphy_work+0xc4/0x470 [ 561.742149][ T38] #3: ffffffff8d84a9a0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 561.742204][ T38] #4: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 561.742261][ T38] 4 locks held by kworker/R-mld/3228: [ 561.742275][ T38] 7 locks held by kworker/u8:13/3587: [ 561.742288][ T38] #0: ffff888019881138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 561.742345][ T38] #1: ffffc9000d9bfbc0 ((work_completion)(&(&nsim_dev->trap_data->trap_report_dw)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 561.742404][ T38] #2: ffff888038282300 (&devlink->lock_key#4){+.+.}-{4:4}, at: nsim_dev_trap_report_work+0x57/0xbc0 [ 561.742470][ T38] #3: ffff88805c719920 (&nsim_trap_data->trap_lock){+.+.}-{3:3}, at: nsim_dev_trap_report_work+0x1ad/0xbc0 [ 561.742532][ T38] #4: ffffffff8d9a8dc0 (rcu_read_lock){....}-{1:3}, at: rt_spin_lock+0x1bb/0x2c0 [ 561.742588][ T38] #5: ffffffff8d84a9a0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 561.742644][ T38] #6: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 561.742702][ T38] 3 locks held by kworker/u8:14/4280: [ 561.742715][ T38] #0: ffff88802fcf1938 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 561.742772][ T38] #1: ffffc9000ebcfbc0 ((work_completion)(&(&ifa->dad_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 561.742831][ T38] #2: ffffffff8ecd38b8 (rtnl_mutex){+.+.}-{4:4}, at: addrconf_dad_work+0x119/0x15a0 [ 561.742887][ T38] 3 locks held by udevd/5208: [ 561.742906][ T38] #0: ffff88802c0ae350 (sk_lock-AF_NETLINK){+.+.}-{0:0}, at: netlink_insert+0xd3/0x1370 [ 561.742965][ T38] #1: ffffffff8d84a9a0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 561.743020][ T38] #2: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 561.743078][ T38] 1 lock held by dhcpcd/5503: [ 561.743091][ T38] #0: ffffffff8ecd38b8 (rtnl_mutex){+.+.}-{4:4}, at: devinet_ioctl+0x323/0x1b50 [ 561.743154][ T38] 2 locks held by getty/5595: [ 561.743166][ T38] #0: ffff88823bf728a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 561.743217][ T38] #1: ffffc90003e832e0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x444/0x1410 [ 561.743276][ T38] 3 locks held by syz-executor/5825: [ 561.743289][ T38] #0: ffff88802845b110 (sk_lock-AF_INET){+.+.}-{0:0}, at: tcp_recvmsg+0xd3/0x560 [ 561.743347][ T38] #1: ffffffff8d84a9a0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 561.743403][ T38] #2: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 561.743462][ T38] 4 locks held by kworker/u9:5/5846: [ 561.743474][ T38] #0: ffff8880387ea938 ((wq_completion)hci7#2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 561.743537][ T38] #1: ffffc90004be7bc0 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 561.743594][ T38] #2: ffff8880314400a8 (&hdev->lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x9b/0x8e0 [ 561.743653][ T38] #3: ffffffff8ee3b358 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x516/0x8e0 [ 561.743710][ T38] 6 locks held by kworker/u9:6/5848: [ 561.743723][ T38] #0: ffff88805b3f8138 ((wq_completion)hci5){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 561.743780][ T38] #1: ffffc90004c07bc0 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 561.743837][ T38] #2: ffff888059d60e80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_cmd_sync_work+0x1d4/0x3a0 [ 561.743898][ T38] #3: ffff888059d600a8 (&hdev->lock){+.+.}-{4:4}, at: hci_abort_conn_sync+0x242/0xe30 [ 561.743960][ T38] #4: ffffffff8ee3b358 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_failed+0x165/0x310 [ 561.744022][ T38] #5: ffff888023edd358 (&conn->lock#2){+.+.}-{4:4}, at: l2cap_conn_del+0x70/0x680 [ 561.744077][ T38] 5 locks held by kworker/u9:8/5850: [ 561.744090][ T38] #0: ffff888060eb6138 ((wq_completion)hci1){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 561.744148][ T38] #1: ffffc90004c27bc0 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 561.744206][ T38] #2: ffff88804fe10e80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_cmd_sync_work+0x1d4/0x3a0 [ 561.744260][ T38] #3: ffff88804fe100a8 (&hdev->lock){+.+.}-{4:4}, at: hci_abort_conn_sync+0x242/0xe30 [ 561.744321][ T38] #4: ffffffff8ee3b358 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_failed+0x165/0x310 [ 561.744383][ T38] 3 locks held by syz-executor/5851: [ 561.744395][ T38] #0: ffff888029f28e80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_unregister_dev+0x212/0x510 [ 561.744453][ T38] #1: ffff888029f280a8 (&hdev->lock){+.+.}-{4:4}, at: hci_dev_close_sync+0x66a/0x1330 [ 561.744513][ T38] #2: ffffffff8ee3b358 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_hash_flush+0xa1/0x230 [ 561.744567][ T38] 4 locks held by kworker/R-wg-cr/5875: [ 561.744579][ T38] #0: ffff88805a2ded38 ((wq_completion)wg-crypt-wg0#4){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 561.744642][ T38] #1: ffffc90004e07ba0 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __ptr = (unsigned long) ((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker)))); (typeof((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker))))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 561.744720][ T38] #2: ffffffff8d84a9a0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 561.744777][ T38] #3: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 561.744834][ T38] 4 locks held by kworker/R-wg-cr/5877: [ 561.744847][ T38] #0: ffff88805a3a0d38 ((wq_completion)wg-crypt-wg1#4){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 561.744917][ T38] #1: ffffc90004e27ba0 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __ptr = (unsigned long) ((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker)))); (typeof((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker))))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 561.744994][ T38] #2: ffffffff8d84a9a0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 561.745051][ T38] #3: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 561.745108][ T38] 4 locks held by kworker/R-wg-cr/5878: [ 561.745121][ T38] #0: ffff88805a3a1538 ((wq_completion)wg-crypt-wg0#5){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 561.745181][ T38] #1: ffffc90004e37ba0 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __ptr = (unsigned long) ((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker)))); (typeof((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker))))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 561.778704][ T38] #2: ffffffff8d84a9a0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 561.778764][ T38] #3: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 561.778825][ T38] 4 locks held by kworker/R-wg-cr/5882: [ 561.778838][ T38] #0: ffff88805a97f538 ((wq_completion)wg-crypt-wg2#4){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 561.778909][ T38] #1: ffffc90004d97ba0 ((work_completion)(&peer->transmit_packet_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 561.778967][ T38] #2: ffffffff8d84a9a0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 561.779023][ T38] #3: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 561.779079][ T38] 4 locks held by kworker/R-wg-cr/5883: [ 561.779092][ T38] #0: ffff8880314fb938 ((wq_completion)wg-crypt-wg1#5){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 561.779155][ T38] #1: ffffc90004e67ba0 ((work_completion)(&peer->transmit_packet_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 561.779213][ T38] #2: ffffffff8d84a9a0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 561.779269][ T38] #3: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 561.779326][ T38] 4 locks held by kworker/R-wg-cr/5887: [ 561.779339][ T38] #0: ffff8880298fd938 ((wq_completion)wg-crypt-wg2#5){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 561.779402][ T38] #1: ffffc90004eb7ba0 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __ptr = (unsigned long) ((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker)))); (typeof((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker))))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 561.779479][ T38] #2: ffffffff8d84a9a0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 561.779541][ T38] #3: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 561.779599][ T38] 4 locks held by kworker/R-wg-cr/5888: [ 561.779612][ T38] #0: ffff88805a890938 ((wq_completion)wg-crypt-wg2#3){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 561.779674][ T38] #1: ffffc90004e87ba0 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __ptr = (unsigned long) ((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker)))); (typeof((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker))))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 561.779757][ T38] #2: ffffffff8d84a9a0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 561.779813][ T38] #3: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 561.779870][ T38] 4 locks held by kworker/1:4/5892: [ 561.779883][ T38] #0: ffff88805a3a1138 ((wq_completion)wg-kex-wg0#10){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 561.779954][ T38] #1: ffffc90004ec7bc0 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __ptr = (unsigned long) ((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker)))); (typeof((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker))))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 561.780033][ T38] #2: ffffffff8d84a9a0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 561.780089][ T38] #3: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 561.780148][ T38] 2 locks held by kworker/0:3/5913: [ 561.780161][ T38] 2 locks held by napi/wg0-0/5916: [ 561.780174][ T38] #0: ffffffff8d84a9a0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 561.780230][ T38] #1: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 561.780289][ T38] 6 locks held by kworker/0:4/5921: [ 561.780303][ T38] 4 locks held by kworker/0:5/5930: [ 561.780315][ T38] #0: ffff88805a3a0d38 ((wq_completion)wg-crypt-wg1#4){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 561.780377][ T38] #1: ffffc90005177bc0 ((work_completion)(&peer->transmit_packet_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 561.780436][ T38] #2: ffffffff8d84a9a0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 561.780492][ T38] #3: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 561.780548][ T38] 3 locks held by kworker/0:6/6049: [ 561.780560][ T38] #0: ffff888019898538 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 561.780618][ T38] #1: ffffc90005457bc0 (deferred_process_work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 561.780674][ T38] #2: ffffffff8ecd38b8 (rtnl_mutex){+.+.}-{4:4}, at: switchdev_deferred_process_work+0xe/0x20 [ 561.780729][ T38] 4 locks held by kworker/0:7/6274: [ 561.780742][ T38] #0: ffff88805a2de938 ((wq_completion)wg-kex-wg0#8){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 561.780804][ T38] #1: ffffc900061dfbc0 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __ptr = (unsigned long) ((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker)))); (typeof((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker))))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 561.780882][ T38] #2: ffffffff8d84a9a0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 561.780945][ T38] #3: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 561.780999][ T38] 2 locks held by ipvs-m:5:0/7696: [ 561.781012][ T38] #0: ffffffff8d84a9a0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 561.781068][ T38] #1: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 561.781126][ T38] 4 locks held by syz-executor/8841: [ 561.781139][ T38] #0: ffffffff8ecd38b8 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x41/0x1c0 [ 561.781201][ T38] #1: ffffffff8d9a8dc0 (rcu_read_lock){....}-{1:3}, at: __fib6_clean_all+0x9e/0x3b0 [ 561.781256][ T38] #2: ffffffff8d84a9a0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 561.781312][ T38] #3: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 561.781370][ T38] 7 locks held by kworker/u8:3/9223: [ 561.781383][ T38] #0: ffff888019881138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 561.781441][ T38] #1: ffffc9000bb0fbc0 ((work_completion)(&(&nsim_dev->trap_data->trap_report_dw)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 561.781502][ T38] #2: ffff88802138c300 (&devlink->lock_key#5){+.+.}-{4:4}, at: nsim_dev_trap_report_work+0x57/0xbc0 [ 561.781570][ T38] #3: ffff88805c99dd20 (&nsim_trap_data->trap_lock){+.+.}-{3:3}, at: nsim_dev_trap_report_work+0x1ad/0xbc0 [ 561.781634][ T38] #4: ffffffff8d9a8dc0 (rcu_read_lock){....}-{1:3}, at: rt_spin_lock+0x1bb/0x2c0 [ 561.781691][ T38] #5: ffffffff8d84a9a0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 561.781747][ T38] #6: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 561.781806][ T38] 2 locks held by syz-executor/9340: [ 561.781818][ T38] #0: ffffffff8f1d8058 (&ops->srcu#2){.+.+}-{0:0}, at: rtnl_link_ops_get+0x23/0x250 [ 561.781886][ T38] #1: ffffffff8ecd38b8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x8db/0x1c70 [ 561.781953][ T38] 2 locks held by syz-executor/9375: [ 561.781965][ T38] #0: ffffffff8ecc69a0 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x304/0x4d0 [ 561.782025][ T38] #1: ffffffff8ecd38b8 (rtnl_mutex){+.+.}-{4:4}, at: ip_tunnel_init_net+0x2ab/0x800 [ 561.782083][ T38] 2 locks held by syz.1.1077/9408: [ 561.782095][ T38] #0: ffffffff8f1d7818 (&ops->srcu#2){.+.+}-{0:0}, at: rtnl_link_ops_get+0x23/0x250 [ 561.782162][ T38] #1: ffffffff8ecd38b8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x8db/0x1c70 [ 561.782220][ T38] 6 locks held by kworker/u8:7/9425: [ 561.782233][ T38] #0: ffff88805a846938 ((wq_completion)wg-kex-wg2#7){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 561.782296][ T38] #1: ffffc9001db9fbc0 ((work_completion)(&peer->transmit_handshake_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 561.782355][ T38] #2: ffff888035c555f8 (&wg->static_identity.lock){++++}-{4:4}, at: wg_noise_handshake_create_initiation+0x10a/0x7e0 [ 561.782412][ T38] #3: ffff88805c5f4e20 (&handshake->lock){++++}-{4:4}, at: wg_noise_handshake_create_initiation+0x11b/0x7e0 [ 561.782469][ T38] #4: ffffffff8d84a9a0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 561.782525][ T38] #5: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 561.782583][ T38] 5 locks held by kworker/u8:10/9426: [ 561.782596][ T38] 6 locks held by kworker/u8:15/9427: [ 561.782608][ T38] #0: ffff88805a626938 ((wq_completion)wg-kex-wg2#9){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 561.782671][ T38] #1: ffffc9001ee3fbc0 ((work_completion)(&peer->transmit_handshake_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 561.782730][ T38] #2: ffff8880357b55f8 (&wg->static_identity.lock){++++}-{4:4}, at: wg_noise_handshake_create_initiation+0x10a/0x7e0 [ 561.782786][ T38] #3: ffff88805ca8d8b8 (&handshake->lock){++++}-{4:4}, at: wg_noise_handshake_create_initiation+0x11b/0x7e0 [ 561.782842][ T38] #4: ffffffff8d84a9a0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 561.782905][ T38] #5: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 561.782963][ T38] 4 locks held by kworker/0:8/9430: [ 561.782975][ T38] #0: ffff88805a890938 ((wq_completion)wg-crypt-wg2#3){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 561.783037][ T38] #1: ffffc9001ee0fbc0 ((work_completion)(&peer->transmit_packet_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 561.783094][ T38] #2: ffffffff8d84a9a0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 561.783151][ T38] #3: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 561.783208][ T38] 4 locks held by kworker/0:9/9431: [ 561.783221][ T38] #0: ffff88805a3a1138 ((wq_completion)wg-kex-wg0#10){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 561.783284][ T38] #1: ffffc900051b7bc0 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __ptr = (unsigned long) ((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker)))); (typeof((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker))))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 561.783363][ T38] #2: ffffffff8d84a9a0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 561.783418][ T38] #3: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 561.783476][ T38] 6 locks held by kworker/u8:17/9434: [ 561.783489][ T38] #0: ffff88805a623938 ((wq_completion)wg-kex-wg1#7){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 561.783551][ T38] #1: ffffc90005157bc0 ((work_completion)(&peer->transmit_handshake_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 561.783609][ T38] #2: ffff88805a6d55f8 (&wg->static_identity.lock){++++}-{4:4}, at: wg_noise_handshake_create_initiation+0x10a/0x7e0 [ 561.783665][ T38] #3: ffff88805ca89928 (&handshake->lock){++++}-{4:4}, at: wg_noise_handshake_create_initiation+0x11b/0x7e0 [ 561.783720][ T38] #4: ffffffff8d84a9a0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 561.783776][ T38] #5: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 561.783834][ T38] 4 locks held by kworker/0:10/9438: [ 561.783847][ T38] #0: ffff88805a97cd38 ((wq_completion)wg-crypt-wg0#3){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 561.783916][ T38] #1: ffffc9000fc0fbc0 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __ptr = (unsigned long) ((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker)))); (typeof((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker))))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 561.783994][ T38] #2: ffffffff8d84a9a0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 561.784050][ T38] #3: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 561.784107][ T38] 4 locks held by syz-executor/9441: [ 561.784119][ T38] #0: ffff88805ddd2af8 (&sb->s_type->i_mutex_key#10){+.+.}-{4:4}, at: sock_close+0x9b/0x240 [ 561.784182][ T38] #1: ffff88802cb40350 (sk_lock-AF_BLUETOOTH-BTPROTO_HCI){+.+.}-{0:0}, at: hci_sock_release+0x5b/0x540 [ 561.784233][ T38] #2: ffffffff8d84a9a0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 561.784288][ T38] #3: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 561.784345][ T38] 6 locks held by kworker/u8:19/9442: [ 561.784358][ T38] #0: ffff88803ab88938 ((wq_completion)wg-kex-wg2#5){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 561.784420][ T38] #1: ffffc9000fbffbc0 ((work_completion)(&peer->transmit_handshake_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 561.784477][ T38] #2: ffff88805b0915f8 (&wg->static_identity.lock){++++}-{4:4}, at: wg_noise_handshake_create_initiation+0x10a/0x7e0 [ 561.784533][ T38] #3: ffff88805c5f2e58 (&handshake->lock){++++}-{4:4}, at: wg_noise_handshake_create_initiation+0x11b/0x7e0 [ 561.784589][ T38] #4: ffffffff8d84a9a0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 561.784644][ T38] #5: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 561.784702][ T38] 7 locks held by kworker/u8:20/9443: [ 561.784714][ T38] #0: ffff888019881138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 561.784772][ T38] #1: ffffc9001f0cfbc0 ((work_completion)(&(&nsim_dev->trap_data->trap_report_dw)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 561.784831][ T38] #2: ffff888038459300 (&devlink->lock_key#2){+.+.}-{4:4}, at: nsim_dev_trap_report_work+0x57/0xbc0 [ 561.784906][ T38] #3: ffff88805e19c120 (&nsim_trap_data->trap_lock){+.+.}-{3:3}, at: nsim_dev_trap_report_work+0x1ad/0xbc0 [ 561.784966][ T38] #4: ffffffff8d9a8dc0 (rcu_read_lock){....}-{1:3}, at: rt_spin_lock+0x1bb/0x2c0 [ 561.785016][ T38] #5: ffffffff8d84a9a0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 561.785071][ T38] #6: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 561.785128][ T38] 4 locks held by kworker/u8:21/9444: [ 561.785141][ T38] #0: ffff88805a626138 ((wq_completion)wg-kex-wg1#5){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 561.888267][ T38] #1: ffffc9001e05fbc0 ((work_completion)(&peer->transmit_handshake_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 561.888346][ T38] #2: ffffffff8d84a9a0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 561.888404][ T38] #3: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 561.888464][ T38] 4 locks held by kworker/0:11/9445: [ 561.888478][ T38] #0: ffff888019899938 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 561.888536][ T38] #1: ffffc90004f07bc0 ((work_completion)(&(&tbl->managed_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 561.888595][ T38] #2: ffffffff8d84a9a0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 561.888651][ T38] #3: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 561.888708][ T38] 6 locks held by kworker/u8:23/9448: [ 561.888721][ T38] #0: ffff88805a626938 ((wq_completion)wg-kex-wg2#9){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 561.888784][ T38] #1: ffffc9000bf17bc0 ((work_completion)(&peer->transmit_handshake_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 561.888843][ T38] #2: ffff8880357b55f8 (&wg->static_identity.lock){++++}-{4:4}, at: wg_noise_handshake_create_initiation+0x10a/0x7e0 [ 561.888908][ T38] #3: ffff88805ca8ce20 (&handshake->lock){++++}-{4:4}, at: wg_noise_handshake_create_initiation+0x11b/0x7e0 [ 561.888964][ T38] #4: ffffffff8d84a9a0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 561.889020][ T38] #5: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 561.889078][ T38] 4 locks held by syz-executor/9449: [ 561.889091][ T38] #0: ffff88803df73878 (&sb->s_type->i_mutex_key#10){+.+.}-{4:4}, at: sock_close+0x9b/0x240 [ 561.889152][ T38] #1: ffff88805b2f3350 (sk_lock-AF_BLUETOOTH-BTPROTO_HCI){+.+.}-{0:0}, at: hci_sock_release+0x5b/0x540 [ 561.889204][ T38] #2: ffffffff8d84a9a0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 561.889260][ T38] #3: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 561.889317][ T38] 4 locks held by kworker/1:8/9451: [ 561.889331][ T38] 4 locks held by syz-executor/9455: [ 561.889343][ T38] #0: ffff88803df70ff8 (&sb->s_type->i_mutex_key#10){+.+.}-{4:4}, at: sock_close+0x9b/0x240 [ 561.889403][ T38] #1: ffff888028680350 (sk_lock-AF_BLUETOOTH-BTPROTO_HCI){+.+.}-{0:0}, at: hci_sock_release+0x5b/0x540 [ 561.889453][ T38] #2: ffffffff8d84a9a0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 561.889510][ T38] #3: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 561.889567][ T38] 4 locks held by kworker/u9:0/9457: [ 561.889580][ T38] #0: ffff88814d773138 ((wq_completion)krxrpcd){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 561.889637][ T38] #1: ffffc9000964fbc0 ((work_completion)(&rxnet->peer_keepalive_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 561.889696][ T38] #2: ffffffff8d84a9a0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 561.889752][ T38] #3: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 561.889809][ T38] 4 locks held by kworker/u9:3/9458: [ 561.889822][ T38] #0: ffff888060d09138 ((wq_completion)hci6#2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 561.889892][ T38] #1: ffffc90004af7bc0 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 561.889949][ T38] #2: ffff88803bb080a8 (&hdev->lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x9b/0x8e0 [ 561.890007][ T38] #3: ffffffff8ee3b358 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x516/0x8e0 [ 561.890064][ T38] 4 locks held by kworker/1:9/9459: [ 561.890077][ T38] #0: ffff88805a2de938 ((wq_completion)wg-kex-wg0#8){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 561.890140][ T38] #1: ffffc90004c17bc0 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __ptr = (unsigned long) ((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker)))); (typeof((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker))))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 561.890218][ T38] #2: ffffffff8d84a9a0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 561.890274][ T38] #3: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 561.890332][ T38] 1 lock held by syz-executor/9462: [ 561.890346][ T38] 4 locks held by syz-executor/9464: [ 561.890358][ T38] #0: ffff8880618f7448 (vm_lock){++++}-{0:0}, at: lock_vma_under_rcu+0x19f/0x3d0 [ 561.890410][ T38] #1: ffff888039512f50 (&mm->mmap_lock){++++}-{4:4}, at: mmap_read_trylock+0x1f/0x80 [ 561.890464][ T38] #2: ffffffff8dac5768 (remove_cache_srcu){.+.+}-{0:0}, at: srcu_read_lock+0x27/0x60 [ 561.890519][ T38] #3: ffff88801d6b4858 (&n->list_lock){+.+.}-{3:3}, at: __slab_free+0x19e/0x390 [ 561.890574][ T38] [ 561.890580][ T38] ============================================= [ 561.890580][ T38] [ 561.890600][ T38] NMI backtrace for cpu 1 [ 561.890630][ T38] CPU: 1 UID: 0 PID: 38 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 561.890677][ T38] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 561.890694][ T38] Call Trace: [ 561.890703][ T38] [ 561.890712][ T38] dump_stack_lvl+0x189/0x250 [ 561.890750][ T38] ? __pfx_dump_stack_lvl+0x10/0x10 [ 561.890783][ T38] ? __pfx__printk+0x10/0x10 [ 561.890820][ T38] nmi_cpu_backtrace+0x39e/0x3d0 [ 561.890853][ T38] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 561.890891][ T38] ? __pfx__printk+0x10/0x10 [ 561.890920][ T38] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 561.890950][ T38] nmi_trigger_cpumask_backtrace+0x17a/0x300 [ 561.890983][ T38] watchdog+0xf93/0xfe0 [ 561.891017][ T38] ? watchdog+0x1de/0xfe0 [ 561.891051][ T38] kthread+0x711/0x8a0 [ 561.891088][ T38] ? __pfx_watchdog+0x10/0x10 [ 561.891115][ T38] ? __pfx_kthread+0x10/0x10 [ 561.891153][ T38] ? __pfx_kthread+0x10/0x10 [ 561.891186][ T38] ret_from_fork+0x436/0x7d0 [ 561.891218][ T38] ? __pfx_ret_from_fork+0x10/0x10 [ 561.891253][ T38] ? __switch_to_asm+0x39/0x70 [ 561.891272][ T38] ? __switch_to_asm+0x33/0x70 [ 561.891292][ T38] ? __pfx_kthread+0x10/0x10 [ 561.891325][ T38] ret_from_fork_asm+0x1a/0x30 [ 561.891363][ T38] [ 561.891371][ T38] Sending NMI from CPU 1 to CPUs 0: [ 561.891401][ C0] NMI backtrace for cpu 0 [ 561.891415][ C0] CPU: 0 UID: 0 PID: 16 Comm: ktimers/0 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 561.891436][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 561.891447][ C0] RIP: 0010:check_preemption_disabled+0x45/0x120 [ 561.891471][ C0] Code: f5 fe 06 65 8b 0d fb f4 fe 06 f7 c1 ff ff ff 7f 74 23 65 48 8b 0d db f4 fe 06 48 3b 4c 24 08 0f 85 cc 00 00 00 48 83 c4 10 5b <41> 5e 41 5f 5d e9 41 95 03 00 cc 48 c7 04 24 00 00 00 00 9c 8f 04 [ 561.891487][ C0] RSP: 0018:ffffc90000156678 EFLAGS: 00000082 [ 561.891502][ C0] RAX: 0000000000000000 RBX: 0000000000000000 RCX: eae1c4a8c91a8d00 [ 561.891515][ C0] RDX: 0000000000000000 RSI: ffffffff8d04e345 RDI: ffffffff8b621680 [ 561.891528][ C0] RBP: ffffffff8172c165 R08: 0000000000000000 R09: 0000000000000000 [ 561.891540][ C0] R10: ffffc90000156858 R11: ffffffff81aaf080 R12: 0000000000000002 [ 561.891552][ C0] R13: ffffffff8d9a8dc0 R14: 0000000000000000 R15: 0000000000000246 [ 561.891564][ C0] FS: 0000000000000000(0000) GS:ffff8881268bc000(0000) knlGS:0000000000000000 [ 561.891580][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 561.891593][ C0] CR2: 00007ff9d8f0c038 CR3: 000000008f56c000 CR4: 00000000003526f0 [ 561.891610][ C0] Call Trace: [ 561.891616][ C0] [ 561.891623][ C0] ? unwind_next_frame+0xa5/0x2390 [ 561.891649][ C0] lock_acquire+0xe7/0x360 [ 561.891677][ C0] ? unwind_next_frame+0xa5/0x2390 [ 561.891703][ C0] ? kthread+0x711/0x8a0 [ 561.891730][ C0] ? unwind_next_frame+0xa5/0x2390 [ 561.891755][ C0] unwind_next_frame+0xc2/0x2390 [ 561.891780][ C0] ? unwind_next_frame+0xa5/0x2390 [ 561.891809][ C0] ? unwind_next_frame+0xa5/0x2390 [ 561.891834][ C0] ? smpboot_thread_fn+0x542/0xa60 [ 561.891860][ C0] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 561.891882][ C0] arch_stack_walk+0x11c/0x150 [ 561.891912][ C0] ? kthread+0x711/0x8a0 [ 561.891941][ C0] stack_trace_save+0x9c/0xe0 [ 561.891960][ C0] ? __pfx_stack_trace_save+0x10/0x10 [ 561.891978][ C0] ? do_raw_spin_lock+0x121/0x290 [ 561.892005][ C0] kasan_save_track+0x3e/0x80 [ 561.892025][ C0] ? kasan_save_track+0x3e/0x80 [ 561.892045][ C0] ? __kasan_slab_alloc+0x6c/0x80 [ 561.892066][ C0] ? kmem_cache_alloc_noprof+0x143/0x310 [ 561.892091][ C0] ? fill_pool+0x100/0x570 [ 561.892115][ C0] ? debug_objects_fill_pool+0x107/0x120 [ 561.892144][ C0] ? debug_object_activate+0x6c/0x3a0 [ 561.892167][ C0] ? call_rcu+0xaa/0x9c0 [ 561.892182][ C0] ? skb_release_head_state+0x71/0x250 [ 561.892198][ C0] ? consume_skb+0x60/0xf0 [ 561.892224][ C0] ? nft_synproxy_eval_v4+0x376/0x560 [ 561.892244][ C0] ? nft_synproxy_do_eval+0x345/0x570 [ 561.892263][ C0] ? nft_do_chain+0x40c/0x1920 [ 561.892280][ C0] ? nft_do_chain_inet+0x25d/0x340 [ 561.892298][ C0] ? nf_hook_slow+0xc2/0x220 [ 561.892323][ C0] ? NF_HOOK+0x206/0x3a0 [ 561.892346][ C0] ? NF_HOOK+0x30c/0x3a0 [ 561.892369][ C0] ? __netif_receive_skb+0x143/0x380 [ 561.892391][ C0] ? process_backlog+0x31e/0x900 [ 561.892415][ C0] ? __napi_poll+0xb3/0x540 [ 561.892435][ C0] ? net_rx_action+0x707/0xe00 [ 561.892458][ C0] ? handle_softirqs+0x22c/0x710 [ 561.892480][ C0] ? run_ktimerd+0xcf/0x190 [ 561.892503][ C0] ? smpboot_thread_fn+0x542/0xa60 [ 561.892525][ C0] ? kthread+0x711/0x8a0 [ 561.892567][ C0] ? fill_pool+0x100/0x570 [ 561.892592][ C0] __kasan_slab_alloc+0x6c/0x80 [ 561.892614][ C0] ? fill_pool+0x100/0x570 [ 561.892638][ C0] kmem_cache_alloc_noprof+0x143/0x310 [ 561.892666][ C0] fill_pool+0x100/0x570 [ 561.892691][ C0] ? debug_objects_fill_pool+0xdf/0x120 [ 561.892716][ C0] ? __pfx_fill_pool+0x10/0x10 [ 561.892743][ C0] ? debug_objects_fill_pool+0xdf/0x120 [ 561.892767][ C0] ? debug_objects_fill_pool+0xdf/0x120 [ 561.892792][ C0] debug_objects_fill_pool+0x107/0x120 [ 561.892817][ C0] ? __pfx_debug_objects_fill_pool+0x10/0x10 [ 561.892848][ C0] debug_object_activate+0x6c/0x3a0 [ 561.892877][ C0] ? __pfx_dst_destroy_rcu+0x10/0x10 [ 561.892898][ C0] call_rcu+0xaa/0x9c0 [ 561.892919][ C0] ? rcuref_put+0x1b7/0x210 [ 561.892937][ C0] ? __pfx_call_rcu+0x10/0x10 [ 561.892954][ C0] ? percpu_counter_add_batch+0xea/0x1e0 [ 561.892982][ C0] ? dst_release+0x126/0x1b0 [ 561.893002][ C0] skb_release_head_state+0x71/0x250 [ 561.893020][ C0] consume_skb+0x60/0xf0 [ 561.893047][ C0] nft_synproxy_eval_v4+0x376/0x560 [ 561.893071][ C0] ? __pfx_nft_synproxy_eval_v4+0x10/0x10 [ 561.893092][ C0] ? nf_ip_checksum+0x13c/0x510 [ 561.893113][ C0] nft_synproxy_do_eval+0x345/0x570 [ 561.893145][ C0] ? __pfx_nft_synproxy_do_eval+0x10/0x10 [ 561.893165][ C0] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 561.893196][ C0] nft_do_chain+0x40c/0x1920 [ 561.893221][ C0] ? __pfx_nft_do_chain+0x10/0x10 [ 561.893260][ C0] nft_do_chain_inet+0x25d/0x340 [ 561.893279][ C0] ? __pfx_nft_do_chain_inet+0x10/0x10 [ 561.893297][ C0] ? __lock_acquire+0xab9/0xd20 [ 561.893327][ C0] ? NF_HOOK+0x9a/0x3a0 [ 561.893351][ C0] ? __pfx_nft_do_chain_inet+0x10/0x10 [ 561.893371][ C0] nf_hook_slow+0xc2/0x220 [ 561.893399][ C0] NF_HOOK+0x206/0x3a0 [ 561.893425][ C0] ? __pfx_ip_local_deliver_finish+0x10/0x10 [ 561.893452][ C0] ? NF_HOOK+0x9a/0x3a0 [ 561.893475][ C0] ? __pfx_NF_HOOK+0x10/0x10 [ 561.893499][ C0] ? ip_rcv_finish_core+0xda3/0x1c00 [ 561.893527][ C0] ? __pfx_ip_local_deliver_finish+0x10/0x10 [ 561.893554][ C0] ? skb_dst+0x4f/0xd0 [ 561.893580][ C0] ? ip_local_deliver+0x12a/0x1b0 [ 561.893606][ C0] NF_HOOK+0x30c/0x3a0 [ 561.893632][ C0] ? __pfx_ip_rcv_finish+0x10/0x10 [ 561.893657][ C0] ? NF_HOOK+0x9a/0x3a0 [ 561.893681][ C0] ? __pfx_NF_HOOK+0x10/0x10 [ 561.893707][ C0] ? __pfx_ip_rcv_finish+0x10/0x10 [ 561.893738][ C0] ? __pfx_ip_rcv+0x10/0x10 [ 561.893762][ C0] __netif_receive_skb+0x143/0x380 [ 561.893784][ C0] ? rt_spin_unlock+0x65/0x80 [ 561.893810][ C0] ? process_backlog+0x27b/0x900 [ 561.893834][ C0] process_backlog+0x31e/0x900 [ 561.893865][ C0] __napi_poll+0xb3/0x540 [ 561.893891][ C0] net_rx_action+0x707/0xe00 [ 561.893925][ C0] ? __pfx_net_rx_action+0x10/0x10 [ 561.893968][ C0] handle_softirqs+0x22c/0x710 [ 561.893996][ C0] ? __pfx_handle_softirqs+0x10/0x10 [ 561.894024][ C0] run_ktimerd+0xcf/0x190 [ 561.894049][ C0] ? __pfx_run_ktimerd+0x10/0x10 [ 561.894073][ C0] ? schedule+0x91/0x360 [ 561.894103][ C0] ? smpboot_thread_fn+0x4d/0xa60 [ 561.894124][ C0] smpboot_thread_fn+0x542/0xa60 [ 561.894153][ C0] ? smpboot_thread_fn+0x4d/0xa60 [ 561.894181][ C0] kthread+0x711/0x8a0 [ 561.894209][ C0] ? __pfx_smpboot_thread_fn+0x10/0x10 [ 561.894232][ C0] ? __pfx_kthread+0x10/0x10 [ 561.894261][ C0] ? __pfx_kthread+0x10/0x10 [ 561.894289][ C0] ret_from_fork+0x436/0x7d0 [ 561.894313][ C0] ? __pfx_ret_from_fork+0x10/0x10 [ 561.894340][ C0] ? __switch_to_asm+0x39/0x70 [ 561.894357][ C0] ? __switch_to_asm+0x33/0x70 [ 561.894373][ C0] ? __pfx_kthread+0x10/0x10 [ 561.894400][ C0] ret_from_fork_asm+0x1a/0x30 [ 561.894426][ C0] [ 562.078208][ T38] Kernel panic - not syncing: hung_task: blocked tasks [ 562.078232][ T38] CPU: 1 UID: 0 PID: 38 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 562.078256][ T38] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 562.078270][ T38] Call Trace: [ 562.078280][ T38] [ 562.078290][ T38] dump_stack_lvl+0x99/0x250 [ 562.078327][ T38] ? __asan_memcpy+0x40/0x70 [ 562.078352][ T38] ? __pfx_dump_stack_lvl+0x10/0x10 [ 562.078385][ T38] ? __pfx__printk+0x10/0x10 [ 562.078423][ T38] vpanic+0x281/0x750 [ 562.078458][ T38] ? __pfx_vpanic+0x10/0x10 [ 562.078490][ T38] ? preempt_schedule+0xae/0xc0 [ 562.078525][ T38] ? preempt_schedule_common+0x83/0xd0 [ 562.078564][ T38] panic+0xb9/0xc0 [ 562.078595][ T38] ? __pfx_panic+0x10/0x10 [ 562.078629][ T38] ? preempt_schedule_thunk+0x16/0x30 [ 562.078661][ T38] ? nmi_trigger_cpumask_backtrace+0x2bb/0x300 [ 562.078694][ T38] watchdog+0xfd2/0xfe0 [ 562.078729][ T38] ? watchdog+0x1de/0xfe0 [ 562.078764][ T38] kthread+0x711/0x8a0 [ 562.078801][ T38] ? __pfx_watchdog+0x10/0x10 [ 562.078829][ T38] ? __pfx_kthread+0x10/0x10 [ 562.078874][ T38] ? __pfx_kthread+0x10/0x10 [ 562.078909][ T38] ret_from_fork+0x436/0x7d0 [ 562.078941][ T38] ? __pfx_ret_from_fork+0x10/0x10 [ 562.078977][ T38] ? __switch_to_asm+0x39/0x70 [ 562.078997][ T38] ? __switch_to_asm+0x33/0x70 [ 562.079016][ T38] ? __pfx_kthread+0x10/0x10 [ 562.079051][ T38] ret_from_fork_asm+0x1a/0x30 [ 562.079089][ T38] [ 562.079419][ T38] Kernel Offset: disabled