last executing test programs: 1m0.383740426s ago: executing program 1 (id=4382): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000100)={0xffffffffffffffff, 0x0, 0x2}) 59.556842681s ago: executing program 1 (id=4391): bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f00000008c0)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000000000000051fa7824c74186dc02ec0696c37b64e3b24da3180100000005165c0f63cdc2e82818254950ee03568b8809a1ff4c7c4750eabfafcb9531b31e6a86827d1010c5a909ab98e00e19644a88e95ba26d1c9eecddb2d11c541418ceeb29b9b6829c6e433822bdb3cc85244aab60c1aae1314d7381fcfeb970bea672cf1e926f6a51479343144648a07a975bd89dc398712376610f6254f12495b4658319684387f6f3543205d4bc4ce05b8b961103673dff7f158052e62b20f05fd24108d8363d44fcd0f8f3647899762a17282a1914452d11f557c28f396eebdc858558db0276d14f9035f2b5f703e5be7e4acf8b78c2834ae5805fffee38a9a0033d520bcf6b08ede50899d4b9bdf85c71c5de2503dab358f42a2624c7daa9ed44039aab46419496362e54cfad05a0004ac71a003d7b85d07191bed4e5a890826300214146f7ed569985439baa355c2766dd056f5d79e454f3d873095e7a237bc06d035a8d601f21746d886419f38b34a495040000000071c2f0cce8c93cc17e9afa314fcb2ba15d646c66b0f65021829f87d988b4e2d71753b1549fa734f0b2e56dbd21ed2e09d0cddad721971637f384eed3034597c93e1c52f42cad0ed09c395dc6e9703660fefa1c80f467367c006f25caf0cbcefd13d68839893e39c588eb032905f91cafa4996dbf0c9be9654db05fb918086cc8228d02a3092c0830b8f587a5624515298b2d4eb2bde6f9a2eb83d53f717f13fa7552d92c51dbd32ea50c490ecd085d2811a7555c538cffffff7f00000000dd872244bfa64779e0f43a9c277e2910b7ccdc3d6726d34ad2101033a623ca2a49ad344884289130bc71cee2b7de62bf48129ae1af052a2d46a61625735a9eea7f793946b3229e861d8ea49806b3f7d4295f6b000000000000f337b1ceb2d8a65dcdcd895d7ba37098d2593fdaaef445af5bee02019c00000099b13ecda2a5b37de0519e974cba92ebaf0f701611a9b027ce04340bda4594cc9049c3f101629ab028145e004209ebe71a6fe84af50804000000000000004a27213354964e250a98fe357676f94b6947383e320fbb1118f586d5b9b1b977e1e1a4490ff67703a9b5900f8a6f8a805879dd91ec5ff435b219c53680c0ae04dcc4ef69b98fcb0d6b6a03a8b71a66b4e2876dc4b610444bf10000000000b046b6ae5d68156bcbd6d8793ade9a22ac8fc7857e5bbc14adc4e12b08f350c6789283b9990c72e64372a1f79769a8bdc632fc1a0b3417855d8b7d25ca4d404c23631ad3d2f55dcd385371c86170a4bca58c2b2b4eabc365f45bd10bb45b0c5bc354456a52be18d9b44014d20a3c51c8f013dade83562e73278662829e4f5a9ac00fd91178468c737f0872d97d38d11a176be5a0d7294c51eb161eddcfefa8837c7430721851ec2a107af0df6d43e732bbc01e76c66895eb85d36798d61622773591ee21ad9f6a1b73fa9cf3ffeb8a00b63af800a81d0fb8aa29df8b8ad6fbafefb5802a23cbdeeabceda5bfc5ff2fa5c1d61d04a1324794c6ed000696d9f04010c35474e690545c3d9bd836d4cef2585ba616e01c3d000000000000000000470ebc6f3453ecbf3047e4547d7632d3ad21798e730cb5d1da059b5bdb8107815dff995c0788906790406dfb4f8ee9f24ff94233e2e6e581e6e5de33a5f254c9a8b612547473c3001df3928dac9203b744619082421a8da7c00000000000000000000000000000018a73ef40cca690fb7595c6962984f8276677be6f66cbdbccf1896433808c9c84d74ac4a7c186a04a2250972f7acb156b21f9826b6acb7db32c4e3b3ec8b59fd972975edb1da872d81a35e4fda2f5cbde6b40bea20418c6e9dad30b791eea58f53e80fee4dd7fe08373ea2784fcd3a65261de71eb866458d2c22a"], &(0x7f0000000100)='GPL\x00'}, 0x70) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000040)={@cgroup=r0, r1, 0x2}, 0x10) socket$l2tp6(0xa, 0x2, 0x73) 59.338173206s ago: executing program 1 (id=4392): r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) memfd_create(&(0x7f0000000380)='/dev/loop#\x00', 0x5) r1 = fanotify_init(0x200, 0x0) fanotify_mark(r1, 0x101, 0x48001051, r0, 0x0) 58.73682951s ago: executing program 1 (id=4400): r0 = socket$igmp(0x2, 0x3, 0x2) r1 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_ADD_VIF(r1, 0x0, 0xca, &(0x7f0000000000)={0x2, 0x0, 0x81, 0x10001, @vifc_lcl_addr=@dev={0xac, 0x14, 0x14, 0x2b}, @remote}, 0x10) setsockopt$MRT_ADD_VIF(r0, 0x0, 0xca, &(0x7f0000000200)={0x1, 0x0, 0x1, 0x5, @vifc_lcl_addr=@loopback, @rand_addr=0x64010302}, 0x10) setsockopt$MRT_ADD_MFC(r0, 0x0, 0xcc, &(0x7f0000000140)={@multicast1, @multicast2, 0x0, "b200a06a95c980a6154dfb1e5c22cc42e3c374637bf5d25333abb4ddbe47fa66"}, 0x3c) 40.982258724s ago: executing program 1 (id=4400): r0 = socket$igmp(0x2, 0x3, 0x2) r1 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_ADD_VIF(r1, 0x0, 0xca, &(0x7f0000000000)={0x2, 0x0, 0x81, 0x10001, @vifc_lcl_addr=@dev={0xac, 0x14, 0x14, 0x2b}, @remote}, 0x10) setsockopt$MRT_ADD_VIF(r0, 0x0, 0xca, &(0x7f0000000200)={0x1, 0x0, 0x1, 0x5, @vifc_lcl_addr=@loopback, @rand_addr=0x64010302}, 0x10) setsockopt$MRT_ADD_MFC(r0, 0x0, 0xcc, &(0x7f0000000140)={@multicast1, @multicast2, 0x0, "b200a06a95c980a6154dfb1e5c22cc42e3c374637bf5d25333abb4ddbe47fa66"}, 0x3c) 24.339046686s ago: executing program 1 (id=4400): r0 = socket$igmp(0x2, 0x3, 0x2) r1 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_ADD_VIF(r1, 0x0, 0xca, &(0x7f0000000000)={0x2, 0x0, 0x81, 0x10001, @vifc_lcl_addr=@dev={0xac, 0x14, 0x14, 0x2b}, @remote}, 0x10) setsockopt$MRT_ADD_VIF(r0, 0x0, 0xca, &(0x7f0000000200)={0x1, 0x0, 0x1, 0x5, @vifc_lcl_addr=@loopback, @rand_addr=0x64010302}, 0x10) setsockopt$MRT_ADD_MFC(r0, 0x0, 0xcc, &(0x7f0000000140)={@multicast1, @multicast2, 0x0, "b200a06a95c980a6154dfb1e5c22cc42e3c374637bf5d25333abb4ddbe47fa66"}, 0x3c) 11.972864616s ago: executing program 2 (id=4757): r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000020000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7020000140000fbb7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000140)='sys_enter\x00', r1}, 0x10) r2 = gettid() rt_sigqueueinfo(r2, 0x21, &(0x7f0000001500)) 11.736750495s ago: executing program 2 (id=4760): mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_freezer_state(r0, &(0x7f00000001c0), 0x2, 0x0) mkdirat$cgroup(r0, 0x0, 0x1ff) preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0x18ff2}], 0x1, 0x0, 0x0) 11.527027746s ago: executing program 2 (id=4762): r0 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'bridge_slave_0\x00', 0x0}) sendmsg$ETHTOOL_MSG_LINKMODES_SET(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)={0x30, 0x0, 0x0, 0x0, 0x0, {}, [@ETHTOOL_A_LINKMODES_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}]}, @ETHTOOL_A_LINKMODES_OURS={0x4}]}, 0x30}}, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3400000013000100000000000000000007000000", @ANYRES32=r1, @ANYBLOB="000000000000000014001a80100004800c000680"], 0x34}}, 0x0) 11.249430465s ago: executing program 2 (id=4766): preadv(0xffffffffffffffff, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) r0 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000400), 0x2, 0x0) write$UHID_CREATE(r0, &(0x7f00000002c0)={0x0, {'syz0\x00', 'syz0\x00', 'syz1\x00', &(0x7f0000000240)=""/11, 0xb, 0x0, 0x0, 0x0, 0x0, 0x8000}}, 0x120) syz_usb_connect_ath9k(0x3, 0x5a, &(0x7f0000000100)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x48}}]}}, 0x0) write$UHID_INPUT2(r0, &(0x7f0000000500)=ANY=[@ANYBLOB="0c000000a9"], 0xaf) 9.316288309s ago: executing program 0 (id=4778): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x90) r0 = socket(0x10, 0x803, 0x0) r1 = socket(0x200000100000011, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'syz_tun\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000080)=ANY=[@ANYBLOB="540000001400b59500000000000000000a000000", @ANYRES32=r2, @ANYBLOB="140001000040000000000000000000000000000014000200fe8000000000000000000000000000aa140006"], 0x54}}, 0x0) 7.748748549s ago: executing program 4 (id=4779): sendmsg$NL802154_CMD_DEL_SEC_LEVEL(0xffffffffffffffff, &(0x7f00000005c0)={0x0, 0x3, &(0x7f0000000580)={&(0x7f0000000200)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16, @ANYBLOB="010000000000000000002100000008000300", @ANYRES32, @ANYBLOB="24002d80080002000300000005000100000000000500040000000000080003"], 0x40}}, 0x0) sendmsg$IPCTNL_MSG_EXP_NEW(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="580000000002000000000000000000000000000010000180f7000280050001000000000030"], 0x58}}, 0x0) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000000000000000000000aa63d9ae50003800800"], 0x28}}, 0x0) r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f00000001c0)=ANY=[@ANYBLOB="d824000028000100020000080000000004"], 0x24d8}], 0x1}, 0x0) 7.381928971s ago: executing program 4 (id=4782): r0 = socket$inet6(0xa, 0x800000000000002, 0x0) setsockopt$inet_opts(r0, 0x0, 0x6, &(0x7f0000000380)='\a', 0x1) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f0000001000)=0x43aa, 0x4) sendmmsg$inet6(r0, &(0x7f00000002c0)=[{{&(0x7f0000000400)={0xa, 0x4e23, 0x0, @ipv4={'\x00', '\xff\xff', @empty}}, 0x1c, 0x0}}], 0x1, 0x0) recvmmsg(r0, &(0x7f0000000800), 0x62, 0x12141, 0x0) 7.156554634s ago: executing program 4 (id=4783): r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_MCAST_JOIN_GROUP(r0, 0x0, 0x2a, &(0x7f0000000000)={0x3, {{0x2, 0x0, @multicast2}}}, 0x88) setsockopt$inet_MCAST_JOIN_GROUP(r0, 0x0, 0x2a, &(0x7f0000001040)={0x3, {{0x2, 0x0, @multicast1}}}, 0x88) syz_open_procfs(0x0, &(0x7f0000000000)='stat\x00') getsockopt$inet_buf(r0, 0x0, 0x30, &(0x7f0000000000)=""/4091, &(0x7f0000001000)=0xffb) 6.898245013s ago: executing program 3 (id=4785): r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(r0, 0xc0a85320, &(0x7f00000003c0)={{0x80}, 'port1\x00', 0xe3, 0x1b1c07}) r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000140), 0x401, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(r0, 0x40a85323, &(0x7f0000000000)={{0x80}, 'port1\x00', 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x4}) dup3(r0, r1, 0x0) 6.705508235s ago: executing program 3 (id=4786): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x42002) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f00000001c0)={0x0, 0x0, 0x0, 'queue1\x00'}) write$sndseq(r0, &(0x7f0000000000)=[{0x84, 0x77, 0x0, 0x0, @tick, {}, {}, @raw32}], 0xffc8) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000140)={0x1e6, @time}) 6.285409932s ago: executing program 3 (id=4787): r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x10, &(0x7f0000000000)=@framed={{0x18, 0x6}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r0}, {}, {}, {0x7, 0x0, 0xb, 0x7}}, @printk]}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f0000000000)=@framed={{0x18, 0x6}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r0}}]}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000640)={{r0, 0xffffffffffffffff}, &(0x7f00000005c0), &(0x7f0000000600)=r1}, 0x20) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x3, 0x8, &(0x7f0000000500)=@framed={{0x18, 0x8}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r2}}]}, &(0x7f0000000540)='GPL\x00', 0x4, 0xde, &(0x7f0000000340)=""/222}, 0x90) 6.024567486s ago: executing program 3 (id=4788): socket$netlink(0x10, 0x3, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/mdstat\x00', 0x0, 0x0) r0 = syz_io_uring_setup(0x736d, &(0x7f0000000780)={0x0, 0xb9c3, 0x10100, 0x0, 0x1c0}, &(0x7f0000000080)=0x0, &(0x7f0000000240)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}) io_uring_enter(r0, 0x567, 0x0, 0x0, 0x0, 0x0) 5.773950618s ago: executing program 3 (id=4789): r0 = openat$vmci(0xffffff9c, &(0x7f0000001640), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f0000000040)=0x10000) ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f00000000c0)={@hyper}) ioctl$IOCTL_VMCI_CTX_SET_CPT_STATE(r0, 0x7b2, &(0x7f00000010c0)={&(0x7f00000000c0), 0x1, 0x400}) ioctl$IOCTL_VMCI_CTX_GET_CPT_STATE(r0, 0x7b0, &(0x7f0000001100)={0x0}) 5.545260328s ago: executing program 0 (id=4790): r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000300)={'wlan1\x00', 0x0}) getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(0xffffffffffffffff, 0x84, 0x73, &(0x7f00000000c0)={0x0, 0x0, 0x20}, 0x0) sendmsg$NL80211_CMD_JOIN_MESH(r1, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000080)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="010000000000000000004400000010000300", @ANYRES32=r2, @ANYBLOB="08002600851600000a00180000000000000000001c005a8018000180140003"], 0x4c}}, 0x0) 5.442227388s ago: executing program 2 (id=4791): r0 = socket$inet_tcp(0x2, 0x1, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_JOIN_IBSS(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000380)={0x60, r2, 0x101, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_PRIVACY={0x4}, @NL80211_ATTR_KEYS={0x2c, 0x51, 0x0, 0x1, [{0x28, 0x0, 0x0, 0x1, [@NL80211_KEY_DATA_WEP104={0x11, 0x1, "a7fd4531296b6353d1f3e08847"}, @NL80211_KEY_IDX={0x5}, @NL80211_KEY_CIPHER={0x8, 0x3, 0xfac05}]}]}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x994}]]}, 0x60}}, 0x0) 4.239795051s ago: executing program 3 (id=4792): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000780)={0x6c, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC_HINT={0xa, 0xc8, @from_mac}, @chandef_params=[@NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x1a}], @NL80211_ATTR_KEYS={0x8, 0x51, 0x0, 0x1, [{0x4}]}, @NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0xb}, @NL80211_ATTR_IE={0x20, 0x2a, [@ht={0x2d, 0x1a, {0x2, 0x0, 0x2, 0x0, {0x49, 0x9, 0x0, 0x7f, 0x0, 0x1, 0x0, 0x1, 0x1}, 0x1, 0x7, 0x2}}]}]}, 0x6c}}, 0x0) 4.19785639s ago: executing program 2 (id=4793): sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_etf={{0x8}, {0x14, 0x2, @TCA_ETF_PARMS={0x2}}}]}, 0x40}}, 0x0) 4.196982483s ago: executing program 4 (id=4794): r0 = syz_open_dev$usbfs(&(0x7f0000000100), 0x75, 0x1a9a81) ioctl$USBDEVFS_FREE_STREAMS(r0, 0x802c550a, &(0x7f0000000000)=ANY=[@ANYBLOB="02002303100007006000000002000020d3"]) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuacct.stat\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x10012, r1, 0x0) ioctl$USBDEVFS_CONTROL(r0, 0x4004550d, 0x0) 4.187894471s ago: executing program 0 (id=4795): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000000000f7850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10) r1 = socket$nl_generic(0x11, 0x3, 0x10) syz_emit_ethernet(0x2a, &(0x7f0000000000)={@link_local, @random="a538ae464632", @void, {@ipv4={0x800, @igmp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1}, {0x1f, 0x0, 0x0, @rand_addr=0x64010101}}}}}, 0x0) sendmsg(r1, &(0x7f0000000640)={&(0x7f00000000c0)=@caif=@dgm={0x25, 0xd}, 0x80, &(0x7f00000005c0)=[{&(0x7f0000000000)="4ba72c4cfd81685544f46c3f0800", 0x36}], 0x2, 0x0, 0x0, 0x11000000}, 0x0) 3.820774759s ago: executing program 4 (id=4796): close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = socket$inet_mptcp(0x2, 0x1, 0x106) r1 = landlock_create_ruleset(&(0x7f0000000080)={0x8, 0x1}, 0x10, 0x0) landlock_restrict_self(r1, 0x0) bind$inet(r0, 0x0, 0x0) 3.652013954s ago: executing program 4 (id=4797): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x7}, 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x10, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000000000040850000008600000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000018000000b704000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r1}, &(0x7f0000000000), &(0x7f0000000040)=r2}, 0x20) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={r2, 0x27, 0x0, 0x120, 0x0, 0x0, 0x2100, 0xf2ffffff, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) 567.351512ms ago: executing program 0 (id=4798): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_EVENTS(r0, 0x84, 0xb, &(0x7f0000000280)={0x0, 0x4}, 0xe) shutdown(r0, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0x0, @local}]}, &(0x7f0000000240)=0x10) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r0, 0x84, 0x22, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, r1}, &(0x7f0000000340)=0x10) 208.789874ms ago: executing program 0 (id=4799): mknod(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000002480)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x8000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@default_permissions}, {@allow_other}]}}) r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='mounts\x00') read$FUSE(r1, &(0x7f0000003180)={0x2020}, 0x2020) 0s ago: executing program 0 (id=4800): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000580)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x10000000, 0x0, 0x32}, 0x9c) bind$inet6(r0, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendto$inet6(r0, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f00000000c0)={0x0, @in6={{0xa, 0x4e23, 0x0, @loopback}}, 0x0, 0x0, 0x0, 0x0, 0x54}, 0x9c) kernel console output (not intermixed with test programs): sim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 301.684750][ T1291] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 301.715214][ T1291] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 301.805078][ T1291] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 301.837524][ T1291] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 302.177687][ T25] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 302.738098][ T8] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 303.053552][T13042] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3413'. [ 303.219212][ T5315] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 303.302731][ T5227] Bluetooth: hci8: command tx timeout [ 303.856608][ T25] usb 5-1: new high-speed USB device number 30 using dummy_hcd [ 304.066924][ T25] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 304.123765][ T25] usb 5-1: New USB device found, idVendor=056a, idProduct=0016, bcdDevice= 0.00 [ 304.165276][ T25] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 304.184212][ T25] usb 5-1: config 0 descriptor?? [ 304.199592][ T25] usbhid 5-1:0.0: couldn't find an input interrupt endpoint [ 304.257365][ T5315] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 304.393034][T13095] Bluetooth: received HCILL_WAKE_UP_ACK in state 2 [ 304.405988][ T12] Bluetooth: hci9: Frame reassembly failed (-84) [ 304.455015][ T5315] usb 5-1: USB disconnect, device number 30 [ 304.627173][ T8] usb 1-1: new high-speed USB device number 20 using dummy_hcd [ 304.849877][ T8] usb 1-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f [ 304.876761][ T8] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 304.884814][ T8] usb 1-1: Product: syz [ 304.906634][ T8] usb 1-1: Manufacturer: syz [ 304.911281][ T8] usb 1-1: SerialNumber: syz [ 304.928717][ T8] usb 1-1: config 0 descriptor?? [ 304.997481][T13118] sch_tbf: burst 8 is lower than device lo mtu (65550) ! [ 305.221449][ T9] usb 1-1: USB disconnect, device number 20 [ 305.374722][T13130] netlink: 'syz.4.3456': attribute type 4 has an invalid length. [ 305.489817][T13134] netlink: 56 bytes leftover after parsing attributes in process `syz.4.3458'. [ 305.559963][T13136] input: syz0 as /devices/virtual/input/input35 [ 306.148129][T13154] bridge0: port 4(erspan0) entered blocking state [ 306.165345][T13154] bridge0: port 4(erspan0) entered disabled state [ 306.181369][T13154] erspan0: entered allmulticast mode [ 306.198376][T13154] erspan0: entered promiscuous mode [ 306.208493][T13154] bridge0: port 4(erspan0) entered blocking state [ 306.215093][T13154] bridge0: port 4(erspan0) entered forwarding state [ 306.416549][ T5227] Bluetooth: hci9: Opcode 0x1003 failed: -110 [ 306.506194][ T5304] usb 5-1: new high-speed USB device number 31 using dummy_hcd [ 306.542090][T13167] vlan2: entered allmulticast mode [ 306.688260][ T5304] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7 [ 306.709395][ T5304] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 306.739623][ T5304] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 7 [ 306.771465][ T5304] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8A has invalid wMaxPacketSize 0 [ 306.794271][ T5304] usb 5-1: New USB device found, idVendor=0a07, idProduct=00d0, bcdDevice=10.13 [ 306.803733][ T5304] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 306.822297][ T5304] usb 5-1: Product: syz [ 306.832225][ T5304] usb 5-1: Manufacturer: syz [ 306.850381][ T5304] usb 5-1: SerialNumber: syz [ 306.869488][ T5304] usb 5-1: config 0 descriptor?? [ 307.110242][ T5304] adutux 5-1:0.0: ADU208 4242424 now attached to /dev/usb/adutux0 [ 307.199899][T13188] netlink: 'syz.2.3483': attribute type 1 has an invalid length. [ 307.225357][T13188] netlink: 'syz.2.3483': attribute type 4 has an invalid length. [ 307.357946][ T5271] usb 5-1: USB disconnect, device number 31 [ 307.408993][T13195] hsr0: entered promiscuous mode [ 308.043857][T13216] A link change request failed with some changes committed already. Interface bridge_slave_1 may have been left with an inconsistent configuration, please check. [ 308.114507][T13219] syz.1.3495 (13219): /proc/13219/oom_adj is deprecated, please use /proc/13219/oom_score_adj instead. [ 308.789357][T13243] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3508'. [ 308.808471][T13246] program syz.2.3510 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 308.826167][T13243] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3508'. [ 309.066641][ T9] usb 1-1: new high-speed USB device number 21 using dummy_hcd [ 309.278777][ T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 309.300730][ T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 309.347537][ T9] usb 1-1: New USB device found, idVendor=05ac, idProduct=0262, bcdDevice= 0.00 [ 309.366712][ T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 309.383145][ T9] usb 1-1: config 0 descriptor?? [ 309.838358][ T9] apple 0003:05AC:0262.001C: bogus close delimiter [ 309.866832][ T9] apple 0003:05AC:0262.001C: item 0 1 2 10 parsing failed [ 309.882627][ T9] apple 0003:05AC:0262.001C: parse failed [ 309.898933][ T9] apple 0003:05AC:0262.001C: probe with driver apple failed with error -22 [ 310.091396][ T9] usb 1-1: USB disconnect, device number 21 [ 310.795203][ T29] kauditd_printk_skb: 3 callbacks suppressed [ 310.795228][ T29] audit: type=1326 audit(1725403314.253:326): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13312 comm="syz.0.3541" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbb4f77cef9 code=0x7ffc0000 [ 310.887546][ T29] audit: type=1326 audit(1725403314.253:327): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13312 comm="syz.0.3541" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbb4f77cef9 code=0x7ffc0000 [ 310.936529][ T46] usb 2-1: new high-speed USB device number 24 using dummy_hcd [ 310.955079][ T29] audit: type=1326 audit(1725403314.263:328): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13312 comm="syz.0.3541" exe="/root/syz-executor" sig=0 arch=c000003e syscall=273 compat=0 ip=0x7fbb4f77cef9 code=0x7ffc0000 [ 311.034820][ T29] audit: type=1326 audit(1725403314.263:329): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13312 comm="syz.0.3541" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbb4f77cef9 code=0x7ffc0000 [ 311.120144][ T29] audit: type=1326 audit(1725403314.263:330): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13312 comm="syz.0.3541" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbb4f77cef9 code=0x7ffc0000 [ 311.177297][ T46] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 311.215414][ T46] usb 2-1: New USB device found, idVendor=0eef, idProduct=72d0, bcdDevice= 0.00 [ 311.245263][ T46] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 311.277630][ T46] usb 2-1: config 0 descriptor?? [ 311.297690][ T9] usb 1-1: new high-speed USB device number 22 using dummy_hcd [ 311.307898][ T46] usbhid 2-1:0.0: couldn't find an input interrupt endpoint [ 311.459064][T13336] netlink: 45 bytes leftover after parsing attributes in process `syz.2.3552'. [ 311.499447][ T9] usb 1-1: Using ep0 maxpacket: 8 [ 311.506938][ T9] usb 1-1: New USB device found, idVendor=17cc, idProduct=0815, bcdDevice=47.b7 [ 311.517241][ T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 311.547442][ T9] usb 1-1: config 0 descriptor?? [ 311.570862][ T9] usb 1-1: selecting invalid altsetting 1 [ 311.577443][ T5315] usb 2-1: USB disconnect, device number 24 [ 311.594286][ T9] snd-usb-caiaq 1-1:0.0: can't set alt interface. [ 311.620156][ T9] usb 1-1: unable to init card! (ret=-5) [ 311.634802][ T9] snd-usb-caiaq 1-1:0.0: probe with driver snd-usb-caiaq failed with error -5 [ 311.652842][T13346] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3556'. [ 311.670837][T13346] netlink: 32 bytes leftover after parsing attributes in process `syz.2.3556'. [ 311.814539][ T5315] usb 1-1: USB disconnect, device number 22 [ 312.213062][T13360] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3563'. [ 312.223409][T13360] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3563'. [ 312.508854][T13373] netlink: 52 bytes leftover after parsing attributes in process `syz.0.3569'. [ 312.616745][ T46] usb 3-1: new high-speed USB device number 28 using dummy_hcd [ 312.816353][ T46] usb 3-1: Using ep0 maxpacket: 8 [ 312.825942][ T46] usb 3-1: New USB device found, idVendor=0458, idProduct=7003, bcdDevice=7a.1a [ 312.863559][ T46] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 312.877116][ T46] usb 3-1: Product: syz [ 312.881343][ T46] usb 3-1: Manufacturer: syz [ 312.906390][ T46] usb 3-1: SerialNumber: syz [ 312.927424][ T46] usb 3-1: config 0 descriptor?? [ 312.938416][ T46] gspca_main: sn9c2028-2.14.0 probing 0458:7003 [ 313.006909][ T58] usb 5-1: new high-speed USB device number 32 using dummy_hcd [ 313.169662][ T46] gspca_sn9c2028: read1 error -32 [ 313.186554][ T46] gspca_sn9c2028: read1 error -32 [ 313.231788][ T58] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 12592, setting to 1024 [ 313.276030][ T58] usb 5-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 1024 [ 313.319637][ T58] usb 5-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 313.354339][ T58] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 313.365695][ T58] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 313.374785][ T58] usb 5-1: SerialNumber: syz [ 313.384634][T13382] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22 [ 313.398314][ T9] usb 3-1: USB disconnect, device number 28 [ 313.425116][T13408] netlink: 16255 bytes leftover after parsing attributes in process `syz.3.3585'. [ 313.618533][ T46] usb 2-1: new high-speed USB device number 25 using dummy_hcd [ 313.648526][T13382] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22 [ 313.697687][T13416] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3589'. [ 313.816526][ T46] usb 2-1: Using ep0 maxpacket: 16 [ 313.825573][ T46] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7 [ 313.856576][ T46] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0 [ 313.877401][ T46] usb 2-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 313.900677][ T46] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 313.916178][ T46] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 313.924303][ T46] usb 2-1: Product: syz [ 313.936801][ T46] usb 2-1: Manufacturer: syz [ 313.941486][ T46] usb 2-1: SerialNumber: syz [ 314.114716][ T58] cdc_ether 5-1:1.0 wwan0: register 'cdc_ether' at usb-dummy_hcd.4-1, Mobile Broadband Network Device, 42:42:42:42:42:42 [ 314.364439][ T5315] usb 5-1: USB disconnect, device number 32 [ 314.378726][ T5315] cdc_ether 5-1:1.0 wwan0: unregister 'cdc_ether' usb-dummy_hcd.4-1, Mobile Broadband Network Device [ 314.400661][ T46] usb 2-1: 2:1 : UAC_AS_GENERAL descriptor not found [ 314.770242][ T29] audit: type=1326 audit(1725403318.223:331): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13439 comm="syz.0.3600" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbb4f77cef9 code=0x7fc00000 [ 314.827175][ T29] audit: type=1326 audit(1725403318.223:332): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13439 comm="syz.0.3600" exe="/root/syz-executor" sig=0 arch=c000003e syscall=246 compat=0 ip=0x7fbb4f77cef9 code=0x7fc00000 [ 314.899548][ T29] audit: type=1326 audit(1725403318.223:333): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13439 comm="syz.0.3600" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbb4f77cef9 code=0x7fc00000 [ 314.957250][T13451] netlink: 'syz.0.3604': attribute type 10 has an invalid length. [ 314.976928][ T29] audit: type=1326 audit(1725403318.223:334): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13439 comm="syz.0.3600" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbb4f77cef9 code=0x7fc00000 [ 315.028625][ T5304] usb 2-1: USB disconnect, device number 25 [ 315.047092][ T29] audit: type=1326 audit(1725403318.223:335): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13439 comm="syz.0.3600" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbb4f77cef9 code=0x7fc00000 [ 315.907160][ T46] usb 3-1: new high-speed USB device number 29 using dummy_hcd [ 316.031028][ T5315] usb 5-1: new full-speed USB device number 33 using dummy_hcd [ 316.103550][ T46] usb 3-1: Using ep0 maxpacket: 32 [ 316.123566][ T46] usb 3-1: config 0 has an invalid interface number: 1 but max is 0 [ 316.146166][ T46] usb 3-1: config 0 has no interface number 0 [ 316.157451][ T46] usb 3-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 316.187548][ T46] usb 3-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 316.206369][ T46] usb 3-1: New USB device found, idVendor=28bd, idProduct=0094, bcdDevice= 0.00 [ 316.225864][ T46] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 316.251272][ T46] usb 3-1: config 0 descriptor?? [ 316.257968][ T5315] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 316.275806][ T5315] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 316.306314][ T5315] usb 5-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 316.315550][ T5315] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 316.355481][ T5315] usb 5-1: config 0 descriptor?? [ 316.372163][ T5315] hub 5-1:0.0: USB hub found [ 316.585168][ T5315] hub 5-1:0.0: 1 port detected [ 316.918477][ T46] uclogic 0003:28BD:0094.001D: pen parameters not found [ 316.935310][ T46] uclogic 0003:28BD:0094.001D: interface is invalid, ignoring [ 316.949868][ T46] usb 3-1: USB disconnect, device number 29 [ 316.995590][ T5315] usb 5-1: USB disconnect, device number 33 [ 317.197467][ T25] usb 4-1: new high-speed USB device number 32 using dummy_hcd [ 317.387026][ T25] usb 4-1: Using ep0 maxpacket: 8 [ 317.398661][ T25] usb 4-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ee [ 317.416196][ T25] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 317.464931][ T46] usb 2-1: new high-speed USB device number 26 using dummy_hcd [ 317.465893][ T1267] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.485535][ T25] usb 4-1: Product: syz [ 317.507998][ T25] usb 4-1: Manufacturer: syz [ 317.512644][ T25] usb 4-1: SerialNumber: syz [ 317.557462][ T25] usb 4-1: config 0 descriptor?? [ 317.674359][ T46] usb 2-1: Using ep0 maxpacket: 8 [ 317.691249][ T46] usb 2-1: config 246 has too many interfaces: 42, using maximum allowed: 32 [ 317.721482][ T46] usb 2-1: config 246 descriptor has 1 excess byte, ignoring [ 317.746723][ T46] usb 2-1: config 246 has 1 interface, different from the descriptor's value: 42 [ 317.755998][ T46] usb 2-1: config 246 interface 0 altsetting 0 has an endpoint descriptor with address 0x3F, changing to 0xF [ 317.816392][ T25] usb 4-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 317.825119][ T46] usb 2-1: config 246 interface 0 altsetting 0 endpoint 0xF has an invalid bInterval 255, changing to 11 [ 317.856619][ T46] usb 2-1: config 246 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7 [ 317.878599][ T46] usb 2-1: config 246 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 317.919857][ T46] usb 2-1: config 246 has too many interfaces: 42, using maximum allowed: 32 [ 317.939765][ T46] usb 2-1: config 246 descriptor has 1 excess byte, ignoring [ 317.979154][ T46] usb 2-1: config 246 has 1 interface, different from the descriptor's value: 42 [ 318.001866][ T46] usb 2-1: config 246 interface 0 altsetting 0 has an endpoint descriptor with address 0x3F, changing to 0xF [ 318.058915][ T46] usb 2-1: config 246 interface 0 altsetting 0 endpoint 0xF has an invalid bInterval 255, changing to 11 [ 318.084761][ T46] usb 2-1: config 246 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7 [ 318.113630][T13542] input: syz1 as /devices/virtual/input/input36 [ 318.120434][ T46] usb 2-1: config 246 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 318.177615][ T46] usb 2-1: config 246 has too many interfaces: 42, using maximum allowed: 32 [ 318.197699][ T46] usb 2-1: config 246 descriptor has 1 excess byte, ignoring [ 318.205200][ T46] usb 2-1: config 246 has 1 interface, different from the descriptor's value: 42 [ 318.239124][ T25] dvb_usb_rtl28xxu 4-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 318.254265][ T46] usb 2-1: config 246 interface 0 altsetting 0 has an endpoint descriptor with address 0x3F, changing to 0xF [ 318.279063][ T25] usb 4-1: USB disconnect, device number 32 [ 318.293373][ T46] usb 2-1: config 246 interface 0 altsetting 0 endpoint 0xF has an invalid bInterval 255, changing to 11 [ 318.326838][ T46] usb 2-1: config 246 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7 [ 318.350503][ T46] usb 2-1: config 246 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 318.409768][ T46] usb 2-1: string descriptor 0 read error: -22 [ 318.435815][ T46] usb 2-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 318.466528][ T46] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 318.492222][ T46] adutux 2-1:246.0: ADU100 now attached to /dev/usb/adutux0 [ 318.586019][T13556] netlink: 210620 bytes leftover after parsing attributes in process `syz.4.3654'. [ 318.627068][T13556] openvswitch: netlink: ufid size 2296 bytes exceeds the range (1, 16) [ 318.895132][ T8] usb 2-1: USB disconnect, device number 26 [ 319.566416][T13587] netlink: 'syz.4.3667': attribute type 6 has an invalid length. [ 319.592199][T13587] netlink: 168 bytes leftover after parsing attributes in process `syz.4.3667'. [ 319.842176][T13597] hsr0: entered promiscuous mode [ 319.857565][T13597] macvlan3: entered allmulticast mode [ 319.863002][T13597] hsr0: entered allmulticast mode [ 319.896636][T13597] hsr_slave_0: entered allmulticast mode [ 319.917633][T13597] hsr_slave_1: entered allmulticast mode [ 319.939861][T13597] hsr0: left allmulticast mode [ 319.951057][T13597] hsr_slave_0: left allmulticast mode [ 319.968836][T13597] hsr_slave_1: left allmulticast mode [ 320.834104][T13636] bridge0: port 3(vlan0) entered blocking state [ 320.879244][T13636] bridge0: port 3(vlan0) entered disabled state [ 320.916968][T13636] vlan0: entered allmulticast mode [ 320.937740][T13636] vlan0: left allmulticast mode [ 320.996712][T13648] netlink: 64 bytes leftover after parsing attributes in process `syz.0.3695'. [ 321.007574][ T46] kernel write not supported for file /vcs (pid: 46 comm: kworker/1:1) [ 321.201270][T13657] netlink: 'syz.3.3701': attribute type 25 has an invalid length. [ 321.246961][T13657] netlink: 'syz.3.3701': attribute type 8 has an invalid length. [ 321.290905][T13660] netlink: 'syz.4.3702': attribute type 21 has an invalid length. [ 321.322535][T13660] netlink: 'syz.4.3702': attribute type 1 has an invalid length. [ 323.095475][T13729] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3732'. [ 323.880547][T13759] netlink: 236 bytes leftover after parsing attributes in process `syz.3.3746'. [ 323.913951][T13759] netlink: 'syz.3.3746': attribute type 1 has an invalid length. [ 324.343086][T13774] netem: incorrect ge model size [ 324.343232][T13774] netem: change failed [ 324.697436][T13787] bridge0: port 1(bridge_slave_0) entered disabled state [ 325.029778][T13807] netlink: 'syz.0.3771': attribute type 1 has an invalid length. [ 325.038025][T13807] netlink: 9328 bytes leftover after parsing attributes in process `syz.0.3771'. [ 325.076517][T13807] netlink: 'syz.0.3771': attribute type 2 has an invalid length. [ 325.116151][T13807] netlink: 'syz.0.3771': attribute type 1 has an invalid length. [ 325.383156][T13824] netlink: 'syz.4.3777': attribute type 11 has an invalid length. [ 325.521193][T13827] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3779'. [ 325.600475][T13832] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3781'. [ 325.941082][T13847] netlink: 'syz.3.3788': attribute type 19 has an invalid length. [ 326.194313][T13858] netlink: 340 bytes leftover after parsing attributes in process `syz.3.3794'. [ 326.365175][ T29] kauditd_printk_skb: 22 callbacks suppressed [ 326.365195][ T29] audit: type=1326 audit(1725403329.823:358): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13864 comm="syz.1.3796" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f168757cef9 code=0x0 [ 327.570679][ T46] usb 1-1: new high-speed USB device number 23 using dummy_hcd [ 327.756884][ T46] usb 1-1: Using ep0 maxpacket: 8 [ 327.771949][ T46] usb 1-1: config 167 has too many interfaces: 202, using maximum allowed: 32 [ 327.790155][ T46] usb 1-1: config 167 has 1 interface, different from the descriptor's value: 202 [ 327.821148][ T46] usb 1-1: New USB device found, idVendor=1025, idProduct=005f, bcdDevice=fe.29 [ 327.837289][ T46] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 327.855904][ T46] usb 1-1: Product: syz [ 327.865295][ T46] usb 1-1: Manufacturer: syz [ 327.874801][ T46] usb 1-1: SerialNumber: syz [ 327.895299][ T46] dvb-usb: found a 'Unknown USB1.1 DVB-T device ???? please report the name to the author' in warm state. [ 327.928255][ T46] dvb-usb: bulk message failed: -22 (3/0) [ 327.971330][ T46] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 328.001910][ T46] dvbdev: DVB: registering new adapter (Unknown USB1.1 DVB-T device ???? please report the name to the author) [ 328.044439][ T46] usb 1-1: media controller created [ 328.117456][ T46] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 328.202431][ T46] dvb-usb: bulk message failed: -22 (6/0) [ 328.229112][ T46] dvb-usb: no frontend was attached by 'Unknown USB1.1 DVB-T device ???? please report the name to the author' [ 328.274388][ T46] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.0/usb1/1-1/input/input37 [ 328.317908][ T46] dvb-usb: schedule remote query interval to 150 msecs. [ 328.324927][ T46] dvb-usb: bulk message failed: -22 (3/0) [ 328.379639][ T46] dvb-usb: Unknown USB1.1 DVB-T device ???? please report the name to the author successfully initialized and connected. [ 328.447028][ T46] usb 1-1: USB disconnect, device number 23 [ 328.639614][ T46] dvb-usb: Unknown USB1.1 DVB-T device ???? please successfully deinitialized and disconnected. [ 329.558159][T13982] netlink: 'syz.2.3845': attribute type 10 has an invalid length. [ 329.598387][T13982] syz_tun: entered promiscuous mode [ 329.647616][T13982] bond0: (slave syz_tun): Enslaving as an active interface with an up link [ 329.866264][ T46] usb 5-1: new high-speed USB device number 34 using dummy_hcd [ 330.068149][ T46] usb 5-1: Using ep0 maxpacket: 16 [ 330.079815][ T46] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 330.111279][ T46] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 330.141822][ T46] usb 5-1: New USB device found, idVendor=05ac, idProduct=0247, bcdDevice= 0.00 [ 330.175484][ T46] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 330.205235][ T46] usb 5-1: config 0 descriptor?? [ 330.643458][T14012] trusted_key: encrypted_key: keyword 'upw' not recognized [ 330.663528][ T46] apple 0003:05AC:0247.001E: unknown main item tag 0x0 [ 330.672201][ T46] apple 0003:05AC:0247.001E: unknown main item tag 0x0 [ 330.686235][ T46] apple 0003:05AC:0247.001E: item fetching failed at offset 2/160 [ 330.716745][ T46] apple 0003:05AC:0247.001E: parse failed [ 330.752769][ T46] apple 0003:05AC:0247.001E: probe with driver apple failed with error -22 [ 330.805788][T14018] netlink: 84 bytes leftover after parsing attributes in process `syz.3.3861'. [ 330.934522][ T46] usb 5-1: USB disconnect, device number 34 [ 331.099445][T14029] sch_tbf: burst 0 is lower than device lo mtu (65550) ! [ 331.625599][T14054] bridge0: port 2(bridge_slave_1) entered disabled state [ 331.691573][T14058] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3881'. [ 331.788942][T14060] netlink: 'syz.3.3883': attribute type 5 has an invalid length. [ 331.848674][T14063] ax25_connect(): syz.1.3882 uses autobind, please contact jreuter@yaina.de [ 332.002387][T14072] trusted_key: syz.3.3888 sent an empty control message without MSG_MORE. [ 332.067384][ T9] usb 5-1: new full-speed USB device number 35 using dummy_hcd [ 332.278906][ T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 332.301253][ T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 2048, setting to 64 [ 332.338211][ T9] usb 5-1: New USB device found, idVendor=01ac, idProduct=0000, bcdDevice= 1.00 [ 332.348663][ T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 332.386989][ T9] usb 5-1: config 0 descriptor?? [ 332.474758][T14092] program syz.0.3898 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 332.628631][T14065] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 332.687663][T14065] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 332.743250][ T9] usbhid 5-1:0.0: can't add hid device: -71 [ 332.751980][ T9] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 332.767950][ T9] usb 5-1: USB disconnect, device number 35 [ 333.389890][ T9] usb 5-1: new high-speed USB device number 36 using dummy_hcd [ 333.487659][ T58] usb 4-1: new high-speed USB device number 33 using dummy_hcd [ 333.599818][ T9] usb 5-1: Using ep0 maxpacket: 16 [ 333.624221][ T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 333.647217][ T9] usb 5-1: New USB device found, idVendor=045e, idProduct=0284, bcdDevice= 1.00 [ 333.677272][ T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 333.701726][ T58] usb 4-1: config 0 has an invalid interface number: 117 but max is 0 [ 333.721177][ T58] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 333.739049][ T9] usb 5-1: config 0 descriptor?? [ 333.773838][ T58] usb 4-1: config 0 has no interface number 0 [ 333.799230][ T58] usb 4-1: config 0 interface 117 altsetting 0 endpoint 0x88 has invalid wMaxPacketSize 0 [ 333.830009][ T58] usb 4-1: config 0 interface 117 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 333.857291][ T9] rc_core: IR keymap rc-xbox-dvd not found [ 333.866164][ T9] Registered IR keymap rc-empty [ 333.897682][ T58] usb 4-1: New USB device found, idVendor=0afa, idProduct=03e8, bcdDevice=99.d0 [ 333.918237][ T9] rc rc0: Xbox DVD USB Remote Control(045e,0284) as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0 [ 333.931179][ T58] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 333.946139][ T58] usb 4-1: Product: syz [ 333.951006][ T58] usb 4-1: Manufacturer: syz [ 333.963283][ T9] input: Xbox DVD USB Remote Control(045e,0284) as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0/input38 [ 333.981900][ T58] usb 4-1: SerialNumber: syz [ 333.990425][ T58] usb 4-1: config 0 descriptor?? [ 333.995635][ T9] xbox_remote 5-1:0.0: xbox_remote_rc_open: usb_submit_urb failed! [ 334.017816][ T9] input: failed to attach handler kbd to device input38, error: -5 [ 334.122297][ T4661] xbox_remote 5-1:0.0: xbox_remote_rc_open: usb_submit_urb failed! [ 334.136501][ T9] usb 5-1: USB disconnect, device number 36 [ 334.585493][ T29] audit: type=1326 audit(1725403338.043:359): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14130 comm="syz.2.3916" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f6a4157cef9 code=0x0 [ 334.651247][ T25] usb 4-1: USB disconnect, device number 33 [ 334.708666][T14133] sp0: Synchronizing with TNC [ 334.779468][T14140] netlink: 60 bytes leftover after parsing attributes in process `syz.0.3919'. [ 335.062611][ T29] audit: type=1326 audit(1725403338.523:360): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14147 comm="syz.4.3924" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f1e9ed7cef9 code=0x0 [ 335.243772][T14157] netdevsim netdevsim0 netdevsim0: entered promiscuous mode [ 335.268809][T14157] netdevsim netdevsim0 netdevsim0: left promiscuous mode [ 335.319470][T14159] netlink: 'syz.3.3928': attribute type 1 has an invalid length. [ 335.362529][T14159] netlink: 9372 bytes leftover after parsing attributes in process `syz.3.3928'. [ 335.394751][T14159] netlink: 'syz.3.3928': attribute type 1 has an invalid length. [ 335.784085][T14175] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3935'. [ 335.920859][T14179] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3938'. [ 336.870182][T14220] netlink: 'syz.3.3954': attribute type 4 has an invalid length. [ 336.969986][T14223] netlink: 'syz.0.3956': attribute type 2 has an invalid length. [ 337.000675][T14223] netlink: 16142 bytes leftover after parsing attributes in process `syz.0.3956'. [ 338.177295][ T9] usb 2-1: new high-speed USB device number 27 using dummy_hcd [ 338.382393][ T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 338.414224][ T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 338.459361][ T9] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 338.505949][ T9] usb 2-1: New USB device found, idVendor=11c2, idProduct=2208, bcdDevice= 0.00 [ 338.540550][ T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 338.580557][ T9] usb 2-1: config 0 descriptor?? [ 338.916307][ T46] usb 5-1: new high-speed USB device number 37 using dummy_hcd [ 339.054977][ T9] betop 0003:11C2:2208.001F: bogus close delimiter [ 339.082620][ T9] betop 0003:11C2:2208.001F: item 0 0 2 10 parsing failed [ 339.107690][ T9] betop 0003:11C2:2208.001F: parse failed [ 339.110206][ T46] usb 5-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08 [ 339.129900][ T9] betop 0003:11C2:2208.001F: probe with driver betop failed with error -22 [ 339.150338][ T46] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 339.191893][ T46] usb 5-1: config 0 descriptor?? [ 339.309434][T14295] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.3991'. [ 339.347330][T14295] openvswitch: netlink: Multiple metadata blocks provided [ 339.403509][ T5271] usb 2-1: USB disconnect, device number 27 [ 339.631240][ T46] [drm:udl_init] *ERROR* Selecting channel failed [ 339.664994][ T46] [drm] Initialized udl 0.0.1 for 5-1:0.0 on minor 2 [ 339.686178][ T46] [drm] Initialized udl on minor 2 [ 339.712665][ T46] udl 5-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 339.733134][ T46] udl 5-1:0.0: [drm] Cannot find any crtc or sizes [ 339.746477][ T5315] udl 5-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 339.784858][ T5315] udl 5-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 339.793346][ T46] usb 5-1: USB disconnect, device number 37 [ 339.813450][ T5315] udl 5-1:0.0: [drm] Cannot find any crtc or sizes [ 341.640655][T14365] netlink: 'syz.3.4025': attribute type 1 has an invalid length. [ 342.783332][T14400] nvme_fabrics: missing parameter 'transport=%s' [ 342.806275][T14400] nvme_fabrics: missing parameter 'nqn=%s' [ 343.386498][ T46] usb 4-1: new high-speed USB device number 34 using dummy_hcd [ 343.576809][ T46] usb 4-1: Using ep0 maxpacket: 32 [ 343.591460][ T46] usb 4-1: New USB device found, idVendor=05a9, idProduct=1550, bcdDevice=e4.bb [ 343.616502][ T46] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 343.653956][ T46] usb 4-1: Product: syz [ 343.673827][ T46] usb 4-1: Manufacturer: syz [ 343.683963][ T46] usb 4-1: SerialNumber: syz [ 343.708752][ T46] usb 4-1: config 0 descriptor?? [ 343.728911][ T46] gspca_main: ov534_9-2.14.0 probing 05a9:1550 [ 344.321034][ T25] usb 3-1: new high-speed USB device number 30 using dummy_hcd [ 344.390065][T14459] program syz.1.4065 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 344.516272][ T25] usb 3-1: Using ep0 maxpacket: 32 [ 344.550182][ T25] usb 3-1: config 0 has an invalid interface number: 126 but max is 0 [ 344.565996][ T46] gspca_ov534_9: reg_w failed -71 [ 344.576958][ T25] usb 3-1: config 0 has no interface number 0 [ 344.583320][ T25] usb 3-1: config 0 interface 126 has no altsetting 0 [ 344.603232][ T25] usb 3-1: New USB device found, idVendor=09c4, idProduct=0011, bcdDevice=b0.1c [ 344.613158][ T25] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 344.632115][ T25] usb 3-1: Product: syz [ 344.640898][ T25] usb 3-1: Manufacturer: syz [ 344.652565][ T25] usb 3-1: SerialNumber: syz [ 344.664218][ T25] usb 3-1: config 0 descriptor?? [ 344.927642][ T5304] usb 1-1: new high-speed USB device number 24 using dummy_hcd [ 344.987774][ T46] gspca_ov534_9: Unknown sensor 0000 [ 344.987902][ T46] ov534_9 4-1:0.0: probe with driver ov534_9 failed with error -22 [ 345.009426][ T46] usb 4-1: USB disconnect, device number 34 [ 345.102518][ T25] ir_usb 3-1:0.126: required endpoints missing [ 345.126942][ T5304] usb 1-1: Using ep0 maxpacket: 8 [ 345.144076][ T5304] usb 1-1: config index 0 descriptor too short (expected 301, got 45) [ 345.163560][ T25] usb 3-1: USB disconnect, device number 30 [ 345.176462][ T5304] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 345.222020][ T5304] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 345.252501][ T5304] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 345.273553][ T5304] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 345.306001][ T5304] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 345.340036][ T5304] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 345.517527][ T58] usb 2-1: new high-speed USB device number 28 using dummy_hcd [ 345.742034][ T58] usb 2-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f [ 345.767390][ T58] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 345.805697][ T58] usb 2-1: Product: syz [ 345.816953][ T58] usb 2-1: Manufacturer: syz [ 345.821609][ T58] usb 2-1: SerialNumber: syz [ 345.829853][ T25] usb 1-1: USB disconnect, device number 24 [ 345.869268][ T58] usb 2-1: config 0 descriptor?? [ 346.066932][ T5304] usb 3-1: new high-speed USB device number 31 using dummy_hcd [ 346.179674][ T25] usb 2-1: USB disconnect, device number 28 [ 346.268214][ T5304] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 346.281678][ T5304] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 346.296360][ T5304] usb 3-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 346.313243][ T5304] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 346.326236][ T5304] usb 3-1: SerialNumber: syz [ 346.555104][ T5304] usb 3-1: 0:2 : does not exist [ 346.613521][ T5304] usb 3-1: USB disconnect, device number 31 [ 346.950311][ T9] kernel write not supported for file /sg0 (pid: 9 comm: kworker/0:1) [ 347.249885][ T9] usb 2-1: new high-speed USB device number 29 using dummy_hcd [ 347.310800][ T62] bond0: (slave bond_slave_0): interface is now down [ 347.334495][T14535] cannot load conntrack support for proto=3 [ 347.342134][ T62] bond0: (slave bond_slave_1): interface is now down [ 347.402108][ T62] bond0: now running without any active interface! [ 347.483055][T14539] netlink: 28 bytes leftover after parsing attributes in process `syz.4.4105'. [ 347.489284][ T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 347.567670][ T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 347.633092][ T9] usb 2-1: New USB device found, idVendor=056a, idProduct=0065, bcdDevice= 0.00 [ 347.667262][ T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 347.709647][ T9] usb 2-1: config 0 descriptor?? [ 347.965279][T14553] netlink: 144316 bytes leftover after parsing attributes in process `syz.4.4110'. [ 348.160363][T14527] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 348.227133][T14527] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 348.273121][ T9] wacom 0003:056A:0065.0020: unknown main item tag 0x7 [ 348.295283][ T9] wacom 0003:056A:0065.0020: unknown main item tag 0x4 [ 348.316809][ T25] usb 4-1: new high-speed USB device number 35 using dummy_hcd [ 348.328399][ T9] wacom 0003:056A:0065.0020: Unknown device_type for 'HID 056a:0065'. Assuming pen. [ 348.370549][ T9] wacom 0003:056A:0065.0020: hidraw0: USB HID v0.00 Device [HID 056a:0065] on usb-dummy_hcd.1-1/input0 [ 348.408902][ T9] input: Wacom Bamboo Pen as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:056A:0065.0020/input/input41 [ 348.527566][ T9] usb 2-1: USB disconnect, device number 29 [ 348.527940][ T25] usb 4-1: Using ep0 maxpacket: 8 [ 348.572465][ T25] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 348.607067][ T25] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBE, changing to 0x8E [ 348.647712][ T25] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8E has an invalid bInterval 0, changing to 7 [ 348.675209][ T25] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0 [ 348.706954][ T25] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 348.764104][ T25] usb 4-1: New USB device found, idVendor=10c5, idProduct=819a, bcdDevice=e4.46 [ 348.787169][ T25] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=35 [ 348.825069][ T25] usb 4-1: Product: syz [ 348.834913][ T25] usb 4-1: Manufacturer: syz [ 348.859684][ T25] usb 4-1: SerialNumber: syz [ 348.874566][ T25] usb 4-1: config 0 descriptor?? [ 348.923744][T14580] Sensor A: ================= START STATUS ================= [ 348.947594][T14580] Sensor A: Test Pattern: 75% Colorbar [ 348.953774][T14580] Sensor A: Show Information: All [ 348.974802][T14580] Sensor A: Vertical Flip: false [ 349.017123][T14580] Sensor A: Horizontal Flip: false [ 349.026390][T14580] Sensor A: Brightness: 128 [ 349.039876][T14580] Sensor A: Contrast: 128 [ 349.049990][T14580] Sensor A: Hue: 0 [ 349.057749][T14580] Sensor A: Saturation: 128 [ 349.067481][T14580] Sensor A: ================== END STATUS ================== [ 349.131603][ T25] radio-si470x 4-1:0.0: si470x_get_report: usb_control_msg returned -32 [ 349.146956][ T25] radio-si470x 4-1:0.0: probe with driver radio-si470x failed with error -5 [ 349.194348][ T25] usb 4-1: USB disconnect, device number 35 [ 349.770545][T14608] netlink: 830 bytes leftover after parsing attributes in process `syz.0.4137'. [ 349.817768][T14607] netlink: 43 bytes leftover after parsing attributes in process `syz.4.4136'. [ 350.247620][T14632] 9pnet_fd: Insufficient options for proto=fd [ 350.578812][T14649] netlink: 'syz.3.4155': attribute type 21 has an invalid length. [ 350.594516][T14649] netlink: 14548 bytes leftover after parsing attributes in process `syz.3.4155'. [ 351.737562][ T46] usb 1-1: new high-speed USB device number 25 using dummy_hcd [ 351.799640][T14698] ALSA: mixer_oss: invalid OSS volume '' [ 351.875755][T14702] bridge_slave_0: default FDB implementation only supports local addresses [ 351.957154][ T46] usb 1-1: Using ep0 maxpacket: 8 [ 351.978854][ T46] usb 1-1: config 0 has an invalid interface number: 52 but max is 0 [ 352.000099][ T46] usb 1-1: config 0 has an invalid descriptor of length 72, skipping remainder of the config [ 352.029840][ T46] usb 1-1: config 0 has no interface number 0 [ 352.056335][ T46] usb 1-1: config 0 interface 52 altsetting 1 has an endpoint descriptor with address 0xA2, changing to 0x82 [ 352.078925][ T46] usb 1-1: config 0 interface 52 altsetting 1 endpoint 0x82 has an invalid bInterval 231, changing to 11 [ 352.127092][ T46] usb 1-1: config 0 interface 52 altsetting 1 endpoint 0x82 has invalid maxpacket 25303, setting to 1024 [ 352.158572][ T46] usb 1-1: config 0 interface 52 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 352.220128][ T46] usb 1-1: config 0 interface 52 has no altsetting 0 [ 352.241400][ T46] usb 1-1: New USB device found, idVendor=06cb, idProduct=0007, bcdDevice= 0.00 [ 352.268508][ T46] usb 1-1: New USB device strings: Mfr=0, Product=149, SerialNumber=35 [ 352.306981][ T46] usb 1-1: Product: syz [ 352.311212][ T46] usb 1-1: SerialNumber: syz [ 352.377164][ T46] usb 1-1: config 0 descriptor?? [ 352.645072][ T46] input: syz (Stick) as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.52/input/input44 [ 353.151374][ T46] usb 1-1: USB disconnect, device number 25 [ 354.073152][T14761] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 354.183746][T14763] option changes via remount are deprecated (pid=14762 comm=syz.1.4205) [ 354.226879][T14765] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4206'. [ 354.682856][T14779] netlink: 'syz.3.4213': attribute type 1 has an invalid length. [ 354.705459][T14779] netlink: 9320 bytes leftover after parsing attributes in process `syz.3.4213'. [ 354.727267][T14779] netlink: 'syz.3.4213': attribute type 1 has an invalid length. [ 354.765765][T14779] netlink: 'syz.3.4213': attribute type 2 has an invalid length. [ 355.016889][ T46] usb 2-1: new high-speed USB device number 30 using dummy_hcd [ 355.215783][ T46] usb 2-1: New USB device found, idVendor=0af0, idProduct=7a05, bcdDevice= 0.00 [ 355.241134][ T46] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 355.268211][ T46] usb 2-1: Product: syz [ 355.294074][ T46] usb 2-1: Manufacturer: syz [ 355.298882][ T46] usb 2-1: SerialNumber: syz [ 355.310773][ T46] usb 2-1: config 0 descriptor?? [ 355.544354][ T46] hso 2-1:0.0: Failed to find BULK IN ep [ 355.553800][ T46] usb-storage 2-1:0.0: USB Mass Storage device detected [ 355.750728][T14782] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 355.806762][T14782] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 355.841729][ T25] usb 2-1: USB disconnect, device number 30 [ 356.016372][ T29] audit: type=1326 audit(1725403359.473:361): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14809 comm="syz.0.4225" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbb4f77cef9 code=0x7ffc0000 [ 356.086021][ T29] audit: type=1326 audit(1725403359.473:362): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14809 comm="syz.0.4225" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbb4f77cef9 code=0x7ffc0000 [ 356.146419][ T29] audit: type=1326 audit(1725403359.513:363): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14809 comm="syz.0.4225" exe="/root/syz-executor" sig=0 arch=c000003e syscall=235 compat=0 ip=0x7fbb4f77cef9 code=0x7ffc0000 [ 356.194704][ T29] audit: type=1326 audit(1725403359.513:364): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14809 comm="syz.0.4225" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbb4f77cef9 code=0x7ffc0000 [ 356.271973][ T29] audit: type=1326 audit(1725403359.513:365): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14809 comm="syz.0.4225" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbb4f77cef9 code=0x7ffc0000 [ 357.827432][T14859] program syz.3.4246 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 357.964672][T14865] vlan4: entered promiscuous mode [ 359.589634][T14917] netlink: 32 bytes leftover after parsing attributes in process `syz.4.4272'. [ 359.700229][ T9] usb 1-1: new high-speed USB device number 26 using dummy_hcd [ 359.917320][ T9] usb 1-1: Using ep0 maxpacket: 8 [ 359.932032][ T9] usb 1-1: New USB device found, idVendor=046d, idProduct=08dd, bcdDevice=ff.f4 [ 359.952687][ T9] usb 1-1: New USB device strings: Mfr=8, Product=2, SerialNumber=3 [ 359.982620][ T9] usb 1-1: Product: syz [ 359.993115][ T9] usb 1-1: Manufacturer: syz [ 360.007799][ T9] usb 1-1: SerialNumber: syz [ 360.029527][ T9] usb 1-1: config 0 descriptor?? [ 360.049593][ T9] gspca_main: gspca_zc3xx-2.14.0 probing 046d:08dd [ 360.650195][ T9] input: gspca_zc3xx as /devices/platform/dummy_hcd.0/usb1/1-1/input/input45 [ 360.862604][ T46] usb 1-1: USB disconnect, device number 26 [ 361.131184][T14954] tun0: tun_chr_ioctl cmd 1074025677 [ 361.147491][T14954] tun0: linktype set to 776 [ 361.551734][ T58] usb 2-1: new high-speed USB device number 31 using dummy_hcd [ 361.757207][ T58] usb 2-1: Using ep0 maxpacket: 32 [ 361.767639][ T58] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x85 has invalid wMaxPacketSize 0 [ 361.804536][ T58] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 0 [ 361.814417][ T29] audit: type=1326 audit(1725403365.273:366): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14969 comm="syz.0.4297" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbb4f77cef9 code=0x7ffc0000 [ 361.814476][ T29] audit: type=1326 audit(1725403365.273:367): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14969 comm="syz.0.4297" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbb4f77cef9 code=0x7ffc0000 [ 361.815731][ T29] audit: type=1326 audit(1725403365.273:368): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14969 comm="syz.0.4297" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fbb4f77cef9 code=0x7ffc0000 [ 362.005626][ T29] audit: type=1326 audit(1725403365.353:369): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14969 comm="syz.0.4297" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbb4f77cef9 code=0x7ffc0000 [ 362.116797][ T29] audit: type=1326 audit(1725403365.353:370): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14969 comm="syz.0.4297" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fbb4f77cef9 code=0x7ffc0000 [ 362.186386][ T29] audit: type=1326 audit(1725403365.353:371): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14969 comm="syz.0.4297" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbb4f77cef9 code=0x7ffc0000 [ 362.277643][ T29] audit: type=1326 audit(1725403365.363:372): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14969 comm="syz.0.4297" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fbb4f773ea7 code=0x7ffc0000 [ 362.346362][ T29] audit: type=1326 audit(1725403365.363:373): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14969 comm="syz.0.4297" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fbb4f718859 code=0x7ffc0000 [ 362.418114][ T29] audit: type=1326 audit(1725403365.363:374): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14969 comm="syz.0.4297" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fbb4f773ea7 code=0x7ffc0000 [ 362.436473][ T58] usb 2-1: string descriptor 0 read error: -71 [ 362.460412][ T58] usb 2-1: New USB device found, idVendor=0499, idProduct=1010, bcdDevice= 5.f5 [ 362.478324][ T29] audit: type=1326 audit(1725403365.363:375): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14969 comm="syz.0.4297" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fbb4f718859 code=0x7ffc0000 [ 362.480436][ T58] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 362.569306][ T58] usb 2-1: config 0 descriptor?? [ 362.593863][ T58] usb 2-1: can't set config #0, error -71 [ 362.620824][ T58] usb 2-1: USB disconnect, device number 31 [ 362.952907][T14998] netlink: 'syz.3.4310': attribute type 5 has an invalid length. [ 363.156660][ T8] usb 1-1: new high-speed USB device number 27 using dummy_hcd [ 363.377349][ T8] usb 1-1: Using ep0 maxpacket: 8 [ 363.384534][ T8] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 238, changing to 11 [ 363.400282][ T8] usb 1-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 16 [ 363.431510][ T8] usb 1-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 18 [ 363.460640][ T8] usb 1-1: New USB device found, idVendor=0001, idProduct=8000, bcdDevice= 0.00 [ 363.470885][ T8] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 363.487461][ T8] usb 1-1: SerialNumber: syz [ 363.495817][T14996] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 363.505866][ T8] hub 1-1:1.0: bad descriptor, ignoring hub [ 363.513066][ T8] hub 1-1:1.0: probe with driver hub failed with error -5 [ 363.729034][T14996] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 364.156690][T15020] netlink: 'syz.3.4321': attribute type 1 has an invalid length. [ 364.185013][T15020] netlink: 'syz.3.4321': attribute type 2 has an invalid length. [ 364.206799][T15020] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4321'. [ 364.302016][ T8] cdc_ether 1-1:1.0 usb0: register 'cdc_ether' at usb-dummy_hcd.0-1, CDC Ethernet Device, 42:42:42:42:42:42 [ 364.409004][ T8] usb 1-1: USB disconnect, device number 27 [ 364.419095][ T8] cdc_ether 1-1:1.0 usb0: unregister 'cdc_ether' usb-dummy_hcd.0-1, CDC Ethernet Device [ 364.557104][ T4614] Bluetooth: hci8: unexpected cc 0x0c03 length: 249 > 1 [ 364.569340][ T4614] Bluetooth: hci8: unexpected cc 0x1003 length: 249 > 9 [ 364.579840][T12819] bond0: (slave syz_tun): Releasing backup interface [ 364.589593][ T4614] Bluetooth: hci8: unexpected cc 0x1001 length: 249 > 9 [ 364.620210][ T4614] Bluetooth: hci8: unexpected cc 0x0c23 length: 249 > 4 [ 364.638567][ T4614] Bluetooth: hci8: unexpected cc 0x0c25 length: 249 > 3 [ 364.649775][ T4614] Bluetooth: hci8: unexpected cc 0x0c38 length: 249 > 2 [ 364.951964][T15038] sock: sock_timestamping_bind_phc: sock not bind to device [ 365.319489][T15025] chnl_net:caif_netlink_parms(): no params data found [ 365.688236][T15025] bridge0: port 1(bridge_slave_0) entered blocking state [ 365.695449][T15025] bridge0: port 1(bridge_slave_0) entered disabled state [ 365.724293][T15025] bridge_slave_0: entered allmulticast mode [ 365.757743][T15025] bridge_slave_0: entered promiscuous mode [ 365.773942][T15025] bridge0: port 2(bridge_slave_1) entered blocking state [ 365.794638][T15025] bridge0: port 2(bridge_slave_1) entered disabled state [ 365.816770][T15025] bridge_slave_1: entered allmulticast mode [ 365.836523][T15025] bridge_slave_1: entered promiscuous mode [ 365.935883][T15025] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 365.996240][T15025] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 366.037032][T15076] ebtables: ebtables: counters copy to user failed while replacing table [ 366.257461][T15025] team0: Port device team_slave_0 added [ 366.277848][T15025] team0: Port device team_slave_1 added [ 366.448388][T15025] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 366.455386][T15025] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 366.481377][ C1] vkms_vblank_simulate: vblank timer overrun [ 366.511249][T15025] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 366.532465][T15025] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 366.547769][T15025] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 366.574953][T15099] program syz.0.4352 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 366.624012][T15025] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 366.746931][ T4614] Bluetooth: hci8: command tx timeout [ 366.807375][T15025] hsr_slave_0: entered promiscuous mode [ 366.856127][T15025] hsr_slave_1: entered promiscuous mode [ 366.862713][T15025] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 366.871051][T15025] Cannot create hsr debugfs directory [ 367.504179][T15025] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 367.548458][ T8] usb 1-1: new high-speed USB device number 28 using dummy_hcd [ 367.725220][T15025] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 367.737839][ T58] usb 5-1: new high-speed USB device number 38 using dummy_hcd [ 367.788782][ T8] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 367.801063][ T8] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 367.844636][ T8] usb 1-1: New USB device found, idVendor=046d, idProduct=c71b, bcdDevice= 0.00 [ 367.895340][ T8] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 367.897710][T15025] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 367.916018][ T8] usb 1-1: config 0 descriptor?? [ 367.948751][ T58] usb 5-1: Using ep0 maxpacket: 8 [ 367.955561][ T58] usb 5-1: config 0 has an invalid interface number: 207 but max is 0 [ 367.969208][ T58] usb 5-1: config 0 has no interface number 0 [ 367.990507][ T58] usb 5-1: New USB device found, idVendor=07d1, idProduct=3303, bcdDevice=f6.9d [ 368.001162][ T58] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 368.016121][ T58] usb 5-1: Product: syz [ 368.028909][ T58] usb 5-1: Manufacturer: syz [ 368.044007][ T58] usb 5-1: SerialNumber: syz [ 368.071189][ T58] usb 5-1: config 0 descriptor?? [ 368.090645][ T58] r8712u: register rtl8712_netdev_ops to netdev_ops [ 368.104000][T15025] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 368.115965][ T58] usb 5-1: r8712u: USB_SPEED_HIGH with 0 endpoints [ 368.442594][T15025] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 368.466878][T15025] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 368.501923][ T58] usb 5-1: r8712u: Boot from EFUSE: Autoload Failed [ 368.509699][T15025] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 368.527724][ T58] usb 5-1: r8712u: MAC Address from efuse = 00:e0:4c:87:00:00 [ 368.535270][ T58] usb 5-1: r8712u: Loading firmware from "rtlwifi/rtl8712u.bin" [ 368.573427][ T5342] usb 1-1: USB disconnect, device number 28 [ 368.575291][ T58] usb 5-1: USB disconnect, device number 38 [ 368.580895][T15025] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 368.819056][ T5227] Bluetooth: hci8: command tx timeout [ 368.963117][T15025] 8021q: adding VLAN 0 to HW filter on device bond0 [ 369.029275][T15025] 8021q: adding VLAN 0 to HW filter on device team0 [ 369.060932][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 369.068193][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 369.105141][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 369.112406][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 369.635446][T15025] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 369.755778][T15025] veth0_vlan: entered promiscuous mode [ 369.801795][T15025] veth1_vlan: entered promiscuous mode [ 369.917503][T15025] veth0_macvtap: entered promiscuous mode [ 369.941391][T15025] veth1_macvtap: entered promiscuous mode [ 369.989644][T15184] Bluetooth: hci3: unsupported parameter 64512 [ 370.007440][T15025] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 370.019965][T15184] Bluetooth: hci3: invalid length 0, exp 2 for type 14 [ 370.038175][T15025] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 370.050551][T15025] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 370.083417][T15025] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 370.104982][T15025] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 370.144200][T15025] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 370.184778][T15025] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 370.215823][T15025] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 370.235981][T15025] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 370.264450][T15025] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 370.290190][T15025] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 370.304253][T15025] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 370.315267][T15025] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on:  [ 370.335548][T15025] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 370.366362][T15025] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 370.396183][T15025] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 370.426259][T15025] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 370.447830][T15025] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 370.470211][T15025] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 370.494687][T15025] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 370.526980][T15025] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 370.584673][T15025] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 370.637898][T15025] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 370.657151][T15025] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 370.679784][T15025] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 370.704135][T15025] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 370.718507][T15025] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 370.729923][T15025] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 370.742484][T15025] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 370.768734][T15025] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 370.797097][T15025] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 370.817584][T15025] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 370.847429][T15025] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 370.867024][T15025] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 370.889118][T15025] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 370.902918][ T5227] Bluetooth: hci8: command tx timeout [ 370.926765][T15025] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 370.946940][T15025] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 370.963254][T15025] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 370.975362][T15025] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 370.987186][T15025] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 370.999081][T15025] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 371.014592][T15025] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 371.025771][T15204] netlink: 'syz.0.4393': attribute type 13 has an invalid length. [ 371.035201][T15204] netlink: 24859 bytes leftover after parsing attributes in process `syz.0.4393'. [ 371.073837][T15025] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 371.120903][T15025] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 371.149563][T15025] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 371.167187][T15025] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 371.697680][ T62] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 371.930627][ T62] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 372.224471][ T62] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 372.503752][ T62] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 372.563150][ T1291] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 372.584960][ T1291] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 372.655915][ T4614] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 372.671587][ T4614] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 372.714407][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 372.723352][ T4614] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 372.766790][ T4614] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 372.778978][ T4614] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 372.787232][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 372.787458][ T4614] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 372.977452][ T5227] Bluetooth: hci8: command tx timeout [ 373.344741][ T62] bridge_slave_1: left allmulticast mode [ 373.356720][ T62] bridge_slave_1: left promiscuous mode [ 373.362564][ T62] bridge0: port 2(bridge_slave_1) entered disabled state [ 373.405558][ T62] bridge_slave_0: left promiscuous mode [ 373.439161][ T62] bridge0: port 1(bridge_slave_0) entered disabled state [ 373.867434][ T58] usb 1-1: new high-speed USB device number 29 using dummy_hcd [ 374.093451][ T58] usb 1-1: Using ep0 maxpacket: 16 [ 374.115592][ T58] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 374.134999][ T58] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 374.185793][ T58] usb 1-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 374.208783][ T58] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 374.239194][ T58] usb 1-1: config 0 descriptor?? [ 374.672750][ T58] usbhid 1-1:0.0: can't add hid device: -71 [ 374.699030][ T58] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 374.727382][ T58] usb 1-1: USB disconnect, device number 29 [ 374.919701][ T5227] Bluetooth: hci6: command tx timeout [ 374.978852][ T62] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 375.003992][ T62] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 375.042519][ T62] bond0 (unregistering): Released all slaves [ 375.473883][T15230] chnl_net:caif_netlink_parms(): no params data found [ 375.709400][T15290] input: syz1 as /devices/virtual/input/input47 [ 375.979459][ T62] hsr_slave_0: left promiscuous mode [ 376.012405][ T62] hsr_slave_1: left promiscuous mode [ 376.049064][ T62] batman_adv: batadv0: Interface deactivated:  [ 376.076327][ T62] batman_adv: batadv0: Removing interface:  [ 376.091499][ T62] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 376.119237][ T62] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 376.201723][ T62] veth1_macvtap: left promiscuous mode [ 376.216798][ T62] veth0_macvtap: left promiscuous mode [ 376.249198][ T62] veth1_vlan: left promiscuous mode [ 376.254577][ T62] veth0_vlan: left promiscuous mode [ 376.980508][ T5227] Bluetooth: hci6: command tx timeout [ 378.867669][ T62] team0 (unregistering): Port device team_slave_1 removed [ 378.899481][ T1267] ieee802154 phy0 wpan0: encryption failed: -22 [ 379.057579][ T5227] Bluetooth: hci6: command tx timeout [ 379.148804][ T62] team0 (unregistering): Port device team_slave_0 removed [ 380.809370][T15230] bridge0: port 1(bridge_slave_0) entered blocking state [ 380.834925][T15230] bridge0: port 1(bridge_slave_0) entered disabled state [ 380.867284][T15230] bridge_slave_0: entered allmulticast mode [ 380.883785][T15230] bridge_slave_0: entered promiscuous mode [ 380.900168][T15405] loop2: detected capacity change from 0 to 7 [ 380.912996][T15230] bridge0: port 2(bridge_slave_1) entered blocking state [ 380.936644][T15230] bridge0: port 2(bridge_slave_1) entered disabled state [ 380.944008][T15025] Dev loop2: unable to read RDB block 7 [ 380.958988][T15025] loop2: unable to read partition table [ 380.960497][T15230] bridge_slave_1: entered allmulticast mode [ 380.971461][T15025] loop2: partition table beyond EOD, truncated [ 380.997717][T15230] bridge_slave_1: entered promiscuous mode [ 381.008554][T15405] Dev loop2: unable to read RDB block 7 [ 381.014365][T15405] loop2: unable to read partition table [ 381.021658][T15405] loop2: partition table beyond EOD, truncated [ 381.041798][T15405] loop_reread_partitions: partition scan of loop2 (þ被—ü—ŸÑà– ) failed (rc=-5) [ 381.137220][ T5227] Bluetooth: hci6: command tx timeout [ 381.149118][T15230] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 381.205119][T15230] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 381.381681][T15230] team0: Port device team_slave_0 added [ 381.439098][T15230] team0: Port device team_slave_1 added [ 381.548153][T15230] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 381.555152][T15230] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 381.642236][T15230] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 381.679279][T15230] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 381.700918][ T29] kauditd_printk_skb: 18 callbacks suppressed [ 381.700938][ T29] audit: type=1326 audit(1725403385.162:394): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15423 comm="syz.3.4479" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f3b7fd7cef9 code=0x0 [ 381.736159][T15230] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 381.800246][T15230] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 382.067773][T15230] hsr_slave_0: entered promiscuous mode [ 382.100369][T15230] hsr_slave_1: entered promiscuous mode [ 382.124906][T15230] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 382.141821][T15230] Cannot create hsr debugfs directory [ 383.033593][T15448] team_slave_0: entered allmulticast mode [ 383.413143][T15230] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 383.480346][T15230] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 383.632900][T15230] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 383.665893][T15230] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 383.839930][T15466] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 383.853583][ T29] audit: type=1326 audit(1725403387.302:395): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15465 comm="syz.4.4495" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1e9ed7cef9 code=0x7ffc0000 [ 383.891430][T15466] overlayfs: The uuid=off requires a single fs for lower and upper, falling back to uuid=null. [ 383.912408][ T29] audit: type=1326 audit(1725403387.302:396): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15465 comm="syz.4.4495" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1e9ed7cef9 code=0x7ffc0000 [ 383.973003][ T29] audit: type=1326 audit(1725403387.322:397): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15465 comm="syz.4.4495" exe="/root/syz-executor" sig=0 arch=c000003e syscall=269 compat=0 ip=0x7f1e9ed7cef9 code=0x7ffc0000 [ 384.027506][T15230] 8021q: adding VLAN 0 to HW filter on device bond0 [ 384.113073][ T29] audit: type=1326 audit(1725403387.322:398): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15465 comm="syz.4.4495" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1e9ed7cef9 code=0x7ffc0000 [ 384.140501][T15230] 8021q: adding VLAN 0 to HW filter on device team0 [ 384.183103][ T2939] bridge0: port 1(bridge_slave_0) entered blocking state [ 384.190350][ T2939] bridge0: port 1(bridge_slave_0) entered forwarding state [ 384.203414][ T29] audit: type=1326 audit(1725403387.402:399): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15465 comm="syz.4.4495" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1e9ed7cef9 code=0x7ffc0000 [ 384.238437][ T2939] bridge0: port 2(bridge_slave_1) entered blocking state [ 384.245662][ T2939] bridge0: port 2(bridge_slave_1) entered forwarding state [ 384.428721][T15230] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 384.456608][T15230] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 384.813855][T15230] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 384.945377][T15230] veth0_vlan: entered promiscuous mode [ 385.003405][T15230] veth1_vlan: entered promiscuous mode [ 385.117147][T15230] veth0_macvtap: entered promiscuous mode [ 385.141494][T15230] veth1_macvtap: entered promiscuous mode [ 385.187827][T15230] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 385.226475][T15230] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 385.266398][T15230] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 385.316433][T15230] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 385.352399][T15230] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 385.393322][T15230] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 385.438231][T15230] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 385.471856][T15230] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 385.514177][T15230] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 385.544201][T15230] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 385.586293][T15230] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 385.616652][T15230] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 385.646698][T15230] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 385.694552][T15230] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 385.726772][T15230] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 385.762699][T15230] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 385.794293][T15230] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 385.835580][T15230] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 385.858110][T15230] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 385.906970][T15230] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 385.942526][T15230] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 386.004078][T15230] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 386.046239][T15230] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 386.076705][T15230] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 386.107093][T15230] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 386.126593][T15230] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 386.147037][T15230] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 386.166191][T15230] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 386.191286][T15230] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 386.211709][T15230] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 386.229206][ T8] usb 5-1: new high-speed USB device number 39 using dummy_hcd [ 386.234884][T15230] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 386.260759][T15230] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 386.285251][T15230] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 386.326030][T15230] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 386.358915][T15230] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 386.381887][T15230] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 386.406227][T15230] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 386.427733][T15230] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 386.442392][ T8] usb 5-1: Using ep0 maxpacket: 8 [ 386.447641][T15230] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 386.447670][T15230] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 386.447688][T15230] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 386.449363][T15230] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 386.527799][ T8] usb 5-1: config 0 has an invalid interface number: 137 but max is 0 [ 386.537248][ T8] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 386.560372][ T8] usb 5-1: config 0 has no interface number 0 [ 386.576432][ T8] usb 5-1: config 0 interface 137 altsetting 0 endpoint 0x1 has invalid maxpacket 512, setting to 64 [ 386.628905][T15230] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 386.636127][ T8] usb 5-1: config 0 interface 137 altsetting 0 endpoint 0x3 has invalid maxpacket 959, setting to 64 [ 386.668883][T15230] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 386.677050][ T8] usb 5-1: config 0 interface 137 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 386.686685][T15230] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 386.716899][T15230] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 386.739673][ T8] usb 5-1: config 0 interface 137 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 12 [ 386.816561][ T8] usb 5-1: New USB device found, idVendor=06f8, idProduct=3009, bcdDevice=3c.93 [ 386.825949][ T8] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 386.849185][ T8] usb 5-1: Product: syz [ 386.856984][ T8] usb 5-1: Manufacturer: syz [ 386.867424][ T8] usb 5-1: SerialNumber: syz [ 386.885006][ T8] usb 5-1: config 0 descriptor?? [ 386.917847][ T8] gspca_main: gspca_pac7302-2.14.0 probing 06f8:3009 [ 387.334533][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 387.385534][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 387.475170][ T1291] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 387.483207][ T1291] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 387.669941][ T9] usb 4-1: new high-speed USB device number 36 using dummy_hcd [ 387.808538][ T8] input: gspca_pac7302 as /devices/platform/dummy_hcd.4/usb5/5-1/input/input48 [ 387.837625][T15537] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4525'. [ 387.878897][ T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 387.903040][ T9] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 8 [ 388.001795][ T9] usb 4-1: New USB device found, idVendor=0499, idProduct=103e, bcdDevice=4e.18 [ 388.018848][ T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 388.053260][ T9] usb 4-1: Product: syz [ 388.067533][ T9] usb 4-1: Manufacturer: syz [ 388.077029][ T9] usb 4-1: SerialNumber: syz [ 388.084488][ T5273] usb 5-1: USB disconnect, device number 39 [ 388.131042][ T9] usb 4-1: config 0 descriptor?? [ 388.255589][T15544] batadv0: entered promiscuous mode [ 388.285328][T15544] batadv_slave_0: entered promiscuous mode [ 388.293612][T15544] batadv_slave_0: left promiscuous mode [ 388.303600][T15544] batadv0: left promiscuous mode [ 388.385067][ T9] usb 4-1: Quirk or no altset; falling back to MIDI 1.0 [ 388.477375][ T9] usb 4-1: USB disconnect, device number 36 [ 388.982413][T15561] netlink: 128 bytes leftover after parsing attributes in process `syz.4.4535'. [ 389.155958][ T29] audit: type=1326 audit(1725403392.612:400): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15566 comm="syz.4.4538" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f1e9ed7cef9 code=0x0 [ 389.382884][ T2939] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 389.487468][ T5273] usb 1-1: new high-speed USB device number 30 using dummy_hcd [ 389.672832][ T2939] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 389.684426][ T5273] usb 1-1: Using ep0 maxpacket: 8 [ 389.708893][ T5273] usb 1-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 64 [ 389.730362][ T5273] usb 1-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 389.781098][ T5273] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 389.801561][ T5273] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 389.862581][ T5273] usb 1-1: Product: syz [ 389.872734][ T5273] usb 1-1: Manufacturer: syz [ 389.893065][ T5273] usb 1-1: SerialNumber: syz [ 389.911794][ T2939] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 389.928959][T15563] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 390.006476][ T5304] usb 4-1: new high-speed USB device number 37 using dummy_hcd [ 390.141099][ T2939] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 390.177613][T15563] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 390.198541][ T5304] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 390.220049][T15563] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 390.226754][ T5304] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 390.276869][ T5273] cdc_ether 1-1:1.0: probe with driver cdc_ether failed with error -22 [ 390.288081][ T5304] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 390.305949][ T5273] usb 1-1: USB disconnect, device number 30 [ 390.326178][ T5304] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 390.377369][ T5304] usb 4-1: SerialNumber: syz [ 390.426633][ T25] usb 3-1: new high-speed USB device number 32 using dummy_hcd [ 390.435913][ T4614] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 390.467779][ T4614] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 390.479349][ T4614] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 390.493870][ T4614] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 390.534196][ T4614] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 390.541880][ T4614] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 390.552036][ T2939] bridge_slave_1: left allmulticast mode [ 390.560166][ T2939] bridge_slave_1: left promiscuous mode [ 390.597318][ T2939] bridge0: port 2(bridge_slave_1) entered disabled state [ 390.618780][ T2939] bridge_slave_0: left allmulticast mode [ 390.624492][ T2939] bridge_slave_0: left promiscuous mode [ 390.636625][ T2939] bridge0: port 1(bridge_slave_0) entered disabled state [ 390.665101][ T5304] usb 4-1: 0:2 : does not exist [ 390.682747][ T25] usb 3-1: Using ep0 maxpacket: 16 [ 390.719344][ T25] usb 3-1: New USB device found, idVendor=054c, idProduct=0038, bcdDevice=16.f5 [ 390.739006][ T25] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 390.759179][ T25] usb 3-1: Product: syz [ 390.763418][ T25] usb 3-1: Manufacturer: syz [ 390.787392][ T25] usb 3-1: SerialNumber: syz [ 390.805380][ T25] usb 3-1: config 0 descriptor?? [ 390.822160][ T25] visor 3-1:0.0: Sony Clie 3.5 converter detected [ 391.112321][ T5304] usb 4-1: USB disconnect, device number 37 [ 391.284718][ T25] usb 3-1: clie_3_5_startup: get interface number failed: -71 [ 391.305435][ T25] visor 3-1:0.0: probe with driver visor failed with error -71 [ 391.342484][ T25] usb 3-1: USB disconnect, device number 32 [ 392.103783][ T2939] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 392.132625][ T2939] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 392.146833][ T2939] bond0 (unregistering): Released all slaves [ 392.175762][T15606] netlink: 20 bytes leftover after parsing attributes in process `syz.0.4554'. [ 392.224909][T15611] sp0: Synchronizing with TNC [ 392.658507][ T5227] Bluetooth: hci6: command tx timeout [ 392.686969][ T25] usb 1-1: new high-speed USB device number 31 using dummy_hcd [ 392.868769][ T25] usb 1-1: New USB device found, idVendor=077d, idProduct=627a, bcdDevice= 0.01 [ 392.880564][ T25] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 392.907137][ T25] usb 1-1: config 0 descriptor?? [ 392.920187][ T25] radioshark 1-1:0.0: Invalid radioSHARK device [ 392.930143][ T25] radioshark 1-1:0.0: probe with driver radioshark failed with error -22 [ 392.939123][ T25] usbhid 1-1:0.0: couldn't find an input interrupt endpoint [ 393.164692][ T5273] usb 1-1: USB disconnect, device number 31 [ 393.225669][ T2939] hsr_slave_0: left promiscuous mode [ 393.247563][ T2939] hsr_slave_1: left promiscuous mode [ 393.254039][ T2939] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 393.287722][ T2939] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 393.327921][ T2939] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 393.335418][ T2939] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 393.445892][ T2939] veth1_macvtap: left promiscuous mode [ 393.466241][ T2939] veth0_macvtap: left promiscuous mode [ 393.475876][ T2939] veth1_vlan: left promiscuous mode [ 393.495863][ T2939] veth0_vlan: left promiscuous mode [ 394.732962][T15658] slcan: can't register candev [ 394.736381][ T5227] Bluetooth: hci6: command tx timeout [ 394.740367][T15658] Falling back ldisc for ttyS3. [ 395.245469][ T2939] team0 (unregistering): Port device team_slave_1 removed [ 395.415716][ T2939] team0 (unregistering): Port device team_slave_0 removed [ 396.816791][ T5227] Bluetooth: hci6: command tx timeout [ 396.921457][T15681] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 397.115976][T15589] chnl_net:caif_netlink_parms(): no params data found [ 397.499807][T15695] Bluetooth: hci0: Opcode 0x0401 failed: -22 [ 397.790642][T15589] bridge0: port 1(bridge_slave_0) entered blocking state [ 397.822992][T15589] bridge0: port 1(bridge_slave_0) entered disabled state [ 397.849062][T15589] bridge_slave_0: entered allmulticast mode [ 397.873814][T15589] bridge_slave_0: entered promiscuous mode [ 397.908402][T15589] bridge0: port 2(bridge_slave_1) entered blocking state [ 397.915578][T15589] bridge0: port 2(bridge_slave_1) entered disabled state [ 397.968703][T15589] bridge_slave_1: entered allmulticast mode [ 397.999416][T15589] bridge_slave_1: entered promiscuous mode [ 398.257988][T15717] netlink: 188 bytes leftover after parsing attributes in process `syz.4.4598'. [ 398.295592][T15589] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 398.333365][T15589] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 398.510673][T15589] team0: Port device team_slave_0 added [ 398.532599][ T4614] Bluetooth: hci9: sending frame failed (-49) [ 398.542326][ T5227] Bluetooth: hci9: Opcode 0x1003 failed: -49 [ 398.543299][T15589] team0: Port device team_slave_1 added [ 398.792788][T15589] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 398.820544][T15589] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 398.887719][T15589] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 398.898613][ T5227] Bluetooth: hci6: command tx timeout [ 399.005330][T15589] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 399.032817][T15589] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 399.106195][T15589] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 399.260985][T15589] hsr_slave_0: entered promiscuous mode [ 399.300960][T15589] hsr_slave_1: entered promiscuous mode [ 399.326978][T15589] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 399.334599][T15589] Cannot create hsr debugfs directory [ 399.539023][ T5227] Bluetooth: hci0: command tx timeout [ 399.871211][T15764] netlink: 'syz.0.4618': attribute type 11 has an invalid length. [ 400.177347][ T8] usb 4-1: new high-speed USB device number 38 using dummy_hcd [ 400.383956][ T8] usb 4-1: config index 0 descriptor too short (expected 45, got 36) [ 400.396201][ T8] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11 [ 400.442529][ T8] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 59391, setting to 1024 [ 400.450979][T15783] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 400.461566][T15783] IPv6: NLM_F_CREATE should be set when creating new route [ 400.468868][T15783] IPv6: NLM_F_CREATE should be set when creating new route [ 400.487058][ T5273] usb 1-1: new high-speed USB device number 32 using dummy_hcd [ 400.503246][T15783] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 400.512349][ T8] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 400.514777][T15589] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 400.557652][T15589] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 400.565688][ T8] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 400.581237][T15589] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 400.597264][ T8] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 400.612869][ T8] usb 4-1: config 0 descriptor?? [ 400.619636][T15589] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 400.632830][T15768] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 400.707570][ T5273] usb 1-1: Using ep0 maxpacket: 8 [ 400.717010][ T5342] usb 5-1: new high-speed USB device number 40 using dummy_hcd [ 400.726959][ T5273] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 400.746172][ T5273] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 400.782272][ T5273] usb 1-1: config 1 interface 1 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 400.816423][ T5273] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 400.825994][ T5273] usb 1-1: New USB device strings: Mfr=1, Product=0, SerialNumber=3 [ 400.835454][T15789] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4630'. [ 400.863236][T15789] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'raw' [ 400.875931][ T5273] usb 1-1: Manufacturer: syz [ 400.892188][ T5273] usb 1-1: SerialNumber: syz [ 400.908839][ T5342] usb 5-1: config 0 has an invalid interface number: 18 but max is 0 [ 400.923923][T15589] 8021q: adding VLAN 0 to HW filter on device bond0 [ 400.941470][ T5342] usb 5-1: config 0 has no interface number 0 [ 400.969033][ T5342] usb 5-1: config 0 interface 18 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 401.002024][ T5342] usb 5-1: config 0 interface 18 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 401.030847][ T5342] usb 5-1: New USB device found, idVendor=054c, idProduct=03d5, bcdDevice= 0.10 [ 401.032270][T15589] 8021q: adding VLAN 0 to HW filter on device team0 [ 401.056405][ T5342] usb 5-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0 [ 401.070417][ T8] plantronics 0003:047F:FFFF.0022: unknown main item tag 0xd [ 401.083537][ T5342] usb 5-1: Manufacturer: syz [ 401.088621][ T8] plantronics 0003:047F:FFFF.0022: No inputs registered, leaving [ 401.104830][ T5342] usb 5-1: config 0 descriptor?? [ 401.117418][ T1062] bridge0: port 1(bridge_slave_0) entered blocking state [ 401.124687][ T1062] bridge0: port 1(bridge_slave_0) entered forwarding state [ 401.139656][ T8] plantronics 0003:047F:FFFF.0022: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 401.173073][ T2939] bridge0: port 2(bridge_slave_1) entered blocking state [ 401.180392][ T2939] bridge0: port 2(bridge_slave_1) entered forwarding state [ 401.195389][T15791] overlayfs: invalid origin (00000079000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000) [ 401.470809][ T5304] usb 4-1: USB disconnect, device number 38 [ 401.615023][ T5342] input: syz as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.18/0003:054C:03D5.0023/input/input50 [ 401.711891][ T5342] sony 0003:054C:03D5.0023: input,hidraw0: USB HID v0.00 Joystick [syz] on usb-dummy_hcd.4-1/input18 [ 401.850065][T15589] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 401.920755][ T5342] usb 5-1: USB disconnect, device number 40 [ 401.967446][ T5273] cdc_ncm 1-1:1.0: bind() failure [ 401.992456][ T5273] cdc_ncm 1-1:1.1: probe with driver cdc_ncm failed with error -71 [ 402.028676][T15589] veth0_vlan: entered promiscuous mode [ 402.037679][ T5273] cdc_mbim 1-1:1.1: probe with driver cdc_mbim failed with error -71 [ 402.077564][ T5273] usbtest 1-1:1.1: probe with driver usbtest failed with error -71 [ 402.092217][T15589] veth1_vlan: entered promiscuous mode [ 402.103577][ T5273] usb 1-1: USB disconnect, device number 32 [ 402.185371][T15589] veth0_macvtap: entered promiscuous mode [ 402.219285][T15589] veth1_macvtap: entered promiscuous mode [ 402.294569][T15589] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 402.321385][T15589] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 402.355812][T15589] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 402.367560][T15589] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 402.378086][T15589] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 402.390303][T15589] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 402.401635][T15589] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 402.413105][T15589] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 402.424496][T15589] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 402.464614][T15589] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 402.475974][T15589] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 402.517506][T15589] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 402.541098][T15589] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 402.554426][T15589] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 402.567576][T15589] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 402.580439][T15589] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 402.617028][T15589] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 402.632892][T15589] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 402.645519][T15589] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 402.675846][T15589] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 402.704516][T15589] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 402.724306][ T29] audit: type=1400 audit(1725403406.182:401): lsm=SMACK fn=smack_inet_conn_request action=denied subject="?" object="_" requested=w pid=15818 comm="syz.0.4638" saddr=100.1.1.1 daddr=172.20.20.170 dest=20002 netif=wpan0 [ 402.794994][T15589] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 402.834322][T15589] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 402.863070][T15589] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 402.882837][T15589] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 402.906289][T15589] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 402.937167][T15589] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 402.965524][T15589] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 403.007720][T15589] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 403.032804][T15589] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 403.064932][T15589] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 403.095763][T15589] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 403.117074][T15589] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 403.155540][T15589] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 403.177247][T15589] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 403.207350][T15589] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 403.238080][T15589] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 403.267132][T15589] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 403.284346][T15589] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 403.309688][T15589] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 403.333409][T15589] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 403.368713][T15589] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 403.411750][T15834] tun0: tun_chr_ioctl cmd 1074025673 [ 403.559244][T15589] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 403.587479][T15589] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 403.624974][T15589] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 403.658651][T15589] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 403.978135][ T1062] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 403.990562][ T1062] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 404.063064][T15850] IPVS: persistence engine module ip_vs_pe_À not found [ 404.179260][T15340] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 404.200541][T15340] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 404.837754][ T25] usb 4-1: new high-speed USB device number 39 using dummy_hcd [ 404.996313][ T5304] usb 5-1: new high-speed USB device number 41 using dummy_hcd [ 405.038129][ T25] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 405.053410][ T25] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 405.065571][ T25] usb 4-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 405.075125][ T25] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 405.096026][ T25] usb 4-1: config 0 descriptor?? [ 405.199977][ T5304] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 405.214087][ T5304] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 405.242965][ T5304] usb 5-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00 [ 405.252450][ T5304] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 405.264093][ T5304] usb 5-1: config 0 descriptor?? [ 405.360306][ T5342] usb 4-1: USB disconnect, device number 39 [ 405.507383][ T58] usb 3-1: new high-speed USB device number 33 using dummy_hcd [ 405.692943][ T5304] cm6533_jd 0003:0D8C:0022.0024: unknown main item tag 0x0 [ 405.713213][ T58] usb 3-1: Using ep0 maxpacket: 16 [ 405.718202][ T5304] cm6533_jd 0003:0D8C:0022.0024: unknown main item tag 0x0 [ 405.732997][ T58] usb 3-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 9.00 [ 405.739678][ T5304] input: HID 0d8c:0022 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:0D8C:0022.0024/input/input51 [ 405.754185][ T58] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 405.778845][ T5304] cm6533_jd 0003:0D8C:0022.0024: input,hiddev0,hidraw0: USB HID v0.00 Device [HID 0d8c:0022] on usb-dummy_hcd.4-1/input0 [ 405.781133][ T58] usb 3-1: Product: syz [ 405.817303][ T58] usb 3-1: Manufacturer: syz [ 405.821971][ T58] usb 3-1: SerialNumber: syz [ 405.849881][ T58] usb 3-1: config 0 descriptor?? [ 405.860222][ T58] ftdi_sio 3-1:0.0: FTDI USB Serial Device converter detected [ 405.896997][ T58] usb 3-1: Detected FT232H [ 406.017595][ T25] usb 5-1: USB disconnect, device number 41 [ 406.116348][ T58] ftdi_sio ttyUSB0: Unable to read latency timer: -32 [ 406.168252][ T11] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 406.511004][ T11] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 406.543923][ T58] usb 3-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 406.738749][ T11] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 406.821207][ T58] usb 3-1: USB disconnect, device number 33 [ 406.844682][ T58] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 406.873983][ T58] ftdi_sio 3-1:0.0: device disconnected [ 406.991409][ T11] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 407.138820][ T4614] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 407.159245][ T4614] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 407.170885][ T4614] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 407.188093][ T4614] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 407.195873][ T4614] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 407.229010][ T4614] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 407.273600][ T11] bridge_slave_1: left allmulticast mode [ 407.280959][ T11] bridge_slave_1: left promiscuous mode [ 407.287006][ T11] bridge0: port 2(bridge_slave_1) entered disabled state [ 407.310569][ T11] bridge_slave_0: left allmulticast mode [ 407.317446][ T11] bridge_slave_0: left promiscuous mode [ 407.323243][ T11] bridge0: port 1(bridge_slave_0) entered disabled state [ 408.792198][ T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 408.812350][ T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 408.829085][ T11] bond0 (unregistering): Released all slaves [ 408.873720][T15918] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4679'. [ 408.899310][T15918] macvtap0: entered promiscuous mode [ 408.931874][T15918] macvtap0: left promiscuous mode [ 409.152761][T15936] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 409.167281][T15936] vhci_hcd: GetPortErrorCount req not supported for USB 2.0 roothub [ 409.299124][ T5227] Bluetooth: hci6: command tx timeout [ 409.867801][ T11] hsr_slave_0: left promiscuous mode [ 409.876849][ T11] hsr_slave_1: left promiscuous mode [ 409.937926][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 409.945427][ T11] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 410.007986][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 410.015466][ T11] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 410.127318][ T11] veth1_macvtap: left promiscuous mode [ 410.137429][ T11] veth0_macvtap: left promiscuous mode [ 410.143125][ T11] veth1_vlan: left promiscuous mode [ 410.166277][ T11] veth0_vlan: left promiscuous mode [ 410.397504][ T8] usb 5-1: new high-speed USB device number 42 using dummy_hcd [ 410.595608][ T8] usb 5-1: Using ep0 maxpacket: 16 [ 410.610628][ T8] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 410.657007][ T8] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 410.677340][ T8] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 410.717109][ T8] usb 5-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 410.748078][ T8] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 410.800209][ T8] usb 5-1: config 0 descriptor?? [ 411.251853][ T8] HID 045e:07da: Invalid code 65791 type 1 [ 411.271815][ T8] input: HID 045e:07da as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:045E:07DA.0025/input/input52 [ 411.327596][ T8] microsoft 0003:045E:07DA.0025: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.4-1/input0 [ 411.376428][ T5227] Bluetooth: hci6: command tx timeout [ 411.550070][ T5315] usb 5-1: USB disconnect, device number 42 [ 412.120324][ T11] team0 (unregistering): Port device team_slave_1 removed [ 412.252460][ T11] team0 (unregistering): Port device team_slave_0 removed [ 412.737859][ T5273] usb 5-1: new high-speed USB device number 43 using dummy_hcd [ 412.949991][ T5273] usb 5-1: Using ep0 maxpacket: 8 [ 412.958839][ T5273] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8D has an invalid bInterval 42, changing to 9 [ 412.970250][ T5273] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8D has invalid maxpacket 26056, setting to 1024 [ 412.993250][ T5273] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 413.016314][ T5273] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 413.037044][ T5273] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0 [ 413.047546][ T5273] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 0 [ 413.057420][ T5273] usb 5-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8d.58 [ 413.068505][ T5273] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 413.079746][ T5273] usb 5-1: config 0 descriptor?? [ 413.085548][T15987] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 413.140421][ T5227] Bluetooth: hci9: urb ffff88802827c700 submission failed (90) [ 413.341709][ T5273] usb 5-1: USB disconnect, device number 43 [ 413.465832][ T5227] Bluetooth: hci6: command tx timeout [ 413.545414][T15981] netlink: 16 bytes leftover after parsing attributes in process `syz.3.4705'. [ 414.082133][T15908] chnl_net:caif_netlink_parms(): no params data found [ 414.378844][T15908] bridge0: port 1(bridge_slave_0) entered blocking state [ 414.386134][T15908] bridge0: port 1(bridge_slave_0) entered disabled state [ 414.393428][T15908] bridge_slave_0: entered allmulticast mode [ 414.418489][T15908] bridge_slave_0: entered promiscuous mode [ 414.430282][T15908] bridge0: port 2(bridge_slave_1) entered blocking state [ 414.439363][T15908] bridge0: port 2(bridge_slave_1) entered disabled state [ 414.448602][T15908] bridge_slave_1: entered allmulticast mode [ 414.456022][T15908] bridge_slave_1: entered promiscuous mode [ 414.571453][T15908] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 414.640061][T15908] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 414.841753][T15908] team0: Port device team_slave_0 added [ 414.879326][T15908] team0: Port device team_slave_1 added [ 414.985033][T16024] netlink: 'syz.4.4719': attribute type 3 has an invalid length. [ 415.013463][T16024] netlink: 130984 bytes leftover after parsing attributes in process `syz.4.4719'. [ 415.079852][T15908] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 415.107320][T15908] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 415.152988][T16031] overlayfs: failed to create directory ./bus/work (errno: 13); mounting read-only [ 415.196812][T16031] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 415.207329][T15908] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 415.258533][T15908] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 415.272520][T15908] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 415.321694][T15908] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 415.511575][T15908] hsr_slave_0: entered promiscuous mode [ 415.528799][T15908] hsr_slave_1: entered promiscuous mode [ 415.536943][ T5227] Bluetooth: hci6: command tx timeout [ 415.575113][T15908] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 415.602476][T15908] Cannot create hsr debugfs directory [ 415.717455][T16047] netlink: 184 bytes leftover after parsing attributes in process `syz.4.4730'. [ 416.247238][ T5273] usb 4-1: new high-speed USB device number 40 using dummy_hcd [ 416.459339][ T5273] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 416.497742][ T5273] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 416.530497][ T5273] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 416.569645][ T5273] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 416.627845][ T5273] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 416.661980][ T5273] usb 4-1: config 0 descriptor?? [ 416.665012][T15908] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 416.729040][T15908] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 416.788165][T15908] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 416.845092][T15908] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 417.105958][ T5273] plantronics 0003:047F:FFFF.0026: unknown main item tag 0x0 [ 417.145068][ T5273] plantronics 0003:047F:FFFF.0026: unknown main item tag 0x0 [ 417.193852][ T5273] plantronics 0003:047F:FFFF.0026: No inputs registered, leaving [ 417.234766][ T5273] plantronics 0003:047F:FFFF.0026: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 417.243255][T15908] 8021q: adding VLAN 0 to HW filter on device bond0 [ 417.344625][T15908] 8021q: adding VLAN 0 to HW filter on device team0 [ 417.387462][ T1302] bridge0: port 1(bridge_slave_0) entered blocking state [ 417.394688][ T1302] bridge0: port 1(bridge_slave_0) entered forwarding state [ 417.513919][ T5315] usb 4-1: USB disconnect, device number 40 [ 417.544994][ T11] bridge0: port 2(bridge_slave_1) entered blocking state [ 417.552239][ T11] bridge0: port 2(bridge_slave_1) entered forwarding state [ 417.739577][T15908] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 418.233370][T16106] vivid-002: ================= START STATUS ================= [ 418.268625][T16106] vivid-002: Radio HW Seek Mode: Bounded [ 418.299035][T16106] vivid-002: Radio Programmable HW Seek: false [ 418.305308][T16106] vivid-002: RDS Rx I/O Mode: Block I/O [ 418.342828][T15908] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 418.367002][T16106] vivid-002: Generate RBDS Instead of RDS: false [ 418.373460][T16106] vivid-002: RDS Reception: true [ 418.431066][T16106] vivid-002: RDS Program Type: 0 inactive [ 418.472724][T16106] vivid-002: RDS PS Name: inactive [ 418.512092][T16106] vivid-002: RDS Radio Text: inactive [ 418.530408][T15908] veth0_vlan: entered promiscuous mode [ 418.536026][T16106] vivid-002: RDS Traffic Announcement: false inactive [ 418.563327][T16106] vivid-002: RDS Traffic Program: false inactive [ 418.586794][T16106] vivid-002: RDS Music: false inactive [ 418.598690][T15908] veth1_vlan: entered promiscuous mode [ 418.615635][T16106] vivid-002: ================== END STATUS ================== [ 418.751220][T15908] veth0_macvtap: entered promiscuous mode [ 418.803005][T15908] veth1_macvtap: entered promiscuous mode [ 418.863205][T16125] netlink: 'syz.2.4762': attribute type 3 has an invalid length. [ 418.899715][T15908] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 418.928389][T15908] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 418.948773][T15908] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 418.988007][T15908] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 419.033409][ T5315] IPVS: starting estimator thread 0... [ 419.048164][T15908] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 419.067997][T15908] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 419.078193][T15908] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 419.089483][T15908] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 419.102546][T15908] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 419.110497][ T8] hid-generic 0000:0000:0000.0027: unknown main item tag 0x0 [ 419.119489][T15908] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 419.149077][T15908] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 419.156142][ T8] hid-generic 0000:0000:0000.0027: unknown main item tag 0x0 [ 419.160904][T16134] IPVS: using max 19 ests per chain, 45600 per kthread [ 419.180724][ T8] hid-generic 0000:0000:0000.0027: unknown main item tag 0x0 [ 419.186795][T15908] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 419.198353][ T8] hid-generic 0000:0000:0000.0027: unknown main item tag 0x0 [ 419.221705][ T8] hid-generic 0000:0000:0000.0027: hidraw0: HID v0.00 Device [syz0] on syz0 [ 419.226373][T15908] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 419.252992][T15908] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 419.263225][T15908] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 419.274252][T15908] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 419.285966][T15908] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 419.297013][T15908] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 419.307911][T15908] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 419.320552][T15908] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 419.333386][T15908] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 419.346504][T16130] tipc: Started in network mode [ 419.367219][T16130] tipc: Node identity ac1414aa, cluster identity 4711 [ 419.397297][ T5273] usb 3-1: new high-speed USB device number 34 using dummy_hcd [ 419.407646][T16130] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 419.429361][T16130] tipc: Enabled bearer , priority 10 [ 419.462385][T15908] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 419.497170][T15908] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 419.537996][T15908] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 419.549644][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 419.556106][T15908] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 419.585287][ T5273] usb 3-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 419.615373][T15908] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 419.627227][ T5273] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 419.635260][ T5273] usb 3-1: Product: syz [ 419.646727][T15908] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 419.667094][ T5273] usb 3-1: Manufacturer: syz [ 419.671876][ T5273] usb 3-1: SerialNumber: syz [ 419.687371][T15908] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 419.688096][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 419.719023][ T5273] usb 3-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 419.727773][T16144] netlink: 'syz.3.4771': attribute type 20 has an invalid length. [ 419.751104][T15908] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 419.789443][ T8] usb 3-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 419.806438][T15908] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 419.826365][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 419.841818][T15908] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 419.874035][T15908] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 419.896244][T15908] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 419.918163][T15908] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 419.956330][T15908] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 419.967125][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 419.994528][T15908] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 420.016352][T15908] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 420.065279][T15908] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 420.097116][T15908] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 420.107403][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 420.135189][T15908] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 420.152639][T15908] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 420.198856][T15908] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 420.227829][T16148] netlink: 'syz.4.4773': attribute type 2 has an invalid length. [ 420.246266][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 420.265440][T15908] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 420.290133][T16148] netlink: 'syz.4.4773': attribute type 1 has an invalid length. [ 420.317381][T15908] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 420.336465][T16148] netlink: 181400 bytes leftover after parsing attributes in process `syz.4.4773'. [ 420.366433][T15908] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 420.387018][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 420.408199][T15908] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 420.529460][ T5304] tipc: Node number set to 2886997162 [ 420.666349][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 420.936504][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 422.616836][T16161] netlink: 'syz.4.4779': attribute type 1 has an invalid length. [ 422.655568][T16161] netlink: 9116 bytes leftover after parsing attributes in process `syz.4.4779'. [ 422.686529][T16161] netlink: 'syz.4.4779': attribute type 2 has an invalid length. [ 422.705831][T16161] netlink: 185 bytes leftover after parsing attributes in process `syz.4.4779'. [ 424.576229][ C1] net_ratelimit: 3 callbacks suppressed [ 424.576255][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 424.833703][T16187] netlink: 'syz.0.4790': attribute type 3 has an invalid length. [ 425.616798][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 426.227159][T16196] usb usb7: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 426.656304][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 427.696238][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 428.736236][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 429.593388][T16194] netlink: 16 bytes leftover after parsing attributes in process `syz.2.4793'. [ 429.718192][ T8] ath9k_htc 3-1:1.0: ath9k_htc: Target is unresponsive [ 429.776259][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 430.816282][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 431.856286][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 432.896304][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 433.937368][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 434.976284][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 436.016302][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 437.056368][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 437.820284][ T4614] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 437.823104][ T4614] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 437.824206][ T4614] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 437.826431][ T4614] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 437.827199][ T4614] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 437.827579][ T4614] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 437.889744][ T5227] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 437.907059][ T5227] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 437.911034][ T5227] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 437.912179][ T5227] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 437.912960][ T5227] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 437.913328][ T5227] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 438.096255][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 438.366815][ T5227] Bluetooth: hci9: unexpected cc 0x0c03 length: 249 > 1 [ 438.370887][ T5227] Bluetooth: hci9: unexpected cc 0x1003 length: 249 > 9 [ 438.372025][ T5227] Bluetooth: hci9: unexpected cc 0x1001 length: 249 > 9 [ 438.373863][ T5227] Bluetooth: hci9: unexpected cc 0x0c23 length: 249 > 4 [ 438.374582][ T5227] Bluetooth: hci9: unexpected cc 0x0c25 length: 249 > 3 [ 438.374938][ T5227] Bluetooth: hci9: unexpected cc 0x0c38 length: 249 > 2 [ 439.136335][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 439.857166][ T4614] Bluetooth: hci3: command tx timeout [ 440.016715][ T4614] Bluetooth: hci4: command tx timeout [ 440.176282][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 440.409442][ T1267] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.423635][ T4614] Bluetooth: hci9: command tx timeout [ 441.216525][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 441.388185][ T5227] Bluetooth: hci10: unexpected cc 0x0c03 length: 249 > 1 [ 441.392867][ T5227] Bluetooth: hci10: unexpected cc 0x1003 length: 249 > 9 [ 441.394005][ T5227] Bluetooth: hci10: unexpected cc 0x1001 length: 249 > 9 [ 441.395928][ T5227] Bluetooth: hci10: unexpected cc 0x0c23 length: 249 > 4 [ 441.397029][ T5227] Bluetooth: hci10: unexpected cc 0x0c25 length: 249 > 3 [ 441.397406][ T5227] Bluetooth: hci10: unexpected cc 0x0c38 length: 249 > 2 [ 441.936347][ T5227] Bluetooth: hci3: command tx timeout [ 442.096668][ T5227] Bluetooth: hci4: command tx timeout [ 442.256698][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 442.497474][ T5227] Bluetooth: hci9: command tx timeout [ 443.296695][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 443.457113][ T5227] Bluetooth: hci10: command tx timeout [ 444.016405][ T5227] Bluetooth: hci3: command tx timeout [ 444.177298][ T5227] Bluetooth: hci4: command tx timeout [ 444.336412][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 444.586121][ T5227] Bluetooth: hci9: command tx timeout [ 445.377280][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 445.536921][ T5227] Bluetooth: hci10: command tx timeout [ 446.097059][ T5227] Bluetooth: hci3: command tx timeout [ 446.256904][ T5227] Bluetooth: hci4: command tx timeout [ 446.416383][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 446.656782][ T5227] Bluetooth: hci9: command tx timeout [ 447.456305][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 447.616394][ T5227] Bluetooth: hci10: command tx timeout [ 448.496286][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 449.536449][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 449.696405][ T5227] Bluetooth: hci10: command tx timeout [ 450.577035][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 451.616418][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 452.656461][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 453.696465][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 454.736426][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 455.776424][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 456.337311][ T19] rcu: INFO: rcu_preempt detected expedited stalls on CPUs/tasks: { 0-.... } 2660 jiffies s: 21377 root: 0x1/. [ 456.337364][ T19] rcu: blocking rcu_node structures (internal RCU debug): [ 456.337380][ T19] Sending NMI from CPU 1 to CPUs 0: [ 456.337418][ C0] NMI backtrace for cpu 0 [ 456.337442][ C0] CPU: 0 UID: 0 PID: 8 Comm: kworker/0:0 Not tainted 6.11.0-rc6-syzkaller-00026-g88fac17500f4 #0 [ 456.337462][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 456.337473][ C0] Workqueue: events request_firmware_work_func [ 456.337501][ C0] RIP: 0010:unwind_next_frame+0x674/0x2a00 [ 456.337552][ C0] Code: 48 8b 6c 24 08 48 c7 c0 60 31 04 90 48 29 c3 48 c7 c1 88 22 77 90 48 c1 fb 02 4c 8d 3c 5b 4d 01 ff 49 01 cf 0f 84 82 00 00 00 <49> 89 ee e8 94 5e 52 00 49 8d 6f 04 49 8d 5f 05 48 89 e8 48 c1 e8 [ 456.337566][ C0] RSP: 0018:ffffc90000006ee8 EFLAGS: 00000082 [ 456.337578][ C0] RAX: ffffffff81412c9e RBX: 0000000000000000 RCX: ffffffff911c27c8 [ 456.337589][ C0] RDX: 0000000000010100 RSI: ffffffff8baa8a39 RDI: ffffffff8baa8968 [ 456.337601][ C0] RBP: 1ffff92000000df8 R08: ffffffff81412c60 R09: ffffc900000070b0 [ 456.337612][ C0] R10: 0000000000000003 R11: ffffffff817f2f30 R12: ffffffff907234e0 [ 456.337623][ C0] R13: dffffc0000000000 R14: ffffffff8baa8a39 R15: ffffffff911c27c8 [ 456.337635][ C0] FS: 0000000000000000(0000) GS:ffff8880b8800000(0000) knlGS:0000000000000000 [ 456.337648][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 456.337659][ C0] CR2: 0000001b2ec17ff8 CR3: 000000000e534000 CR4: 00000000003506f0 [ 456.337673][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 456.337682][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 456.337691][ C0] Call Trace: [ 456.337697][ C0] [ 456.337704][ C0] ? nmi_cpu_backtrace+0x3c2/0x4d0 [ 456.337726][ C0] ? __pfx_lock_acquire+0x10/0x10 [ 456.337749][ C0] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 456.337768][ C0] ? nmi_handle+0x2a/0x5a0 [ 456.337791][ C0] ? nmi_cpu_backtrace_handler+0xc/0x20 [ 456.337810][ C0] ? nmi_handle+0x14f/0x5a0 [ 456.337825][ C0] ? nmi_handle+0x2a/0x5a0 [ 456.337841][ C0] ? unwind_next_frame+0x674/0x2a00 [ 456.337862][ C0] ? default_do_nmi+0x63/0x160 [ 456.337882][ C0] ? exc_nmi+0x123/0x1f0 [ 456.337902][ C0] ? end_repeat_nmi+0xf/0x53 [ 456.337921][ C0] ? sprintf+0xd9/0x120 [ 456.337940][ C0] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 456.337959][ C0] ? unwind_next_frame+0x510/0x2a00 [ 456.337980][ C0] ? unwind_next_frame+0x54e/0x2a00 [ 456.338001][ C0] ? sprintf+0xd9/0x120 [ 456.338018][ C0] ? sprintf+0x8/0x120 [ 456.338036][ C0] ? unwind_next_frame+0x674/0x2a00 [ 456.338059][ C0] ? unwind_next_frame+0x674/0x2a00 [ 456.338081][ C0] ? unwind_next_frame+0x674/0x2a00 [ 456.338103][ C0] [ 456.338108][ C0] [ 456.338116][ C0] ? sprintf+0xd9/0x120 [ 456.338136][ C0] ? sprintf+0xda/0x120 [ 456.338153][ C0] ? sprintf+0xda/0x120 [ 456.338171][ C0] ? __kernel_text_address+0xd/0x40 [ 456.338186][ C0] ? sprintf+0xda/0x120 [ 456.338204][ C0] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 456.338223][ C0] arch_stack_walk+0x151/0x1b0 [ 456.338241][ C0] ? sprintf+0xda/0x120 [ 456.338262][ C0] stack_trace_save+0x118/0x1d0 [ 456.338282][ C0] ? __pfx_stack_trace_save+0x10/0x10 [ 456.338304][ C0] ? debug_check_no_obj_freed+0x561/0x580 [ 456.338320][ C0] ? do_raw_spin_lock+0x14f/0x370 [ 456.338337][ C0] ? __pfx_lock_release+0x10/0x10 [ 456.338358][ C0] kasan_save_track+0x3f/0x80 [ 456.338374][ C0] ? kasan_save_track+0x3f/0x80 [ 456.338388][ C0] ? kasan_save_free_info+0x40/0x50 [ 456.338409][ C0] ? poison_slab_object+0xe0/0x150 [ 456.338425][ C0] ? __kasan_slab_free+0x37/0x60 [ 456.338441][ C0] ? kfree+0x149/0x360 [ 456.338458][ C0] ? dummy_timer+0x7ce/0x45a0 [ 456.338476][ C0] ? __hrtimer_run_queues+0x59b/0xd50 [ 456.338491][ C0] ? hrtimer_interrupt+0x396/0x990 [ 456.338506][ C0] ? __sysvec_apic_timer_interrupt+0x110/0x3f0 [ 456.338534][ C0] ? sysvec_apic_timer_interrupt+0x52/0xc0 [ 456.338560][ C0] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 456.338579][ C0] ? __sanitizer_cov_trace_const_cmp8+0x11/0x90 [ 456.338601][ C0] ? pie_calculate_probability+0x366/0x820 [ 456.338622][ C0] ? fq_pie_timer+0x26d/0x590 [ 456.338643][ C0] ? call_timer_fn+0x18e/0x650 [ 456.338664][ C0] ? __run_timer_base+0x66a/0x8e0 [ 456.338683][ C0] ? run_timer_softirq+0xb7/0x170 [ 456.338703][ C0] ? handle_softirqs+0x2c4/0x970 [ 456.338721][ C0] ? __irq_exit_rcu+0xf4/0x1c0 [ 456.338738][ C0] ? irq_exit_rcu+0x9/0x30 [ 456.338756][ C0] ? sysvec_call_function_single+0xa3/0xc0 [ 456.338778][ C0] ? asm_sysvec_call_function_single+0x1a/0x20 [ 456.338797][ C0] ? __sanitizer_cov_trace_pc+0x31/0x70 [ 456.338815][ C0] ? string+0x205/0x2b0 [ 456.338832][ C0] ? vsnprintf+0x1101/0x1da0 [ 456.338850][ C0] ? sprintf+0xda/0x120 [ 456.338885][ C0] ? dummy_timer+0x7ce/0x45a0 [ 456.338901][ C0] kasan_save_free_info+0x40/0x50 [ 456.338922][ C0] poison_slab_object+0xe0/0x150 [ 456.338940][ C0] __kasan_slab_free+0x37/0x60 [ 456.338956][ C0] ? dummy_timer+0x7ce/0x45a0 [ 456.338972][ C0] kfree+0x149/0x360 [ 456.338993][ C0] dummy_timer+0x7ce/0x45a0 [ 456.339015][ C0] ? __pfx_lock_release+0x10/0x10 [ 456.339046][ C0] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 456.339070][ C0] ? __hrtimer_run_queues+0x477/0xd50 [ 456.339087][ C0] ? __pfx_lock_release+0x10/0x10 [ 456.339111][ C0] ? do_raw_spin_unlock+0x13c/0x8b0 [ 456.339133][ C0] ? __pfx_dummy_timer+0x10/0x10 [ 456.339154][ C0] ? __pfx_dummy_timer+0x10/0x10 [ 456.339172][ C0] __hrtimer_run_queues+0x59b/0xd50 [ 456.339198][ C0] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 456.339216][ C0] ? ktime_get_update_offsets_now+0x22d/0x250 [ 456.339241][ C0] hrtimer_interrupt+0x396/0x990 [ 456.339269][ C0] __sysvec_apic_timer_interrupt+0x110/0x3f0 [ 456.339294][ C0] sysvec_apic_timer_interrupt+0x52/0xc0 [ 456.339318][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 456.339337][ C0] RIP: 0010:__sanitizer_cov_trace_const_cmp8+0x11/0x90 [ 456.339359][ C0] Code: 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 4c 8b 04 24 65 48 8b 0c 25 c0 d6 03 00 <65> 8b 05 70 45 70 7e 25 00 01 ff 00 74 10 3d 00 01 00 00 75 57 83 [ 456.339371][ C0] RSP: 0018:ffffc90000007a98 EFLAGS: 00000246 [ 456.339384][ C0] RAX: 0000000000000100 RBX: ffff888029389300 RCX: ffff88801cabda00 [ 456.339395][ C0] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0019999999999998 [ 456.339405][ C0] RBP: 0019999999999998 R08: ffffffff89b5b7a6 R09: fffff52000000f58 [ 456.339416][ C0] R10: dffffc0000000000 R11: fffff52000000f58 R12: 00051eb851eb851e [ 456.339428][ C0] R13: 0000000000000000 R14: fffffff0a3da8872 R15: 0000000000000000 [ 456.339442][ C0] ? pie_calculate_probability+0x366/0x820 [ 456.339468][ C0] pie_calculate_probability+0x366/0x820 [ 456.339496][ C0] fq_pie_timer+0x26d/0x590 [ 456.339517][ C0] ? fq_pie_timer+0x4d/0x590 [ 456.339546][ C0] call_timer_fn+0x18e/0x650 [ 456.339569][ C0] ? call_timer_fn+0xc0/0x650 [ 456.339589][ C0] ? __pfx_fq_pie_timer+0x10/0x10 [ 456.339611][ C0] ? __pfx_call_timer_fn+0x10/0x10 [ 456.339635][ C0] ? __pfx_fq_pie_timer+0x10/0x10 [ 456.339657][ C0] ? __pfx_fq_pie_timer+0x10/0x10 [ 456.339678][ C0] ? __pfx_fq_pie_timer+0x10/0x10 [ 456.339699][ C0] ? _raw_spin_unlock_irq+0x23/0x50 [ 456.339720][ C0] ? lockdep_hardirqs_on+0x99/0x150 [ 456.339734][ C0] ? __pfx_fq_pie_timer+0x10/0x10 [ 456.339756][ C0] __run_timer_base+0x66a/0x8e0 [ 456.339783][ C0] ? __pfx___run_timer_base+0x10/0x10 [ 456.339805][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 456.339830][ C0] run_timer_softirq+0xb7/0x170 [ 456.339851][ C0] handle_softirqs+0x2c4/0x970 [ 456.339872][ C0] ? __irq_exit_rcu+0xf4/0x1c0 [ 456.339894][ C0] ? __pfx_handle_softirqs+0x10/0x10 [ 456.339912][ C0] ? sched_clock_cpu+0x76/0x490 [ 456.339930][ C0] ? irqtime_account_irq+0xd4/0x1e0 [ 456.339953][ C0] __irq_exit_rcu+0xf4/0x1c0 [ 456.339972][ C0] ? __pfx___irq_exit_rcu+0x10/0x10 [ 456.339993][ C0] ? rcu_is_watching+0x15/0xb0 [ 456.340016][ C0] irq_exit_rcu+0x9/0x30 [ 456.340033][ C0] sysvec_call_function_single+0xa3/0xc0 [ 456.340056][ C0] [ 456.340061][ C0] [ 456.340067][ C0] asm_sysvec_call_function_single+0x1a/0x20 [ 456.340086][ C0] RIP: 0010:__sanitizer_cov_trace_pc+0x31/0x70 [ 456.340105][ C0] Code: 24 65 48 8b 0c 25 c0 d6 03 00 65 8b 15 50 4a 70 7e 81 e2 00 01 ff 00 74 11 81 fa 00 01 00 00 75 35 83 b9 1c 16 00 00 00 74 2c <8b> 91 f8 15 00 00 83 fa 02 75 21 48 8b 91 00 16 00 00 48 8b 32 48 [ 456.340117][ C0] RSP: 0018:ffffc900000d6bc8 EFLAGS: 00000246 [ 456.340129][ C0] RAX: ffffffff8baa6355 RBX: 0000000000000000 RCX: ffff88801cabda00 [ 456.340139][ C0] RDX: 0000000000000000 RSI: 0000000000000043 RDI: 0000000000000000 [ 456.340148][ C0] RBP: ffffc900000d6f6f R08: ffffffff8baa6310 R09: ffffffff8baa2964 [ 456.340159][ C0] R10: 0000000000000012 R11: ffff88801cabda00 R12: ffffc900000d6e60 [ 456.340170][ C0] R13: ffffc900000d6f6f R14: ffffc900000d6f6f R15: fffffffffffffffe [ 456.340185][ C0] ? vsnprintf+0x184/0x1da0 [ 456.340202][ C0] ? string+0x1c0/0x2b0 [ 456.340219][ C0] ? string+0x205/0x2b0 [ 456.340240][ C0] string+0x205/0x2b0 [ 456.340260][ C0] vsnprintf+0x1101/0x1da0 [ 456.340283][ C0] ? __pfx_vsnprintf+0x10/0x10 [ 456.340307][ C0] sprintf+0xda/0x120 [ 456.340327][ C0] ? vsnprintf+0x1cc3/0x1da0 [ 456.340346][ C0] ? __pfx_sprintf+0x10/0x10 [ 456.340366][ C0] ? serial8250_console_write+0xdc6/0x1770 [ 456.340388][ C0] ? do_raw_spin_lock+0x14f/0x370 [ 456.340409][ C0] info_print_prefix+0x204/0x310 [ 456.340430][ C0] ? __pfx_info_print_prefix+0x10/0x10 [ 456.340455][ C0] printk_get_next_message+0x6da/0xbe0 [ 456.340478][ C0] ? __pfx_printk_get_next_message+0x10/0x10 [ 456.340498][ C0] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 456.340520][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 456.340556][ C0] ? console_flush_all+0x3a8/0xfd0 [ 456.340576][ C0] console_flush_all+0x410/0xfd0 [ 456.340595][ C0] ? console_flush_all+0x152/0xfd0 [ 456.340618][ C0] ? __pfx_console_flush_all+0x10/0x10 [ 456.340636][ C0] ? __pfx_lock_acquire+0x10/0x10 [ 456.340659][ C0] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 456.340683][ C0] console_unlock+0x13b/0x4d0 [ 456.340702][ C0] ? __pfx_console_unlock+0x10/0x10 [ 456.340717][ C0] ? dev_vprintk_emit+0x2ae/0x330 [ 456.340739][ C0] ? dev_vprintk_emit+0x2ae/0x330 [ 456.340761][ C0] ? __pfx___down_trylock_console_sem+0x10/0x10 [ 456.340787][ C0] vprintk_emit+0x5dc/0x7c0 [ 456.340803][ C0] ? __pfx_vprintk_emit+0x10/0x10 [ 456.340819][ C0] ? __pfx_snprintf+0x10/0x10 [ 456.340841][ C0] ? read_word_at_a_time+0xe/0x20 [ 456.340857][ C0] ? sized_strscpy+0x8d/0x220 [ 456.340874][ C0] dev_vprintk_emit+0x2ae/0x330 [ 456.340898][ C0] ? __pfx_dev_vprintk_emit+0x10/0x10 [ 456.340930][ C0] dev_printk_emit+0xdd/0x120 [ 456.340954][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 456.340973][ C0] ? _raw_spin_lock_irq+0xdf/0x120 [ 456.340996][ C0] ? __pfx_dev_printk_emit+0x10/0x10 [ 456.341019][ C0] ? lockdep_hardirqs_on+0x99/0x150 [ 456.341035][ C0] ? _raw_spin_unlock_irq+0x2e/0x50 [ 456.341056][ C0] ? __dev_printk+0x137/0x1a0 [ 456.341076][ C0] _dev_err+0x122/0x170 [ 456.341091][ C0] ? ath9k_htc_wait_for_target+0xc2/0x160 [ 456.341107][ C0] ? __pfx__dev_err+0x10/0x10 [ 456.341122][ C0] ? __pfx_wait_for_completion_timeout+0x10/0x10 [ 456.341140][ C0] ? ieee80211_roc_setup+0x119/0x1d0 [ 456.341157][ C0] ? ieee80211_alloc_hw_nm+0x1835/0x1ea0 [ 456.341181][ C0] ath9k_htc_wait_for_target+0x132/0x160 [ 456.341198][ C0] ath9k_htc_probe_device+0x1a5/0x2240 [ 456.341220][ C0] ? lockdep_hardirqs_on+0x99/0x150 [ 456.341236][ C0] ? __pfx_ath9k_htc_probe_device+0x10/0x10 [ 456.341250][ C0] ? usb_submit_urb+0x10e4/0x1930 [ 456.341271][ C0] ? usb_free_urb+0x9f/0x120 [ 456.341287][ C0] ? ath9k_hif_usb_alloc_urbs+0x1003/0x10f0 [ 456.341309][ C0] ath9k_htc_hw_init+0x34/0x80 [ 456.341325][ C0] ath9k_hif_usb_firmware_cb+0x255/0x4b0 [ 456.341345][ C0] ? __pfx_ath9k_hif_usb_firmware_cb+0x10/0x10 [ 456.341362][ C0] request_firmware_work_func+0x1a4/0x280 [ 456.341385][ C0] ? __pfx_request_firmware_work_func+0x10/0x10 [ 456.341409][ C0] ? process_scheduled_works+0x945/0x1830 [ 456.341429][ C0] process_scheduled_works+0xa2c/0x1830 [ 456.341464][ C0] ? __pfx_process_scheduled_works+0x10/0x10 [ 456.341488][ C0] ? assign_work+0x364/0x3d0 [ 456.341510][ C0] worker_thread+0x86d/0xd10 [ 456.341538][ C0] ? __kthread_parkme+0x169/0x1d0 [ 456.341564][ C0] ? __pfx_worker_thread+0x10/0x10 [ 456.341584][ C0] kthread+0x2f0/0x390 [ 456.341606][ C0] ? __pfx_worker_thread+0x10/0x10 [ 456.341625][ C0] ? __pfx_kthread+0x10/0x10 [ 456.341648][ C0] ret_from_fork+0x4b/0x80 [ 456.341668][ C0] ? __pfx_kthread+0x10/0x10 [ 456.341690][ C0] ret_from_fork_asm+0x1a/0x30 [ 456.341719][ C0] [ 456.816326][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 457.856317][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 458.896492][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 459.936345][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 460.976328][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 462.016329][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 463.056326][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 464.096333][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 465.136397][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 466.176253][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 467.216371][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 467.799964][ T4614] Bluetooth: hci11: unexpected cc 0x0c03 length: 249 > 1 [ 467.805281][ T4614] Bluetooth: hci11: unexpected cc 0x1003 length: 249 > 9 [ 467.806884][ T4614] Bluetooth: hci11: unexpected cc 0x1001 length: 249 > 9 [ 467.808770][ T4614] Bluetooth: hci11: unexpected cc 0x0c23 length: 249 > 4 [ 467.809499][ T4614] Bluetooth: hci11: unexpected cc 0x0c25 length: 249 > 3 [ 467.809881][ T4614] Bluetooth: hci11: unexpected cc 0x0c38 length: 249 > 2 [ 468.256295][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 469.296270][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 469.862770][ T4614] Bluetooth: hci11: command tx timeout [ 470.336272][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 471.376251][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 471.937153][ T4614] Bluetooth: hci11: command tx timeout [ 472.416280][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 473.456252][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 474.016400][ T4614] Bluetooth: hci11: command tx timeout [ 474.496259][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 475.536549][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 476.096520][ T4614] Bluetooth: hci11: command tx timeout [ 476.576282][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 477.616333][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 478.656308][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 479.696380][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 480.736322][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 481.776294][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 482.816295][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 483.856850][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 484.896318][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 485.936305][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 486.976246][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 488.016289][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 488.505954][ T5227] Bluetooth: hci8: command 0x0406 tx timeout [ 489.056272][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 490.096259][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 491.136339][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 492.176449][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 493.216290][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 494.256260][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 495.296254][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 496.336299][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 497.376271][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 497.627239][T16234] Bluetooth: hci12: unexpected cc 0x0c03 length: 249 > 1 [ 497.636562][T16234] Bluetooth: hci12: unexpected cc 0x1003 length: 249 > 9 [ 497.637938][T16234] Bluetooth: hci12: unexpected cc 0x1001 length: 249 > 9 [ 497.640761][T16234] Bluetooth: hci12: unexpected cc 0x0c23 length: 249 > 4 [ 497.641507][T16234] Bluetooth: hci12: unexpected cc 0x0c25 length: 249 > 3 [ 497.641883][T16234] Bluetooth: hci12: unexpected cc 0x0c38 length: 249 > 2 [ 498.237736][T16237] Bluetooth: hci13: unexpected cc 0x0c03 length: 249 > 1 [ 498.243021][T16237] Bluetooth: hci13: unexpected cc 0x1003 length: 249 > 9 [ 498.244129][T16237] Bluetooth: hci13: unexpected cc 0x1001 length: 249 > 9 [ 498.245967][T16237] Bluetooth: hci13: unexpected cc 0x0c23 length: 249 > 4 [ 498.249429][T16237] Bluetooth: hci13: unexpected cc 0x0c25 length: 249 > 3 [ 498.249806][T16237] Bluetooth: hci13: unexpected cc 0x0c38 length: 249 > 2 [ 498.416258][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 498.677531][T16239] Bluetooth: hci14: unexpected cc 0x0c03 length: 249 > 1 [ 498.681139][T16239] Bluetooth: hci14: unexpected cc 0x1003 length: 249 > 9 [ 498.682328][T16239] Bluetooth: hci14: unexpected cc 0x1001 length: 249 > 9 [ 498.684171][T16239] Bluetooth: hci14: unexpected cc 0x0c23 length: 249 > 4 [ 498.684852][T16239] Bluetooth: hci14: unexpected cc 0x0c25 length: 249 > 3 [ 498.685960][T16239] Bluetooth: hci14: unexpected cc 0x0c38 length: 249 > 2 [ 499.456267][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 500.496552][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 501.536286][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 501.790879][ T1267] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.995812][T16243] Bluetooth: hci15: unexpected cc 0x0c03 length: 249 > 1 [ 502.000246][T16243] Bluetooth: hci15: unexpected cc 0x1003 length: 249 > 9 [ 502.001333][T16243] Bluetooth: hci15: unexpected cc 0x1001 length: 249 > 9 [ 502.002455][T16243] Bluetooth: hci15: unexpected cc 0x0c23 length: 249 > 4 [ 502.003166][T16243] Bluetooth: hci15: unexpected cc 0x0c25 length: 249 > 3 [ 502.003531][T16243] Bluetooth: hci15: unexpected cc 0x0c38 length: 249 > 2 [ 502.576268][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 503.616282][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 504.656278][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 505.696320][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 506.736299][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 507.776316][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 508.816667][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 509.856572][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 510.896246][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 511.937165][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 512.976261][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 514.016248][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 515.056257][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 516.096254][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 517.139235][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 518.176267][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 519.216248][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 520.256248][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 521.296263][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 522.336257][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 523.376250][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 524.416245][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 525.458141][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 526.496290][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 527.536256][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 528.478406][T16247] Bluetooth: hci16: unexpected cc 0x0c03 length: 249 > 1 [ 528.483194][T16247] Bluetooth: hci16: unexpected cc 0x1003 length: 249 > 9 [ 528.484330][T16247] Bluetooth: hci16: unexpected cc 0x1001 length: 249 > 9 [ 528.486830][T16247] Bluetooth: hci16: unexpected cc 0x0c23 length: 249 > 4 [ 528.487555][T16247] Bluetooth: hci16: unexpected cc 0x0c25 length: 249 > 3 [ 528.487914][T16247] Bluetooth: hci16: unexpected cc 0x0c38 length: 249 > 2 [ 528.576256][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 529.616270][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 530.656409][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 531.696363][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 532.736359][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 533.776496][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 534.816641][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 535.856348][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 536.356521][ C0] rcu: INFO: rcu_preempt self-detected stall on CPU [ 536.356556][ C0] rcu: 0-....: (10332 ticks this GP) idle=c9f4/1/0x4000000000000000 softirq=42690/42717 fqs=5234 [ 536.357530][ C0] rcu: hardirqs softirqs csw/system [ 536.357543][ C0] rcu: number: 15 114 0 [ 536.357558][ C0] rcu: cputime: 50961 1442 4218 ==> 52490(ms) [ 536.357582][ C0] rcu: (t=10500 jiffies g=67481 q=2448 ncpus=2) [ 536.357604][ C0] CPU: 0 UID: 0 PID: 8 Comm: kworker/0:0 Not tainted 6.11.0-rc6-syzkaller-00026-g88fac17500f4 #0 [ 536.357626][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 536.357640][ C0] Workqueue: events request_firmware_work_func [ 536.357675][ C0] RIP: 0010:__sanitizer_cov_trace_const_cmp8+0x0/0x90 [ 536.357704][ C0] Code: 10 48 89 74 0a 18 4c 89 44 0a 20 c3 cc cc cc cc 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1e fa 4c 8b 04 24 65 48 8b 0c 25 c0 d6 03 00 65 8b 05 70 45 [ 536.357721][ C0] RSP: 0018:ffffc90000007a98 EFLAGS: 00000246 [ 536.357740][ C0] RAX: 0000000000000100 RBX: ffff888031723b00 RCX: ffff88801cabda00 [ 536.357756][ C0] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0019999999999998 [ 536.357770][ C0] RBP: 0019999999999998 R08: ffffffff89b5b79b R09: fffff52000000f58 [ 536.357786][ C0] R10: dffffc0000000000 R11: fffff52000000f58 R12: 00051eb851eb851e [ 536.357801][ C0] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 536.357814][ C0] FS: 0000000000000000(0000) GS:ffff8880b8800000(0000) knlGS:0000000000000000 [ 536.357831][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 536.357845][ C0] CR2: 0000001b2ec17ff8 CR3: 000000000e534000 CR4: 00000000003506f0 [ 536.357863][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 536.357876][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 536.357889][ C0] Call Trace: [ 536.357897][ C0] [ 536.357907][ C0] ? rcu_dump_cpu_stacks+0x28a/0x440 [ 536.357942][ C0] ? print_cpu_stall+0x2e0/0x5a0 [ 536.357969][ C0] ? rcu_sched_clock_irq+0xa1d/0x10d0 [ 536.358008][ C0] ? __pfx_rcu_sched_clock_irq+0x10/0x10 [ 536.358037][ C0] ? hrtimer_run_queues+0x16c/0x460 [ 536.358059][ C0] ? acct_account_cputime+0x207/0x210 [ 536.358089][ C0] ? update_process_times+0x1ce/0x230 [ 536.358117][ C0] ? tick_nohz_handler+0x37c/0x500 [ 536.358144][ C0] ? __pfx_tick_nohz_handler+0x10/0x10 [ 536.358168][ C0] ? __hrtimer_run_queues+0x551/0xd50 [ 536.358208][ C0] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 536.358233][ C0] ? ktime_get_update_offsets_now+0x22d/0x250 [ 536.358267][ C0] ? hrtimer_interrupt+0x396/0x990 [ 536.358312][ C0] ? __sysvec_apic_timer_interrupt+0x110/0x3f0 [ 536.358344][ C0] ? sysvec_apic_timer_interrupt+0x52/0xc0 [ 536.358373][ C0] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 536.358405][ C0] ? pie_calculate_probability+0x35b/0x820 [ 536.358442][ C0] ? __pfx___sanitizer_cov_trace_const_cmp8+0x10/0x10 [ 536.358472][ C0] pie_calculate_probability+0x366/0x820 [ 536.358513][ C0] fq_pie_timer+0x26d/0x590 [ 536.358542][ C0] ? fq_pie_timer+0x4d/0x590 [ 536.358578][ C0] call_timer_fn+0x18e/0x650 [ 536.358606][ C0] ? call_timer_fn+0xc0/0x650 [ 536.358632][ C0] ? __pfx_fq_pie_timer+0x10/0x10 [ 536.358658][ C0] ? __pfx_call_timer_fn+0x10/0x10 [ 536.358688][ C0] ? __pfx_fq_pie_timer+0x10/0x10 [ 536.358715][ C0] ? __pfx_fq_pie_timer+0x10/0x10 [ 536.358742][ C0] ? __pfx_fq_pie_timer+0x10/0x10 [ 536.358767][ C0] ? _raw_spin_unlock_irq+0x23/0x50 [ 536.358794][ C0] ? lockdep_hardirqs_on+0x99/0x150 [ 536.358813][ C0] ? __pfx_fq_pie_timer+0x10/0x10 [ 536.358841][ C0] __run_timer_base+0x66a/0x8e0 [ 536.358880][ C0] ? __pfx___run_timer_base+0x10/0x10 [ 536.358924][ C0] run_timer_softirq+0xb7/0x170 [ 536.358951][ C0] handle_softirqs+0x2c4/0x970 [ 536.358981][ C0] ? __irq_exit_rcu+0xf4/0x1c0 [ 536.359010][ C0] ? __pfx_handle_softirqs+0x10/0x10 [ 536.359039][ C0] ? irqtime_account_irq+0xd4/0x1e0 [ 536.359069][ C0] __irq_exit_rcu+0xf4/0x1c0 [ 536.359093][ C0] ? __pfx___irq_exit_rcu+0x10/0x10 [ 536.359127][ C0] irq_exit_rcu+0x9/0x30 [ 536.359149][ C0] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 536.359177][ C0] [ 536.359185][ C0] [ 536.359194][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 536.359218][ C0] RIP: 0010:__sanitizer_cov_trace_pc+0x18/0x70 [ 536.359243][ C0] Code: 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 48 8b 04 24 65 48 8b 0c 25 c0 d6 03 00 65 8b 15 50 4a 70 7e <81> e2 00 01 ff 00 74 11 81 fa 00 01 00 00 75 35 83 b9 1c 16 00 00 [ 536.359258][ C0] RSP: 0018:ffffc900000d6bc8 EFLAGS: 00000297 [ 536.359276][ C0] RAX: ffffffff8baa6324 RBX: 0000000000000004 RCX: ffff88801cabda00 [ 536.359291][ C0] RDX: 0000000000000001 RSI: 0000000000000037 RDI: 0000000000000000 [ 536.359304][ C0] RBP: 0000000000000037 R08: ffffffff8baa6310 R09: ffffffff8baa2964 [ 536.359318][ C0] R10: 0000000000000012 R11: ffff88801cabda00 R12: ffffc900000d6e60 [ 536.359333][ C0] R13: ffffc900000d6f73 R14: ffffc900000d6f6f R15: fffffffffffffffe [ 536.359355][ C0] ? vsnprintf+0x184/0x1da0 [ 536.359377][ C0] ? string+0x1c0/0x2b0 [ 536.359397][ C0] ? string+0x1d4/0x2b0 [ 536.359432][ C0] string+0x1d4/0x2b0 [ 536.359460][ C0] vsnprintf+0x1101/0x1da0 [ 536.359493][ C0] ? __pfx_vsnprintf+0x10/0x10 [ 536.359528][ C0] sprintf+0xda/0x120 [ 536.359554][ C0] ? vsnprintf+0x1cc3/0x1da0 [ 536.359578][ C0] ? __pfx_sprintf+0x10/0x10 [ 536.359605][ C0] ? serial8250_console_write+0xdc6/0x1770 [ 536.359632][ C0] ? do_raw_spin_lock+0x14f/0x370 [ 536.359662][ C0] info_print_prefix+0x204/0x310 [ 536.359688][ C0] ? __pfx_info_print_prefix+0x10/0x10 [ 536.359724][ C0] printk_get_next_message+0x6da/0xbe0 [ 536.359756][ C0] ? __pfx_printk_get_next_message+0x10/0x10 [ 536.359802][ C0] ? __pfx_lock_release+0x10/0x10 [ 536.359826][ C0] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 536.359861][ C0] ? console_flush_all+0x3a8/0xfd0 [ 536.359887][ C0] console_flush_all+0x410/0xfd0 [ 536.359915][ C0] ? console_flush_all+0x152/0xfd0 [ 536.359948][ C0] ? __pfx_console_flush_all+0x10/0x10 [ 536.359974][ C0] ? __pfx_lock_acquire+0x10/0x10 [ 536.360003][ C0] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 536.360037][ C0] console_unlock+0x13b/0x4d0 [ 536.360063][ C0] ? __pfx_console_unlock+0x10/0x10 [ 536.360082][ C0] ? dev_vprintk_emit+0x2ae/0x330 [ 536.360110][ C0] ? dev_vprintk_emit+0x2ae/0x330 [ 536.360138][ C0] ? __pfx___down_trylock_console_sem+0x10/0x10 [ 536.360175][ C0] vprintk_emit+0x5dc/0x7c0 [ 536.360198][ C0] ? __pfx_vprintk_emit+0x10/0x10 [ 536.360219][ C0] ? __pfx_snprintf+0x10/0x10 [ 536.360249][ C0] ? read_word_at_a_time+0xe/0x20 [ 536.360269][ C0] ? sized_strscpy+0x8d/0x220 [ 536.360294][ C0] dev_vprintk_emit+0x2ae/0x330 [ 536.360325][ C0] ? __pfx_dev_vprintk_emit+0x10/0x10 [ 536.360371][ C0] dev_printk_emit+0xdd/0x120 [ 536.360403][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 536.360431][ C0] ? _raw_spin_lock_irq+0xdf/0x120 [ 536.360461][ C0] ? __pfx_dev_printk_emit+0x10/0x10 [ 536.360491][ C0] ? lockdep_hardirqs_on+0x99/0x150 [ 536.360512][ C0] ? _raw_spin_unlock_irq+0x2e/0x50 [ 536.360539][ C0] ? __dev_printk+0x137/0x1a0 [ 536.360563][ C0] _dev_err+0x122/0x170 [ 536.360585][ C0] ? ath9k_htc_wait_for_target+0xc2/0x160 [ 536.360606][ C0] ? __pfx__dev_err+0x10/0x10 [ 536.360625][ C0] ? __pfx_wait_for_completion_timeout+0x10/0x10 [ 536.360650][ C0] ? ieee80211_roc_setup+0x119/0x1d0 [ 536.360672][ C0] ? ieee80211_alloc_hw_nm+0x1835/0x1ea0 [ 536.360705][ C0] ath9k_htc_wait_for_target+0x132/0x160 [ 536.360728][ C0] ath9k_htc_probe_device+0x1a5/0x2240 [ 536.360761][ C0] ? lockdep_hardirqs_on+0x99/0x150 [ 536.360782][ C0] ? __pfx_ath9k_htc_probe_device+0x10/0x10 [ 536.360800][ C0] ? usb_submit_urb+0x10e4/0x1930 [ 536.360831][ C0] ? usb_free_urb+0x9f/0x120 [ 536.360851][ C0] ? ath9k_hif_usb_alloc_urbs+0x1003/0x10f0 [ 536.360881][ C0] ath9k_htc_hw_init+0x34/0x80 [ 536.360903][ C0] ath9k_hif_usb_firmware_cb+0x255/0x4b0 [ 536.360930][ C0] ? __pfx_ath9k_hif_usb_firmware_cb+0x10/0x10 [ 536.360951][ C0] request_firmware_work_func+0x1a4/0x280 [ 536.360983][ C0] ? __pfx_request_firmware_work_func+0x10/0x10 [ 536.361017][ C0] ? process_scheduled_works+0x945/0x1830 [ 536.361041][ C0] process_scheduled_works+0xa2c/0x1830 [ 536.361096][ C0] ? __pfx_process_scheduled_works+0x10/0x10 [ 536.361131][ C0] ? assign_work+0x364/0x3d0 [ 536.361161][ C0] worker_thread+0x86d/0xd10 [ 536.361202][ C0] ? __kthread_parkme+0x169/0x1d0 [ 536.361232][ C0] ? __pfx_worker_thread+0x10/0x10 [ 536.361257][ C0] kthread+0x2f0/0x390 [ 536.361284][ C0] ? __pfx_worker_thread+0x10/0x10 [ 536.361308][ C0] ? __pfx_kthread+0x10/0x10 [ 536.361337][ C0] ret_from_fork+0x4b/0x80 [ 536.361361][ C0] ? __pfx_kthread+0x10/0x10 [ 536.361389][ C0] ret_from_fork_asm+0x1a/0x30 [ 536.361438][ C0] [ 536.896887][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 537.631248][ T19] rcu: INFO: rcu_preempt detected expedited stalls on CPUs/tasks: { 0-.... } 10789 jiffies s: 21377 root: 0x1/. [ 537.631301][ T19] rcu: blocking rcu_node structures (internal RCU debug): [ 537.631323][ T19] Sending NMI from CPU 1 to CPUs 0: [ 537.631351][ C0] NMI backtrace for cpu 0 [ 537.631363][ C0] CPU: 0 UID: 0 PID: 8 Comm: kworker/0:0 Not tainted 6.11.0-rc6-syzkaller-00026-g88fac17500f4 #0 [ 537.631382][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 537.631393][ C0] Workqueue: events request_firmware_work_func [ 537.631418][ C0] RIP: 0010:unwind_next_frame+0x19cd/0x2a00 [ 537.631443][ C0] Code: 00 00 48 8b 2c 24 48 8d 5d 36 48 89 d8 48 c1 e8 03 42 0f b6 04 28 84 c0 0f 85 43 0f 00 00 0f b6 1b 31 ff 89 de e8 43 4e 52 00 <85> db 0f 84 2d 03 00 00 e8 36 4b 52 00 e9 4e 03 00 00 4c 89 fb 48 [ 537.631456][ C0] RSP: 0018:ffffc90000006f08 EFLAGS: 00000006 [ 537.631469][ C0] RAX: 0000000000010100 RBX: 0000000000000001 RCX: ffffc900000d6b18 [ 537.631480][ C0] RDX: ffff88801cabda00 RSI: 0000000000000001 RDI: 0000000000000000 [ 537.631491][ C0] RBP: ffffc90000006fe0 R08: ffffffff8141411d R09: ffffffff814140bf [ 537.631502][ C0] R10: 0000000000000003 R11: ffff88801cabda00 R12: 1ffff92000000dfe [ 537.631514][ C0] R13: dffffc0000000000 R14: ffffc900000d6b18 R15: 1ffff92000000dfc [ 537.631525][ C0] FS: 0000000000000000(0000) GS:ffff8880b8800000(0000) knlGS:0000000000000000 [ 537.631538][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 537.631549][ C0] CR2: 0000001b2ec17ff8 CR3: 000000000e534000 CR4: 00000000003506f0 [ 537.631568][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 537.631577][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 537.631587][ C0] Call Trace: [ 537.631593][ C0] [ 537.631601][ C0] ? nmi_cpu_backtrace+0x3c2/0x4d0 [ 537.631622][ C0] ? __pfx_lock_acquire+0x10/0x10 [ 537.631645][ C0] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 537.631664][ C0] ? nmi_handle+0x2a/0x5a0 [ 537.631688][ C0] ? nmi_cpu_backtrace_handler+0xc/0x20 [ 537.631707][ C0] ? nmi_handle+0x14f/0x5a0 [ 537.631721][ C0] ? nmi_handle+0x2a/0x5a0 [ 537.631737][ C0] ? unwind_next_frame+0x19cd/0x2a00 [ 537.631758][ C0] ? unwind_next_frame+0x674/0x2a00 [ 537.631779][ C0] ? default_do_nmi+0x63/0x160 [ 537.631800][ C0] ? exc_nmi+0x123/0x1f0 [ 537.631819][ C0] ? end_repeat_nmi+0xf/0x53 [ 537.631841][ C0] ? unwind_next_frame+0x196f/0x2a00 [ 537.631862][ C0] ? unwind_next_frame+0x19cd/0x2a00 [ 537.631886][ C0] ? unwind_next_frame+0x19cd/0x2a00 [ 537.631909][ C0] ? unwind_next_frame+0x19cd/0x2a00 [ 537.631932][ C0] ? unwind_next_frame+0x19cd/0x2a00 [ 537.631955][ C0] [ 537.631960][ C0] [ 537.631971][ C0] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 537.631991][ C0] ? __kernel_text_address+0xd/0x40 [ 537.632007][ C0] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 537.632026][ C0] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 537.632046][ C0] arch_stack_walk+0x151/0x1b0 [ 537.632065][ C0] ? __sanitizer_cov_trace_pc+0x18/0x70 [ 537.632089][ C0] stack_trace_save+0x118/0x1d0 [ 537.632108][ C0] ? __pfx_stack_trace_save+0x10/0x10 [ 537.632130][ C0] ? debug_check_no_obj_freed+0x561/0x580 [ 537.632146][ C0] ? do_raw_spin_lock+0x14f/0x370 [ 537.632164][ C0] ? __pfx_lock_release+0x10/0x10 [ 537.632186][ C0] kasan_save_track+0x3f/0x80 [ 537.632202][ C0] ? kasan_save_track+0x3f/0x80 [ 537.632217][ C0] ? kasan_save_free_info+0x40/0x50 [ 537.632238][ C0] ? poison_slab_object+0xe0/0x150 [ 537.632254][ C0] ? __kasan_slab_free+0x37/0x60 [ 537.632270][ C0] ? kfree+0x149/0x360 [ 537.632287][ C0] ? dummy_timer+0x7ce/0x45a0 [ 537.632305][ C0] ? __hrtimer_run_queues+0x59b/0xd50 [ 537.632320][ C0] ? hrtimer_interrupt+0x396/0x990 [ 537.632335][ C0] ? __sysvec_apic_timer_interrupt+0x110/0x3f0 [ 537.632358][ C0] ? sysvec_apic_timer_interrupt+0x52/0xc0 [ 537.632380][ C0] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 537.632399][ C0] ? pie_calculate_probability+0x487/0x820 [ 537.632421][ C0] ? fq_pie_timer+0x26d/0x590 [ 537.632442][ C0] ? call_timer_fn+0x18e/0x650 [ 537.632463][ C0] ? __run_timer_base+0x66a/0x8e0 [ 537.632483][ C0] ? run_timer_softirq+0xb7/0x170 [ 537.632503][ C0] ? handle_softirqs+0x2c4/0x970 [ 537.632521][ C0] ? __irq_exit_rcu+0xf4/0x1c0 [ 537.632539][ C0] ? irq_exit_rcu+0x9/0x30 [ 537.632561][ C0] ? sysvec_apic_timer_interrupt+0xa6/0xc0 [ 537.632583][ C0] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 537.632622][ C0] ? dummy_timer+0x7ce/0x45a0 [ 537.632638][ C0] kasan_save_free_info+0x40/0x50 [ 537.632660][ C0] poison_slab_object+0xe0/0x150 [ 537.632678][ C0] __kasan_slab_free+0x37/0x60 [ 537.632694][ C0] ? dummy_timer+0x7ce/0x45a0 [ 537.632710][ C0] kfree+0x149/0x360 [ 537.632731][ C0] dummy_timer+0x7ce/0x45a0 [ 537.632753][ C0] ? __pfx_lock_release+0x10/0x10 [ 537.632783][ C0] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 537.632807][ C0] ? __hrtimer_run_queues+0x477/0xd50 [ 537.632824][ C0] ? __pfx_lock_release+0x10/0x10 [ 537.632848][ C0] ? do_raw_spin_unlock+0x13c/0x8b0 [ 537.632871][ C0] ? __pfx_dummy_timer+0x10/0x10 [ 537.632892][ C0] ? __pfx_dummy_timer+0x10/0x10 [ 537.632910][ C0] __hrtimer_run_queues+0x59b/0xd50 [ 537.632926][ C0] ? ktime_get_update_offsets_now+0x3c/0x250 [ 537.632956][ C0] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 537.632979][ C0] hrtimer_interrupt+0x396/0x990 [ 537.633007][ C0] __sysvec_apic_timer_interrupt+0x110/0x3f0 [ 537.633032][ C0] sysvec_apic_timer_interrupt+0x52/0xc0 [ 537.633055][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 537.633075][ C0] RIP: 0010:pie_calculate_probability+0x487/0x820 [ 537.633097][ C0] Code: 89 de e8 9c d8 dd f7 4c 09 eb 0f 95 c0 40 08 e8 3c 01 75 07 e8 aa d3 dd f7 eb 48 e8 a3 d3 dd f7 48 8b 44 24 28 42 80 3c 30 00 <48> 8b 5c 24 30 74 08 48 89 df e8 ca f5 41 f8 48 8b 1b 48 89 d8 48 [ 537.633109][ C0] RSP: 0018:ffffc90000007aa0 EFLAGS: 00000246 [ 537.633121][ C0] RAX: 1ffff9200442d8b8 RBX: 0000000000000000 RCX: ffff88801cabda00 [ 537.633132][ C0] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000000 [ 537.633142][ C0] RBP: 0000000000000000 R08: ffffffff89b5b8a4 R09: fffff52000000f58 [ 537.633153][ C0] R10: dffffc0000000000 R11: fffff52000000f58 R12: ffffc9002216c5a8 [ 537.633164][ C0] R13: 0000000000000000 R14: dffffc0000000000 R15: 0000000000000000 [ 537.633178][ C0] ? pie_calculate_probability+0x464/0x820 [ 537.633211][ C0] fq_pie_timer+0x26d/0x590 [ 537.633232][ C0] ? fq_pie_timer+0x4d/0x590 [ 537.633259][ C0] call_timer_fn+0x18e/0x650 [ 537.633281][ C0] ? call_timer_fn+0xc0/0x650 [ 537.633302][ C0] ? __pfx_fq_pie_timer+0x10/0x10 [ 537.633323][ C0] ? __pfx_call_timer_fn+0x10/0x10 [ 537.633348][ C0] ? __pfx_fq_pie_timer+0x10/0x10 [ 537.633370][ C0] ? __pfx_fq_pie_timer+0x10/0x10 [ 537.633391][ C0] ? __pfx_fq_pie_timer+0x10/0x10 [ 537.633412][ C0] ? _raw_spin_unlock_irq+0x23/0x50 [ 537.633432][ C0] ? lockdep_hardirqs_on+0x99/0x150 [ 537.633447][ C0] ? __pfx_fq_pie_timer+0x10/0x10 [ 537.633469][ C0] __run_timer_base+0x66a/0x8e0 [ 537.633496][ C0] ? __pfx___run_timer_base+0x10/0x10 [ 537.633525][ C0] run_timer_softirq+0xb7/0x170 [ 537.633547][ C0] handle_softirqs+0x2c4/0x970 [ 537.633573][ C0] ? __irq_exit_rcu+0xf4/0x1c0 [ 537.633595][ C0] ? __pfx_handle_softirqs+0x10/0x10 [ 537.633616][ C0] ? irqtime_account_irq+0xd4/0x1e0 [ 537.633647][ C0] __irq_exit_rcu+0xf4/0x1c0 [ 537.633670][ C0] ? __pfx___irq_exit_rcu+0x10/0x10 [ 537.633694][ C0] irq_exit_rcu+0x9/0x30 [ 537.633711][ C0] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 537.633734][ C0] [ 537.633739][ C0] [ 537.633745][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 537.633764][ C0] RIP: 0010:__sanitizer_cov_trace_pc+0x18/0x70 [ 537.633785][ C0] Code: 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 48 8b 04 24 65 48 8b 0c 25 c0 d6 03 00 65 8b 15 50 4a 70 7e <81> e2 00 01 ff 00 74 11 81 fa 00 01 00 00 75 35 83 b9 1c 16 00 00 [ 537.633797][ C0] RSP: 0018:ffffc900000d6bc8 EFLAGS: 00000297 [ 537.633809][ C0] RAX: ffffffff8baa6324 RBX: 0000000000000004 RCX: ffff88801cabda00 [ 537.633820][ C0] RDX: 0000000000000001 RSI: 0000000000000037 RDI: 0000000000000000 [ 537.633829][ C0] RBP: 0000000000000037 R08: ffffffff8baa6310 R09: ffffffff8baa2964 [ 537.633840][ C0] R10: 0000000000000012 R11: ffff88801cabda00 R12: ffffc900000d6e60 [ 537.633851][ C0] R13: ffffc900000d6f73 R14: ffffc900000d6f6f R15: fffffffffffffffe [ 537.633867][ C0] ? vsnprintf+0x184/0x1da0 [ 537.633885][ C0] ? string+0x1c0/0x2b0 [ 537.633901][ C0] ? string+0x1d4/0x2b0 [ 537.633923][ C0] string+0x1d4/0x2b0 [ 537.633943][ C0] vsnprintf+0x1101/0x1da0 [ 537.633967][ C0] ? __pfx_vsnprintf+0x10/0x10 [ 537.633991][ C0] sprintf+0xda/0x120 [ 537.634011][ C0] ? vsnprintf+0x1cc3/0x1da0 [ 537.634030][ C0] ? __pfx_sprintf+0x10/0x10 [ 537.634050][ C0] ? serial8250_console_write+0xdc6/0x1770 [ 537.634072][ C0] ? do_raw_spin_lock+0x14f/0x370 [ 537.634093][ C0] info_print_prefix+0x204/0x310 [ 537.634114][ C0] ? __pfx_info_print_prefix+0x10/0x10 [ 537.634139][ C0] printk_get_next_message+0x6da/0xbe0 [ 537.634161][ C0] ? __pfx_printk_get_next_message+0x10/0x10 [ 537.634191][ C0] ? __pfx_lock_release+0x10/0x10 [ 537.634210][ C0] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 537.634236][ C0] ? console_flush_all+0x3a8/0xfd0 [ 537.634255][ C0] console_flush_all+0x410/0xfd0 [ 537.634275][ C0] ? console_flush_all+0x152/0xfd0 [ 537.634297][ C0] ? __pfx_console_flush_all+0x10/0x10 [ 537.634317][ C0] ? __pfx_lock_acquire+0x10/0x10 [ 537.634339][ C0] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 537.634363][ C0] console_unlock+0x13b/0x4d0 [ 537.634382][ C0] ? __pfx_console_unlock+0x10/0x10 [ 537.634396][ C0] ? dev_vprintk_emit+0x2ae/0x330 [ 537.634420][ C0] ? dev_vprintk_emit+0x2ae/0x330 [ 537.634442][ C0] ? __pfx___down_trylock_console_sem+0x10/0x10 [ 537.634467][ C0] vprintk_emit+0x5dc/0x7c0 [ 537.634483][ C0] ? __pfx_vprintk_emit+0x10/0x10 [ 537.634499][ C0] ? __pfx_snprintf+0x10/0x10 [ 537.634521][ C0] ? read_word_at_a_time+0xe/0x20 [ 537.634536][ C0] ? sized_strscpy+0x8d/0x220 [ 537.634554][ C0] dev_vprintk_emit+0x2ae/0x330 [ 537.634583][ C0] ? __pfx_dev_vprintk_emit+0x10/0x10 [ 537.634615][ C0] dev_printk_emit+0xdd/0x120 [ 537.634639][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 537.634658][ C0] ? _raw_spin_lock_irq+0xdf/0x120 [ 537.634681][ C0] ? __pfx_dev_printk_emit+0x10/0x10 [ 537.634705][ C0] ? lockdep_hardirqs_on+0x99/0x150 [ 537.634720][ C0] ? _raw_spin_unlock_irq+0x2e/0x50 [ 537.634741][ C0] ? __dev_printk+0x137/0x1a0 [ 537.634760][ C0] _dev_err+0x122/0x170 [ 537.634775][ C0] ? ath9k_htc_wait_for_target+0xc2/0x160 [ 537.634792][ C0] ? __pfx__dev_err+0x10/0x10 [ 537.634805][ C0] ? __pfx_wait_for_completion_timeout+0x10/0x10 [ 537.634824][ C0] ? ieee80211_roc_setup+0x119/0x1d0 [ 537.634840][ C0] ? ieee80211_alloc_hw_nm+0x1835/0x1ea0 [ 537.634865][ C0] ath9k_htc_wait_for_target+0x132/0x160 [ 537.634882][ C0] ath9k_htc_probe_device+0x1a5/0x2240 [ 537.634904][ C0] ? lockdep_hardirqs_on+0x99/0x150 [ 537.634919][ C0] ? __pfx_ath9k_htc_probe_device+0x10/0x10 [ 537.634933][ C0] ? usb_submit_urb+0x10e4/0x1930 [ 537.634955][ C0] ? usb_free_urb+0x9f/0x120 [ 537.634971][ C0] ? ath9k_hif_usb_alloc_urbs+0x1003/0x10f0 [ 537.634991][ C0] ath9k_htc_hw_init+0x34/0x80 [ 537.635008][ C0] ath9k_hif_usb_firmware_cb+0x255/0x4b0 [ 537.635028][ C0] ? __pfx_ath9k_hif_usb_firmware_cb+0x10/0x10 [ 537.635045][ C0] request_firmware_work_func+0x1a4/0x280 [ 537.635067][ C0] ? __pfx_request_firmware_work_func+0x10/0x10 [ 537.635091][ C0] ? process_scheduled_works+0x945/0x1830 [ 537.635111][ C0] process_scheduled_works+0xa2c/0x1830 [ 537.635145][ C0] ? __pfx_process_scheduled_works+0x10/0x10 [ 537.635170][ C0] ? assign_work+0x364/0x3d0 [ 537.635192][ C0] worker_thread+0x86d/0xd10 [ 537.635220][ C0] ? __kthread_parkme+0x169/0x1d0 [ 537.635243][ C0] ? __pfx_worker_thread+0x10/0x10 [ 537.635263][ C0] kthread+0x2f0/0x390 [ 537.635284][ C0] ? __pfx_worker_thread+0x10/0x10 [ 537.635304][ C0] ? __pfx_kthread+0x10/0x10 [ 537.635326][ C0] ret_from_fork+0x4b/0x80 [ 537.635346][ C0] ? __pfx_kthread+0x10/0x10 [ 537.635369][ C0] ret_from_fork_asm+0x1a/0x30 [ 537.635398][ C0] [ 537.936361][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 538.976363][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 540.016351][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 541.056361][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 542.096418][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 543.136419][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 544.176350][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 544.818807][T16249] Bluetooth: hci6: command 0x0406 tx timeout [ 545.216406][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 546.256435][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 547.296441][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 548.336393][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 549.376342][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 550.416408][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 551.456309][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 552.496311][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 553.536318][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 554.576313][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 555.616312][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 556.656288][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 557.696278][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 558.399936][T16260] Bluetooth: hci17: unexpected cc 0x0c03 length: 249 > 1 [ 558.404634][T16260] Bluetooth: hci17: unexpected cc 0x1003 length: 249 > 9 [ 558.405706][T16260] Bluetooth: hci17: unexpected cc 0x1001 length: 249 > 9 [ 558.416872][T16260] Bluetooth: hci17: unexpected cc 0x0c23 length: 249 > 4 [ 558.418422][T16260] Bluetooth: hci17: unexpected cc 0x0c25 length: 249 > 3 [ 558.418803][T16260] Bluetooth: hci17: unexpected cc 0x0c38 length: 249 > 2 [ 558.488061][T16260] Bluetooth: hci18: unexpected cc 0x0c03 length: 249 > 1 [ 558.493988][T16260] Bluetooth: hci18: unexpected cc 0x1003 length: 249 > 9 [ 558.495919][T16260] Bluetooth: hci18: unexpected cc 0x1001 length: 249 > 9 [ 558.504636][T16260] Bluetooth: hci18: unexpected cc 0x0c23 length: 249 > 4 [ 558.517143][T16260] Bluetooth: hci18: unexpected cc 0x0c25 length: 249 > 3 [ 558.517555][T16260] Bluetooth: hci18: unexpected cc 0x0c38 length: 249 > 2 [ 558.736358][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 559.404700][T16262] Bluetooth: hci19: unexpected cc 0x0c03 length: 249 > 1 [ 559.409853][T16262] Bluetooth: hci19: unexpected cc 0x1003 length: 249 > 9 [ 559.416927][T16262] Bluetooth: hci19: unexpected cc 0x1001 length: 249 > 9 [ 559.418900][T16262] Bluetooth: hci19: unexpected cc 0x0c23 length: 249 > 4 [ 559.419691][T16262] Bluetooth: hci19: unexpected cc 0x0c25 length: 249 > 3 [ 559.420068][T16262] Bluetooth: hci19: unexpected cc 0x0c38 length: 249 > 2 [ 559.776294][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 560.193402][T16262] Bluetooth: hci3: command 0x0406 tx timeout [ 560.193459][T16262] Bluetooth: hci4: command 0x0406 tx timeout [ 560.816302][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 561.856330][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 562.217220][T16267] Bluetooth: hci20: unexpected cc 0x0c03 length: 249 > 1 [ 562.221217][T16267] Bluetooth: hci20: unexpected cc 0x1003 length: 249 > 9 [ 562.222278][T16267] Bluetooth: hci20: unexpected cc 0x1001 length: 249 > 9 [ 562.224042][T16267] Bluetooth: hci20: unexpected cc 0x0c23 length: 249 > 4 [ 562.224738][T16267] Bluetooth: hci20: unexpected cc 0x0c25 length: 249 > 3 [ 562.225800][T16267] Bluetooth: hci20: unexpected cc 0x0c38 length: 249 > 2 [ 562.896250][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 563.253412][ T1267] ieee802154 phy0 wpan0: encryption failed: -22 [ 563.936255][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 564.976308][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 565.306695][T16269] Bluetooth: hci9: command 0x0406 tx timeout [ 565.306751][T16269] Bluetooth: hci10: command 0x0406 tx timeout [ 566.016322][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 567.056348][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 568.096307][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 569.136379][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 570.176315][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 571.216293][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 572.256294][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 573.296289][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 574.336371][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 575.376443][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 576.416397][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 577.456374][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 578.496391][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 579.536400][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 580.576413][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 581.616449][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 582.656362][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 583.701407][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 584.736306][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 585.776436][ C1] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 586.256984][ T30] INFO: task pool_workqueue_:3 blocked for more than 143 seconds. [ 586.257031][ T30] Not tainted 6.11.0-rc6-syzkaller-00026-g88fac17500f4 #0 [ 586.257044][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 586.257054][ T30] task:pool_workqueue_ state:D stack:26136 pid:3 tgid:3 ppid:2 flags:0x00004000 [ 586.257095][ T30] Call Trace: [ 586.257104][ T30] [ 586.257119][ T30] __schedule+0x17ae/0x4a10 [ 586.257174][ T30] ? __pfx___schedule+0x10/0x10 [ 586.257204][ T30] ? __pfx_lock_release+0x10/0x10 [ 586.257231][ T30] ? __mutex_trylock_common+0x92/0x2e0 [ 586.257264][ T30] ? schedule+0x90/0x320 [ 586.257289][ T30] schedule+0x14b/0x320 [ 586.257318][ T30] schedule_preempt_disabled+0x13/0x30 [ 586.257343][ T30] __mutex_lock+0x6a4/0xd70 [ 586.257367][ T30] ? __mutex_lock+0x527/0xd70 [ 586.257389][ T30] ? synchronize_rcu_expedited+0x451/0x830 [ 586.257426][ T30] ? __pfx___mutex_lock+0x10/0x10 [ 586.257454][ T30] ? do_raw_spin_unlock+0x13c/0x8b0 [ 586.257485][ T30] synchronize_rcu_expedited+0x451/0x830 [ 586.257515][ T30] ? __pfx_synchronize_rcu_expedited+0x10/0x10 [ 586.257562][ T30] ? __pfx___might_resched+0x10/0x10 [ 586.257585][ T30] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 586.257613][ T30] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 586.257650][ T30] synchronize_rcu+0x11b/0x360 [ 586.257675][ T30] ? __pfx_synchronize_rcu+0x10/0x10 [ 586.257705][ T30] ? __phys_addr+0x105/0x170 [ 586.257732][ T30] lockdep_unregister_key+0x4b7/0x540 [ 586.257762][ T30] ? __pfx_lockdep_unregister_key+0x10/0x10 [ 586.257788][ T30] ? __pfx_kvfree_call_rcu+0x10/0x10 [ 586.257815][ T30] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 586.257843][ T30] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 586.257870][ T30] pwq_release_workfn+0x6e9/0x860 [ 586.257905][ T30] kthread_worker_fn+0x500/0xaf0 [ 586.257935][ T30] ? kthread_worker_fn+0xdc/0xaf0 [ 586.257963][ T30] ? __pfx_pwq_release_workfn+0x10/0x10 [ 586.257989][ T30] ? __pfx_kthread_worker_fn+0x10/0x10 [ 586.258013][ T30] kthread+0x2f0/0x390 [ 586.258038][ T30] ? __pfx_kthread_worker_fn+0x10/0x10 [ 586.258061][ T30] ? __pfx_kthread+0x10/0x10 [ 586.258087][ T30] ret_from_fork+0x4b/0x80 [ 586.258111][ T30] ? __pfx_kthread+0x10/0x10 [ 586.258137][ T30] ret_from_fork_asm+0x1a/0x30 [ 586.258179][ T30] [ 586.258232][ T30] INFO: task kworker/u8:7:1302 blocked for more than 143 seconds. [ 586.258247][ T30] Not tainted 6.11.0-rc6-syzkaller-00026-g88fac17500f4 #0 [ 586.258259][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 586.258268][ T30] task:kworker/u8:7 state:D stack:20536 pid:1302 tgid:1302 ppid:2 flags:0x00004000 [ 586.258305][ T30] Workqueue: netns cleanup_net [ 586.258328][ T30] Call Trace: [ 586.258336][ T30] [ 586.258349][ T30] __schedule+0x17ae/0x4a10 [ 586.258399][ T30] ? __pfx___schedule+0x10/0x10 [ 586.258436][ T30] ? __pfx_lock_release+0x10/0x10 [ 586.258462][ T30] ? __mutex_trylock_common+0x92/0x2e0 [ 586.258484][ T30] ? kthread_data+0x52/0xd0 [ 586.258508][ T30] ? schedule+0x90/0x320 [ 586.258537][ T30] ? wq_worker_sleeping+0x66/0x240 [ 586.258566][ T30] ? schedule+0x90/0x320 [ 586.258590][ T30] schedule+0x14b/0x320 [ 586.258619][ T30] schedule_preempt_disabled+0x13/0x30 [ 586.258645][ T30] __mutex_lock+0x6a4/0xd70 [ 586.258668][ T30] ? __mutex_lock+0x527/0xd70 [ 586.258691][ T30] ? wg_netns_pre_exit+0x1f/0x1e0 [ 586.258714][ T30] ? __pfx___mutex_lock+0x10/0x10 [ 586.258740][ T30] ? __local_bh_enable_ip+0x168/0x200 [ 586.258765][ T30] ? cleanup_net+0x427/0xcc0 [ 586.258786][ T30] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 586.258813][ T30] wg_netns_pre_exit+0x1f/0x1e0 [ 586.258840][ T30] cleanup_net+0x615/0xcc0 [ 586.258869][ T30] ? __pfx_cleanup_net+0x10/0x10 [ 586.258904][ T30] ? process_scheduled_works+0x945/0x1830 [ 586.258927][ T30] process_scheduled_works+0xa2c/0x1830 [ 586.258981][ T30] ? __pfx_process_scheduled_works+0x10/0x10 [ 586.259016][ T30] ? assign_work+0x364/0x3d0 [ 586.259046][ T30] worker_thread+0x86d/0xd10 [ 586.259080][ T30] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 586.259112][ T30] ? __kthread_parkme+0x169/0x1d0 [ 586.259141][ T30] ? __pfx_worker_thread+0x10/0x10 [ 586.259166][ T30] kthread+0x2f0/0x390 [ 586.259233][ T30] ? __pfx_worker_thread+0x10/0x10 [ 586.259258][ T30] ? __pfx_kthread+0x10/0x10 [ 586.259285][ T30] ret_from_fork+0x4b/0x80 [ 586.259309][ T30] ? __pfx_kthread+0x10/0x10 [ 586.259336][ T30] ret_from_fork_asm+0x1a/0x30 [ 586.259378][ T30] [ 586.259437][ T30] INFO: task syz-executor:5223 blocked for more than 143 seconds. [ 586.259453][ T30] Not tainted 6.11.0-rc6-syzkaller-00026-g88fac17500f4 #0 [ 586.259465][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 586.259475][ T30] task:syz-executor state:D stack:20656 pid:5223 tgid:5223 ppid:1 flags:0x00000004 [ 586.259510][ T30] Call Trace: [ 586.259518][ T30] [ 586.259531][ T30] __schedule+0x17ae/0x4a10 [ 586.259581][ T30] ? __pfx___schedule+0x10/0x10 [ 586.259611][ T30] ? __pfx_lock_release+0x10/0x10 [ 586.259634][ T30] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 586.259675][ T30] ? schedule+0x90/0x320 [ 586.259700][ T30] schedule+0x14b/0x320 [ 586.259728][ T30] synchronize_rcu_expedited+0x70a/0x830 [ 586.259760][ T30] ? __pfx_synchronize_rcu_expedited+0x10/0x10 [ 586.259788][ T30] ? __pfx_autoremove_wake_function+0x10/0x10 [ 586.259821][ T30] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 586.259860][ T30] ? __pfx_up_write+0x10/0x10 [ 586.259881][ T30] ? shrink_dentry_list+0x59c/0x5b0 [ 586.259913][ T30] namespace_unlock+0x29f/0x4d0 [ 586.259938][ T30] ? __pfx_lock_release+0x10/0x10 [ 586.259966][ T30] ? __pfx_namespace_unlock+0x10/0x10 [ 586.260006][ T30] path_umount+0xeca/0xf70 [ 586.260038][ T30] ? __x64_sys_umount+0x123/0x170 [ 586.260066][ T30] ? __pfx_path_umount+0x10/0x10 [ 586.260101][ T30] __x64_sys_umount+0x123/0x170 [ 586.260126][ T30] ? __pfx___x64_sys_umount+0x10/0x10 [ 586.260153][ T30] ? do_syscall_64+0x100/0x230 [ 586.260178][ T30] ? do_syscall_64+0xb6/0x230 [ 586.260202][ T30] do_syscall_64+0xf3/0x230 [ 586.260224][ T30] ? clear_bhb_loop+0x35/0x90 [ 586.260250][ T30] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 586.260273][ T30] RIP: 0033:0x7fbb4f77e227 [ 586.260306][ T30] RSP: 002b:00007ffe1173a078 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 586.260328][ T30] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fbb4f77e227 [ 586.260344][ T30] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe1173a130 [ 586.260358][ T30] RBP: 00007ffe1173a130 R08: 0000000000000000 R09: 0000000000000000 [ 586.260372][ T30] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffe1173b1b0 [ 586.260387][ T30] R13: 00007fbb4f7eeebc R14: 0000000000068fa5 R15: 00007ffe1173b1f0 [ 586.260425][ T30] [ 586.260449][ T30] INFO: task syz.4.766:7022 blocked for more than 143 seconds. [ 586.260464][ T30] Not tainted 6.11.0-rc6-syzkaller-00026-g88fac17500f4 #0 [ 586.260476][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 586.260486][ T30] task:syz.4.766 state:D stack:19632 pid:7022 tgid:7021 ppid:5226 flags:0x00004002 [ 586.260520][ T30] Call Trace: [ 586.260527][ T30] [ 586.260541][ T30] __schedule+0x17ae/0x4a10 [ 586.260590][ T30] ? __pfx___schedule+0x10/0x10 [ 586.260616][ T30] ? __pfx_lock_release+0x10/0x10 [ 586.260641][ T30] ? __mutex_trylock_common+0x92/0x2e0 [ 586.260672][ T30] ? schedule+0x90/0x320 [ 586.261997][ T30] schedule+0x14b/0x320 [ 586.262037][ T30] schedule_preempt_disabled+0x13/0x30 [ 586.262064][ T30] __mutex_lock+0x6a4/0xd70 [ 586.262090][ T30] ? __mutex_lock+0x527/0xd70 [ 586.262113][ T30] ? tun_chr_close+0x3e/0x1b0 [ 586.262137][ T30] ? __pfx___mutex_lock+0x10/0x10 [ 586.262169][ T30] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 586.262201][ T30] tun_chr_close+0x3e/0x1b0 [ 586.262221][ T30] ? __pfx_tun_chr_close+0x10/0x10 [ 586.262242][ T30] __fput+0x24a/0x8a0 [ 586.262281][ T30] task_work_run+0x24f/0x310 [ 586.262309][ T30] ? __pfx_task_work_run+0x10/0x10 [ 586.262333][ T30] ? do_exit+0xa2a/0x27f0 [ 586.262351][ T30] ? kmem_cache_free+0x145/0x350 [ 586.262381][ T30] do_exit+0xa2f/0x27f0 [ 586.262410][ T30] ? __pfx_do_exit+0x10/0x10 [ 586.262437][ T30] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 586.262465][ T30] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 586.262493][ T30] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 586.262517][ T30] ? _raw_spin_lock_irq+0xdf/0x120 [ 586.262548][ T30] do_group_exit+0x207/0x2c0 [ 586.262567][ T30] ? _raw_spin_unlock_irq+0x23/0x50 [ 586.262592][ T30] ? lockdep_hardirqs_on+0x99/0x150 [ 586.262615][ T30] get_signal+0x16a1/0x1740 [ 586.262654][ T30] ? __pfx_get_signal+0x10/0x10 [ 586.262687][ T30] arch_do_signal_or_restart+0x96/0x860 [ 586.262716][ T30] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 586.262739][ T30] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 586.262777][ T30] ? syscall_exit_to_user_mode+0xa3/0x370 [ 586.262802][ T30] syscall_exit_to_user_mode+0xc9/0x370 [ 586.262826][ T30] do_syscall_64+0x100/0x230 [ 586.262848][ T30] ? clear_bhb_loop+0x35/0x90 [ 586.262875][ T30] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 586.262897][ T30] RIP: 0033:0x7f1b0d57cef9 [ 586.262916][ T30] RSP: 002b:00007f1b0e346038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 586.262940][ T30] RAX: 0000000000000014 RBX: 00007f1b0d735f80 RCX: 00007f1b0d57cef9 [ 586.262956][ T30] RDX: 0000000000000000 RSI: 0000000020000100 RDI: 0000000000000005 [ 586.262970][ T30] RBP: 00007f1b0d5ef01e R08: 0000000000000000 R09: 0000000000000000 [ 586.262984][ T30] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 586.262998][ T30] R13: 0000000000000000 R14: 00007f1b0d735f80 R15: 00007ffe3b2ca098 [ 586.263030][ T30] [ 586.263051][ T30] INFO: task syz.2.3197:12545 blocked for more than 143 seconds. [ 586.263067][ T30] Not tainted 6.11.0-rc6-syzkaller-00026-g88fac17500f4 #0 [ 586.263079][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 586.263089][ T30] task:syz.2.3197 state:D stack:21120 pid:12545 tgid:12544 ppid:5229 flags:0x00004002 [ 586.263125][ T30] Call Trace: [ 586.263133][ T30] [ 586.263146][ T30] __schedule+0x17ae/0x4a10 [ 586.263197][ T30] ? __pfx___schedule+0x10/0x10 [ 586.263227][ T30] ? __pfx_lock_release+0x10/0x10 [ 586.263253][ T30] ? __mutex_trylock_common+0x92/0x2e0 [ 586.263285][ T30] ? schedule+0x90/0x320 [ 586.263310][ T30] schedule+0x14b/0x320 [ 586.263339][ T30] schedule_preempt_disabled+0x13/0x30 [ 586.263364][ T30] __mutex_lock+0x6a4/0xd70 [ 586.263389][ T30] ? __mutex_lock+0x527/0xd70 [ 586.263418][ T30] ? tun_chr_close+0x3e/0x1b0 [ 586.263441][ T30] ? __pfx___mutex_lock+0x10/0x10 [ 586.263473][ T30] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 586.263504][ T30] tun_chr_close+0x3e/0x1b0 [ 586.263523][ T30] ? __pfx_tun_chr_close+0x10/0x10 [ 586.263544][ T30] __fput+0x24a/0x8a0 [ 586.263580][ T30] task_work_run+0x24f/0x310 [ 586.263607][ T30] ? __pfx_task_work_run+0x10/0x10 [ 586.263631][ T30] ? do_exit+0xa2a/0x27f0 [ 586.263648][ T30] ? kmem_cache_free+0x145/0x350 [ 586.263676][ T30] do_exit+0xa2f/0x27f0 [ 586.263705][ T30] ? __pfx_do_exit+0x10/0x10 [ 586.263724][ T30] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 586.263752][ T30] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 586.263779][ T30] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 586.263803][ T30] ? _raw_spin_lock_irq+0xdf/0x120 [ 586.263833][ T30] do_group_exit+0x207/0x2c0 [ 586.263851][ T30] ? _raw_spin_unlock_irq+0x23/0x50 [ 586.263876][ T30] ? lockdep_hardirqs_on+0x99/0x150 [ 586.263899][ T30] get_signal+0x16a1/0x1740 [ 586.263938][ T30] ? __pfx_get_signal+0x10/0x10 [ 586.263972][ T30] arch_do_signal_or_restart+0x96/0x860 [ 586.264000][ T30] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 586.264020][ T30] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 586.264060][ T30] ? syscall_exit_to_user_mode+0xa3/0x370 [ 586.264084][ T30] syscall_exit_to_user_mode+0xc9/0x370 [ 586.264109][ T30] do_syscall_64+0x100/0x230 [ 586.264131][ T30] ? clear_bhb_loop+0x35/0x90 [ 586.264157][ T30] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 586.264179][ T30] RIP: 0033:0x7f07f617cef9 [ 586.264195][ T30] RSP: 002b:00007f07f7060038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 586.264217][ T30] RAX: 0000000000000014 RBX: 00007f07f6335f80 RCX: 00007f07f617cef9 [ 586.264233][ T30] RDX: 0000000000000000 RSI: 0000000020000100 RDI: 0000000000000005 [ 586.264247][ T30] RBP: 00007f07f61ef01e R08: 0000000000000000 R09: 0000000000000000 [ 586.264261][ T30] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 586.264274][ T30] R13: 0000000000000000 R14: 00007f07f6335f80 R15: 00007ffc5c9df228 [ 586.264305][ T30] [ 586.264318][ T30] INFO: task kworker/u8:2:15340 blocked for more than 143 seconds. [ 586.264332][ T30] Not tainted 6.11.0-rc6-syzkaller-00026-g88fac17500f4 #0 [ 586.264343][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 586.264353][ T30] task:kworker/u8:2 state:D stack:22648 pid:15340 tgid:15340 ppid:2 flags:0x00004000 [ 586.264403][ T30] Workqueue: ipv6_addrconf addrconf_dad_work [ 586.264435][ T30] Call Trace: [ 586.264444][ T30] [ 586.264457][ T30] __schedule+0x17ae/0x4a10 [ 586.264506][ T30] ? __pfx___schedule+0x10/0x10 [ 586.264537][ T30] ? __pfx_lock_release+0x10/0x10 [ 586.264563][ T30] ? __mutex_trylock_common+0x92/0x2e0 [ 586.264586][ T30] ? kthread_data+0x52/0xd0 [ 586.264610][ T30] ? schedule+0x90/0x320 [ 586.264634][ T30] ? wq_worker_sleeping+0x66/0x240 [ 586.264663][ T30] ? schedule+0x90/0x320 [ 586.264687][ T30] schedule+0x14b/0x320 [ 586.264716][ T30] schedule_preempt_disabled+0x13/0x30 [ 586.264742][ T30] __mutex_lock+0x6a4/0xd70 [ 586.264761][ T30] ? mark_lock+0x9a/0x350 [ 586.264790][ T30] ? __mutex_lock+0x527/0xd70 [ 586.264813][ T30] ? addrconf_dad_work+0xd0/0x16f0 [ 586.264840][ T30] ? __pfx___mutex_lock+0x10/0x10 [ 586.264879][ T30] addrconf_dad_work+0xd0/0x16f0 [ 586.264915][ T30] ? __pfx_addrconf_dad_work+0x10/0x10 [ 586.264942][ T30] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 586.264981][ T30] ? process_scheduled_works+0x945/0x1830 [ 586.265004][ T30] process_scheduled_works+0xa2c/0x1830 [ 586.265058][ T30] ? __pfx_process_scheduled_works+0x10/0x10 [ 586.265093][ T30] ? assign_work+0x364/0x3d0 [ 586.265123][ T30] worker_thread+0x86d/0xd10 [ 586.265157][ T30] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 586.265188][ T30] ? __kthread_parkme+0x169/0x1d0 [ 586.265218][ T30] ? __pfx_worker_thread+0x10/0x10 [ 586.265242][ T30] kthread+0x2f0/0x390 [ 586.265268][ T30] ? __pfx_worker_thread+0x10/0x10 [ 586.265292][ T30] ? __pfx_kthread+0x10/0x10 [ 586.265320][ T30] ret_from_fork+0x4b/0x80 [ 586.265344][ T30] ? __pfx_kthread+0x10/0x10 [ 586.265371][ T30] ret_from_fork_asm+0x1a/0x30 [ 586.265418][ T30] [ 586.265427][ T30] INFO: task syz-executor:15908 blocked for more than 143 seconds. [ 586.265441][ T30] Not tainted 6.11.0-rc6-syzkaller-00026-g88fac17500f4 #0 [ 586.265453][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 586.265462][ T30] task:syz-executor state:D stack:20992 pid:15908 tgid:15908 ppid:1 flags:0x00004004 [ 586.265498][ T30] Call Trace: [ 586.265506][ T30] [ 586.265519][ T30] __schedule+0x17ae/0x4a10 [ 586.265569][ T30] ? __pfx___schedule+0x10/0x10 [ 586.265600][ T30] ? __pfx_lock_release+0x10/0x10 [ 586.265626][ T30] ? __mutex_trylock_common+0x92/0x2e0 [ 586.265659][ T30] ? schedule+0x90/0x320 [ 586.265684][ T30] schedule+0x14b/0x320 [ 586.265713][ T30] schedule_preempt_disabled+0x13/0x30 [ 586.265739][ T30] __mutex_lock+0x6a4/0xd70 [ 586.265764][ T30] ? __mutex_lock+0x527/0xd70 [ 586.265787][ T30] ? ieee80211_register_hw+0x2c4e/0x3e10 [ 586.265815][ T30] ? __pfx___mutex_lock+0x10/0x10 [ 586.265854][ T30] ieee80211_register_hw+0x2c4e/0x3e10 [ 586.265895][ T30] ? ieee80211_register_hw+0x1521/0x3e10 [ 586.265926][ T30] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 586.265963][ T30] ? __asan_memset+0x23/0x50 [ 586.265982][ T30] ? __hrtimer_init+0x170/0x250 [ 586.266007][ T30] mac80211_hwsim_new_radio+0x2a9f/0x4a90 [ 586.276424][ T30] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 586.276479][ T30] hwsim_new_radio_nl+0xece/0x2290 [ 586.276521][ T30] ? __pfx___nla_validate_parse+0x10/0x10 [ 586.276551][ T30] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 586.276613][ T30] ? genl_family_rcv_msg_attrs_parse+0x1d1/0x290 [ 586.276648][ T30] genl_rcv_msg+0xb14/0xec0 [ 586.276670][ T30] ? mark_lock+0x9a/0x350 [ 586.276706][ T30] ? __pfx_genl_rcv_msg+0x10/0x10 [ 586.276758][ T30] ? __pfx_lock_acquire+0x10/0x10 [ 586.276783][ T30] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 586.276810][ T30] ? __pfx___might_resched+0x10/0x10 [ 586.276845][ T30] netlink_rcv_skb+0x1e3/0x430 [ 586.276868][ T30] ? __pfx_genl_rcv_msg+0x10/0x10 [ 586.276895][ T30] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 586.276930][ T30] ? __netlink_deliver_tap+0x77e/0x7c0 [ 586.276968][ T30] genl_rcv+0x28/0x40 [ 586.276990][ T30] netlink_unicast+0x7f6/0x990 [ 586.277027][ T30] ? __pfx_netlink_unicast+0x10/0x10 [ 586.277052][ T30] ? __virt_addr_valid+0x183/0x530 [ 586.277075][ T30] ? __check_object_size+0x49c/0x900 [ 586.277095][ T30] ? bpf_lsm_netlink_send+0x9/0x10 [ 586.277122][ T30] netlink_sendmsg+0x8e4/0xcb0 [ 586.277158][ T30] ? __pfx_netlink_sendmsg+0x10/0x10 [ 586.277188][ T30] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 586.277211][ T30] ? security_socket_sendmsg+0x87/0xb0 [ 586.277236][ T30] ? __pfx_netlink_sendmsg+0x10/0x10 [ 586.277256][ T30] __sock_sendmsg+0x221/0x270 [ 586.277279][ T30] __sys_sendto+0x3a4/0x4f0 [ 586.277309][ T30] ? __pfx___sys_sendto+0x10/0x10 [ 586.277359][ T30] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 586.277387][ T30] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 586.277426][ T30] __x64_sys_sendto+0xde/0x100 [ 586.277454][ T30] do_syscall_64+0xf3/0x230 [ 586.277476][ T30] ? clear_bhb_loop+0x35/0x90 [ 586.277504][ T30] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 586.277527][ T30] RIP: 0033:0x7fe26b57ed8c [ 586.277546][ T30] RSP: 002b:00007fff7d660310 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 586.277571][ T30] RAX: ffffffffffffffda RBX: 00007fe26c264620 RCX: 00007fe26b57ed8c [ 586.277587][ T30] RDX: 0000000000000024 RSI: 00007fe26c264670 RDI: 0000000000000003 [ 586.277601][ T30] RBP: 0000000000000000 R08: 00007fff7d660364 R09: 000000000000000c [ 586.277616][ T30] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003 [ 586.277630][ T30] R13: 0000000000000000 R14: 00007fe26c264670 R15: 0000000000000000 [ 586.277661][ T30] [ 586.277675][ T30] INFO: task syz.3.4792:16198 blocked for more than 143 seconds. [ 586.277691][ T30] Not tainted 6.11.0-rc6-syzkaller-00026-g88fac17500f4 #0 [ 586.277703][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 586.277713][ T30] task:syz.3.4792 state:D stack:27056 pid:16198 tgid:16190 ppid:9584 flags:0x00000004 [ 586.277750][ T30] Call Trace: [ 586.277758][ T30] [ 586.277772][ T30] __schedule+0x17ae/0x4a10 [ 586.277824][ T30] ? __pfx___schedule+0x10/0x10 [ 586.277855][ T30] ? __pfx_lock_release+0x10/0x10 [ 586.277881][ T30] ? __mutex_trylock_common+0x92/0x2e0 [ 586.277913][ T30] ? schedule+0x90/0x320 [ 586.277939][ T30] schedule+0x14b/0x320 [ 586.277968][ T30] schedule_preempt_disabled+0x13/0x30 [ 586.277994][ T30] __mutex_lock+0x6a4/0xd70 [ 586.278019][ T30] ? __mutex_lock+0x527/0xd70 [ 586.278042][ T30] ? nl80211_pre_doit+0x5f/0x8b0 [ 586.278070][ T30] ? __pfx___mutex_lock+0x10/0x10 [ 586.278095][ T30] ? genl_family_rcv_msg_attrs_parse+0xa3/0x290 [ 586.278124][ T30] ? __nla_parse+0x40/0x60 [ 586.278152][ T30] nl80211_pre_doit+0x5f/0x8b0 [ 586.278186][ T30] genl_rcv_msg+0xaaa/0xec0 [ 586.278209][ T30] ? mark_lock+0x9a/0x350 [ 586.278243][ T30] ? __pfx_genl_rcv_msg+0x10/0x10 [ 586.278294][ T30] ? __pfx_lock_acquire+0x10/0x10 [ 586.278318][ T30] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 586.278342][ T30] ? __pfx_nl80211_connect+0x10/0x10 [ 586.278367][ T30] ? __pfx_nl80211_post_doit+0x10/0x10 [ 586.278393][ T30] ? __pfx___might_resched+0x10/0x10 [ 586.278434][ T30] netlink_rcv_skb+0x1e3/0x430 [ 586.278457][ T30] ? __pfx_genl_rcv_msg+0x10/0x10 [ 586.278483][ T30] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 586.278522][ T30] ? __netlink_deliver_tap+0x77e/0x7c0 [ 586.278559][ T30] genl_rcv+0x28/0x40 [ 586.278581][ T30] netlink_unicast+0x7f6/0x990 [ 586.278618][ T30] ? __pfx_netlink_unicast+0x10/0x10 [ 586.278643][ T30] ? __virt_addr_valid+0x183/0x530 [ 586.278665][ T30] ? __check_object_size+0x49c/0x900 [ 586.278686][ T30] ? bpf_lsm_netlink_send+0x9/0x10 [ 586.278713][ T30] netlink_sendmsg+0x8e4/0xcb0 [ 586.278748][ T30] ? __pfx_netlink_sendmsg+0x10/0x10 [ 586.278772][ T30] ? __import_iovec+0x536/0x820 [ 586.278799][ T30] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 586.278822][ T30] ? security_socket_sendmsg+0x87/0xb0 [ 586.278846][ T30] ? __pfx_netlink_sendmsg+0x10/0x10 [ 586.278866][ T30] __sock_sendmsg+0x221/0x270 [ 586.278890][ T30] ____sys_sendmsg+0x525/0x7d0 [ 586.278924][ T30] ? __pfx_____sys_sendmsg+0x10/0x10 [ 586.278967][ T30] __sys_sendmsg+0x2b0/0x3a0 [ 586.278995][ T30] ? __pfx___sys_sendmsg+0x10/0x10 [ 586.279054][ T30] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 586.279090][ T30] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 586.279116][ T30] ? exc_page_fault+0x590/0x8c0 [ 586.279140][ T30] ? do_syscall_64+0xb6/0x230 [ 586.279164][ T30] do_syscall_64+0xf3/0x230 [ 586.279186][ T30] ? clear_bhb_loop+0x35/0x90 [ 586.279212][ T30] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 586.279234][ T30] RIP: 0033:0x7f3b7fd7cef9 [ 586.279251][ T30] RSP: 002b:00007f3b80b9e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 586.279272][ T30] RAX: ffffffffffffffda RBX: 00007f3b7ff36058 RCX: 00007f3b7fd7cef9 [ 586.279288][ T30] RDX: 0000000000000000 RSI: 00000000200001c0 RDI: 0000000000000003 [ 586.279302][ T30] RBP: 00007f3b7fdef01e R08: 0000000000000000 R09: 0000000000000000 [ 586.279316][ T30] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 586.279329][ T30] R13: 0000000000000001 R14: 00007f3b7ff36058 R15: 00007fffb4b99eb8 [ 586.279361][ T30] [ 586.279371][ T30] INFO: task syz.2.4793:16194 blocked for more than 143 seconds. [ 586.279386][ T30] Not tainted 6.11.0-rc6-syzkaller-00026-g88fac17500f4 #0 [ 586.279398][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 586.279408][ T30] task:syz.2.4793 state:D stack:25104 pid:16194 tgid:16193 ppid:15025 flags:0x00004006 [ 586.279448][ T30] Call Trace: [ 586.279456][ T30] [ 586.279469][ T30] __schedule+0x17ae/0x4a10 [ 586.279519][ T30] ? __pfx___schedule+0x10/0x10 [ 586.279550][ T30] ? __pfx_lock_release+0x10/0x10 [ 586.279572][ T30] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 586.279611][ T30] ? schedule+0x90/0x320 [ 586.279636][ T30] schedule+0x14b/0x320 [ 586.279663][ T30] synchronize_rcu_expedited+0x70a/0x830 [ 586.279694][ T30] ? __pfx_synchronize_rcu_expedited+0x10/0x10 [ 586.279721][ T30] ? __pfx_autoremove_wake_function+0x10/0x10 [ 586.279764][ T30] ? __pfx___might_resched+0x10/0x10 [ 586.279806][ T30] synchronize_rcu+0x11b/0x360 [ 586.279833][ T30] ? __pfx_synchronize_rcu+0x10/0x10 [ 586.279858][ T30] ? lockdep_unlock+0x16a/0x300 [ 586.279881][ T30] ? __pfx_lockdep_unlock+0x10/0x10 [ 586.279902][ T30] ? preempt_count_add+0x93/0x190 [ 586.279926][ T30] ? __is_module_percpu_address+0x3a1/0x420 [ 586.279957][ T30] lockdep_unregister_key+0x4b7/0x540 [ 586.279987][ T30] ? __pfx_lockdep_unregister_key+0x10/0x10 [ 586.280028][ T30] qdisc_create+0xf38/0x11a0 [ 586.280066][ T30] ? __pfx_qdisc_create+0x10/0x10 [ 586.280102][ T30] tc_modify_qdisc+0xa26/0x1e40 [ 586.280146][ T30] ? __pfx_tc_modify_qdisc+0x10/0x10 [ 586.280196][ T30] ? __pfx_tc_modify_qdisc+0x10/0x10 [ 586.280224][ T30] rtnetlink_rcv_msg+0x73f/0xcf0 [ 586.280244][ T30] ? rtnetlink_rcv_msg+0x1a7/0xcf0 [ 586.280269][ T30] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 586.280297][ T30] ? ref_tracker_free+0x643/0x7e0 [ 586.280326][ T30] netlink_rcv_skb+0x1e3/0x430 [ 586.280348][ T30] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 586.280371][ T30] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 586.280422][ T30] ? netlink_deliver_tap+0x2e/0x1b0 [ 586.280447][ T30] netlink_unicast+0x7f6/0x990 [ 586.280484][ T30] ? __pfx_netlink_unicast+0x10/0x10 [ 586.280508][ T30] ? __virt_addr_valid+0x183/0x530 [ 586.280531][ T30] ? __check_object_size+0x49c/0x900 [ 586.280552][ T30] ? bpf_lsm_netlink_send+0x9/0x10 [ 586.280578][ T30] netlink_sendmsg+0x8e4/0xcb0 [ 586.280613][ T30] ? __pfx_netlink_sendmsg+0x10/0x10 [ 586.280637][ T30] ? __import_iovec+0x536/0x820 [ 586.280663][ T30] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 586.280686][ T30] ? security_socket_sendmsg+0x87/0xb0 [ 586.280711][ T30] ? __pfx_netlink_sendmsg+0x10/0x10 [ 586.280730][ T30] __sock_sendmsg+0x221/0x270 [ 586.280754][ T30] ____sys_sendmsg+0x525/0x7d0 [ 586.280789][ T30] ? __pfx_____sys_sendmsg+0x10/0x10 [ 586.280832][ T30] __sys_sendmsg+0x2b0/0x3a0 [ 586.280859][ T30] ? __pfx___sys_sendmsg+0x10/0x10 [ 586.280931][ T30] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 586.280959][ T30] ? do_syscall_64+0x100/0x230 [ 586.280983][ T30] ? do_syscall_64+0xb6/0x230 [ 586.281007][ T30] do_syscall_64+0xf3/0x230 [ 586.281029][ T30] ? clear_bhb_loop+0x35/0x90 [ 586.281055][ T30] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 586.281077][ T30] RIP: 0033:0x7f199ab7cef9 [ 586.281094][ T30] RSP: 002b:00007f199b8a9038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 586.281116][ T30] RAX: ffffffffffffffda RBX: 00007f199ad35f80 RCX: 00007f199ab7cef9 [ 586.281132][ T30] RDX: 0000000000000000 RSI: 00000000200012c0 RDI: 0000000000000003 [ 586.281146][ T30] RBP: 00007f199abef01e R08: 0000000000000000 R09: 0000000000000000 [ 586.281160][ T30] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 586.281174][ T30] R13: 0000000000000000 R14: 00007f199ad35f80 R15: 00007ffc7213dfe8 [ 586.281206][ T30] [ 586.281216][ T30] INFO: task syz.4.4797:16202 blocked for more than 143 seconds. [ 586.281230][ T30] Not tainted 6.11.0-rc6-syzkaller-00026-g88fac17500f4 #0 [ 586.281242][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 586.281251][ T30] task:syz.4.4797 state:D stack:23472 pid:16202 tgid:16201 ppid:10901 flags:0x00004004 [ 586.281285][ T30] Call Trace: [ 586.281293][ T30] [ 586.281306][ T30] __schedule+0x17ae/0x4a10 [ 586.281357][ T30] ? __pfx___schedule+0x10/0x10 [ 586.281386][ T30] ? __pfx_lock_release+0x10/0x10 [ 586.281409][ T30] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 586.281457][ T30] ? schedule+0x90/0x320 [ 586.281482][ T30] schedule+0x14b/0x320 [ 586.281511][ T30] synchronize_rcu_expedited+0x684/0x830 [ 586.281542][ T30] ? __pfx_synchronize_rcu_expedited+0x10/0x10 [ 586.281586][ T30] ? __pfx_wait_rcu_exp_gp+0x10/0x10 [ 586.281613][ T30] ? __pfx___might_resched+0x10/0x10 [ 586.281634][ T30] ? trace_contention_end+0x3c/0x120 [ 586.281654][ T30] ? __pfx_autoremove_wake_function+0x10/0x10 [ 586.281693][ T30] synchronize_rcu+0x11b/0x360 [ 586.281720][ T30] ? __pfx_synchronize_rcu+0x10/0x10 [ 586.281746][ T30] ? __pfx___static_call_update+0x10/0x10 [ 586.281783][ T30] bpf_dispatcher_change_prog+0xd83/0xf10 [ 586.281811][ T30] ? __pfx_bpf_dispatcher_change_prog+0x10/0x10 [ 586.281831][ T30] ? 0xffffffffa0001698 [ 586.281872][ T30] ? __pfx_xdp_test_run_init_page+0x10/0x10 [ 586.281912][ T30] ? _copy_from_user+0xa6/0xe0 [ 586.281936][ T30] ? bpf_test_init+0x15a/0x180 [ 586.281955][ T30] ? xdp_convert_md_to_buff+0x5b/0x330 [ 586.281979][ T30] bpf_prog_test_run_xdp+0x9ae/0x11b0 [ 586.282008][ T30] ? __pfx_lock_release+0x10/0x10 [ 586.282043][ T30] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 586.282064][ T30] ? __fget_files+0x29/0x470 [ 586.282099][ T30] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 586.282122][ T30] bpf_prog_test_run+0x33a/0x3b0 [ 586.282151][ T30] __sys_bpf+0x48d/0x810 [ 586.282177][ T30] ? __pfx___sys_bpf+0x10/0x10 [ 586.282214][ T30] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 586.282242][ T30] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 586.282270][ T30] ? do_syscall_64+0x100/0x230 [ 586.282296][ T30] __x64_sys_bpf+0x7c/0x90 [ 586.282320][ T30] do_syscall_64+0xf3/0x230 [ 586.282341][ T30] ? clear_bhb_loop+0x35/0x90 [ 586.282366][ T30] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 586.282388][ T30] RIP: 0033:0x7f1e9ed7cef9 [ 586.282404][ T30] RSP: 002b:00007f1e9fbed038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 586.282431][ T30] RAX: ffffffffffffffda RBX: 00007f1e9ef35f80 RCX: 00007f1e9ed7cef9 [ 586.282447][ T30] RDX: 0000000000000050 RSI: 00000000200000c0 RDI: 000000000000000a [ 586.282461][ T30] RBP: 00007f1e9edef01e R08: 0000000000000000 R09: 0000000000000000 [ 586.282475][ T30] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 586.282489][ T30] R13: 0000000000000000 R14: 00007f1e9ef35f80 R15: 00007ffc059a8368 [ 586.282522][ T30] [ 586.282530][ T30] Future hung task reports are suppressed, see sysctl kernel.hung_task_warnings [ 586.282542][ T30] INFO: task kworker/1:8:16205 blocked for more than 143 seconds. [ 586.282556][ T30] Not tainted 6.11.0-rc6-syzkaller-00026-g88fac17500f4 #0 [ 586.282568][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 586.282577][ T30] task:kworker/1:8 state:D stack:28624 pid:16205 tgid:16205 ppid:2 flags:0x00004000 [ 586.282614][ T30] Workqueue: events free_ipc [ 586.282640][ T30] Call Trace: [ 586.282648][ T30] [ 586.282661][ T30] __schedule+0x17ae/0x4a10 [ 586.282712][ T30] ? __pfx___schedule+0x10/0x10 [ 586.282739][ T30] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 586.282764][ T30] ? __pfx_lock_release+0x10/0x10 [ 586.282801][ T30] ? _raw_spin_unlock_irq+0x23/0x50 [ 586.282825][ T30] ? lockdep_hardirqs_on+0x99/0x150 [ 586.282846][ T30] ? schedule+0x90/0x320 [ 586.282871][ T30] schedule+0x14b/0x320 [ 586.282900][ T30] synchronize_rcu_expedited+0x70a/0x830 [ 586.282931][ T30] ? __pfx_synchronize_rcu_expedited+0x10/0x10 [ 586.282960][ T30] ? __pfx_autoremove_wake_function+0x10/0x10 [ 586.283002][ T30] ? __pfx___might_resched+0x10/0x10 [ 586.283044][ T30] synchronize_rcu+0x11b/0x360 [ 586.283071][ T30] ? __pfx_synchronize_rcu+0x10/0x10 [ 586.283095][ T30] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 586.283124][ T30] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 586.283159][ T30] free_ipc+0xb7/0x290 [ 586.283185][ T30] ? process_scheduled_works+0x945/0x1830 [ 586.283209][ T30] process_scheduled_works+0xa2c/0x1830 [ 586.283264][ T30] ? __pfx_process_scheduled_works+0x10/0x10 [ 586.283298][ T30] ? assign_work+0x364/0x3d0 [ 586.283328][ T30] worker_thread+0x86d/0xd10 [ 586.283362][ T30] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 586.283393][ T30] ? __kthread_parkme+0x169/0x1d0 [ 586.283427][ T30] ? __pfx_worker_thread+0x10/0x10 [ 586.283451][ T30] kthread+0x2f0/0x390 [ 586.283475][ T30] ? __pfx_worker_thread+0x10/0x10 [ 586.283497][ T30] ? __pfx_kthread+0x10/0x10 [ 586.283523][ T30] ret_from_fork+0x4b/0x80 [ 586.283546][ T30] ? __pfx_kthread+0x10/0x10 [ 586.283573][ T30] ret_from_fork_asm+0x1a/0x30 [ 586.283615][ T30] [ 586.283624][ T30] Future hung task reports are suppressed, see sysctl kernel.hung_task_warnings [ 586.283634][ T30] INFO: task syz-executor:16213 blocked for more than 143 seconds. [ 586.283648][ T30] Not tainted 6.11.0-rc6-syzkaller-00026-g88fac17500f4 #0 [ 586.283661][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 586.283670][ T30] task:syz-executor state:D stack:24992 pid:16213 tgid:16213 ppid:1 flags:0x00000004 [ 586.283705][ T30] Call Trace: [ 586.283713][ T30] [ 586.283726][ T30] __schedule+0x17ae/0x4a10 [ 586.283776][ T30] ? __pfx___schedule+0x10/0x10 [ 586.283806][ T30] ? __pfx_lock_release+0x10/0x10 [ 586.283832][ T30] ? __mutex_trylock_common+0x92/0x2e0 [ 586.283864][ T30] ? schedule+0x90/0x320 [ 586.283889][ T30] schedule+0x14b/0x320 [ 586.283917][ T30] schedule_preempt_disabled+0x13/0x30 [ 586.283943][ T30] __mutex_lock+0x6a4/0xd70 [ 586.283968][ T30] ? __mutex_lock+0x527/0xd70 [ 586.283990][ T30] ? rtnetlink_rcv_msg+0x6e6/0xcf0 [ 586.284012][ T30] ? __pfx___mutex_lock+0x10/0x10 [ 586.284051][ T30] rtnetlink_rcv_msg+0x6e6/0xcf0 [ 586.284069][ T30] ? rtnetlink_rcv_msg+0x1a7/0xcf0 [ 586.284090][ T30] ? __lock_acquire+0x137a/0x2040 [ 586.284116][ T30] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 586.284153][ T30] netlink_rcv_skb+0x1e3/0x430 [ 586.284176][ T30] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 586.284199][ T30] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 586.284245][ T30] ? netlink_deliver_tap+0x2e/0x1b0 [ 586.284269][ T30] netlink_unicast+0x7f6/0x990 [ 586.284306][ T30] ? __pfx_netlink_unicast+0x10/0x10 [ 586.284331][ T30] ? __virt_addr_valid+0x183/0x530 [ 586.284354][ T30] ? __check_object_size+0x49c/0x900 [ 586.284375][ T30] ? bpf_lsm_netlink_send+0x9/0x10 [ 586.284425][ T30] netlink_sendmsg+0x8e4/0xcb0 [ 586.284460][ T30] ? __pfx_netlink_sendmsg+0x10/0x10 [ 586.284490][ T30] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 586.284513][ T30] ? security_socket_sendmsg+0x87/0xb0 [ 586.284536][ T30] ? __pfx_netlink_sendmsg+0x10/0x10 [ 586.284555][ T30] __sock_sendmsg+0x221/0x270 [ 586.284579][ T30] __sys_sendto+0x3a4/0x4f0 [ 586.284609][ T30] ? __pfx___sys_sendto+0x10/0x10 [ 586.284660][ T30] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 586.284688][ T30] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 586.284714][ T30] ? exc_page_fault+0x590/0x8c0 [ 586.284736][ T30] __x64_sys_sendto+0xde/0x100 [ 586.284764][ T30] do_syscall_64+0xf3/0x230 [ 586.284785][ T30] ? clear_bhb_loop+0x35/0x90 [ 586.284812][ T30] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 586.284834][ T30] RIP: 0033:0x7f8bc117ed8c [ 586.284851][ T30] RSP: 002b:00007ffedd631180 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 586.284873][ T30] RAX: ffffffffffffffda RBX: 00007f8bc1e64620 RCX: 00007f8bc117ed8c [ 586.284888][ T30] RDX: 0000000000000028 RSI: 00007f8bc1e64670 RDI: 0000000000000003 [ 586.284903][ T30] RBP: 0000000000000000 R08: 00007ffedd6311d4 R09: 000000000000000c [ 586.284917][ T30] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003 [ 586.284930][ T30] R13: 0000000000000000 R14: 00007f8bc1e64670 R15: 0000000000000000 [ 586.284962][ T30] [ 586.284971][ T30] Future hung task reports are suppressed, see sysctl kernel.hung_task_warnings [ 586.284981][ T30] INFO: task syz-executor:16215 blocked for more than 143 seconds. [ 586.284995][ T30] Not tainted 6.11.0-rc6-syzkaller-00026-g88fac17500f4 #0 [ 586.285007][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 586.285016][ T30] task:syz-executor state:D stack:24992 pid:16215 tgid:16215 ppid:1 flags:0x00000004 [ 586.285050][ T30] Call Trace: [ 586.285059][ T30] [ 586.285072][ T30] __schedule+0x17ae/0x4a10 [ 586.285122][ T30] ? __pfx___schedule+0x10/0x10 [ 586.285152][ T30] ? __pfx_lock_release+0x10/0x10 [ 586.285178][ T30] ? __mutex_trylock_common+0x92/0x2e0 [ 586.285211][ T30] ? schedule+0x90/0x320 [ 586.285236][ T30] schedule+0x14b/0x320 [ 586.285265][ T30] schedule_preempt_disabled+0x13/0x30 [ 586.285290][ T30] __mutex_lock+0x6a4/0xd70 [ 586.285315][ T30] ? __mutex_lock+0x527/0xd70 [ 586.285338][ T30] ? rtnetlink_rcv_msg+0x6e6/0xcf0 [ 586.285360][ T30] ? __pfx___mutex_lock+0x10/0x10 [ 586.285399][ T30] rtnetlink_rcv_msg+0x6e6/0xcf0 [ 586.285424][ T30] ? rtnetlink_rcv_msg+0x1a7/0xcf0 [ 586.285446][ T30] ? __lock_acquire+0x137a/0x2040 [ 586.285473][ T30] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 586.285511][ T30] netlink_rcv_skb+0x1e3/0x430 [ 586.285534][ T30] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 586.285556][ T30] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 586.285602][ T30] ? netlink_deliver_tap+0x2e/0x1b0 [ 586.285627][ T30] netlink_unicast+0x7f6/0x990 [ 586.285663][ T30] ? __pfx_netlink_unicast+0x10/0x10 [ 586.285687][ T30] ? __virt_addr_valid+0x183/0x530 [ 586.285710][ T30] ? __check_object_size+0x49c/0x900 [ 586.285731][ T30] ? bpf_lsm_netlink_send+0x9/0x10 [ 586.285757][ T30] netlink_sendmsg+0x8e4/0xcb0 [ 586.285792][ T30] ? __pfx_netlink_sendmsg+0x10/0x10 [ 586.285821][ T30] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 586.285844][ T30] ? security_socket_sendmsg+0x87/0xb0 [ 586.285868][ T30] ? __pfx_netlink_sendmsg+0x10/0x10 [ 586.285887][ T30] __sock_sendmsg+0x221/0x270 [ 586.285911][ T30] __sys_sendto+0x3a4/0x4f0 [ 586.285940][ T30] ? __pfx___sys_sendto+0x10/0x10 [ 586.285991][ T30] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 586.286020][ T30] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 586.286046][ T30] ? exc_page_fault+0x590/0x8c0 [ 586.306355][ T30] __x64_sys_sendto+0xde/0x100 [ 586.306400][ T30] do_syscall_64+0xf3/0x230 [ 586.306430][ T30] ? clear_bhb_loop+0x35/0x90 [ 586.306458][ T30] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 586.306481][ T30] RIP: 0033:0x7f6b0a37ed8c [ 586.306500][ T30] RSP: 002b:00007fffb3472ef0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 586.306526][ T30] RAX: ffffffffffffffda RBX: 00007f6b0b064620 RCX: 00007f6b0a37ed8c [ 586.306542][ T30] RDX: 0000000000000028 RSI: 00007f6b0b064670 RDI: 0000000000000003 [ 586.306556][ T30] RBP: 0000000000000000 R08: 00007fffb3472f44 R09: 000000000000000c [ 586.306571][ T30] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003 [ 586.306584][ T30] R13: 0000000000000000 R14: 00007f6b0b064670 R15: 0000000000000000 [ 586.306615][ T30] [ 586.306623][ T30] Future hung task reports are suppressed, see sysctl kernel.hung_task_warnings [ 586.306635][ T30] INFO: task syz-executor:16217 blocked for more than 143 seconds. [ 586.306651][ T30] Not tainted 6.11.0-rc6-syzkaller-00026-g88fac17500f4 #0 [ 586.306662][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 586.306672][ T30] task:syz-executor state:D stack:24992 pid:16217 tgid:16217 ppid:1 flags:0x00000004 [ 586.306710][ T30] Call Trace: [ 586.306718][ T30] [ 586.306732][ T30] __schedule+0x17ae/0x4a10 [ 586.306784][ T30] ? __pfx___schedule+0x10/0x10 [ 586.306814][ T30] ? __pfx_lock_release+0x10/0x10 [ 586.306841][ T30] ? __mutex_trylock_common+0x92/0x2e0 [ 586.306873][ T30] ? schedule+0x90/0x320 [ 586.306898][ T30] schedule+0x14b/0x320 [ 586.306927][ T30] schedule_preempt_disabled+0x13/0x30 [ 586.306954][ T30] __mutex_lock+0x6a4/0xd70 [ 586.306979][ T30] ? __mutex_lock+0x527/0xd70 [ 586.307002][ T30] ? rtnetlink_rcv_msg+0x6e6/0xcf0 [ 586.307025][ T30] ? __pfx___mutex_lock+0x10/0x10 [ 586.307064][ T30] rtnetlink_rcv_msg+0x6e6/0xcf0 [ 586.307083][ T30] ? rtnetlink_rcv_msg+0x1a7/0xcf0 [ 586.307104][ T30] ? __lock_acquire+0x137a/0x2040 [ 586.307131][ T30] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 586.307169][ T30] netlink_rcv_skb+0x1e3/0x430 [ 586.307193][ T30] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 586.307215][ T30] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 586.307261][ T30] ? netlink_deliver_tap+0x2e/0x1b0 [ 586.307286][ T30] netlink_unicast+0x7f6/0x990 [ 586.307322][ T30] ? __pfx_netlink_unicast+0x10/0x10 [ 586.307347][ T30] ? __virt_addr_valid+0x183/0x530 [ 586.307369][ T30] ? __check_object_size+0x49c/0x900 [ 586.307392][ T30] ? bpf_lsm_netlink_send+0x9/0x10 [ 586.307433][ T30] netlink_sendmsg+0x8e4/0xcb0 [ 586.307469][ T30] ? __pfx_netlink_sendmsg+0x10/0x10 [ 586.307499][ T30] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 586.307522][ T30] ? security_socket_sendmsg+0x87/0xb0 [ 586.307547][ T30] ? __pfx_netlink_sendmsg+0x10/0x10 [ 586.307567][ T30] __sock_sendmsg+0x221/0x270 [ 586.307591][ T30] __sys_sendto+0x3a4/0x4f0 [ 586.307619][ T30] ? __pfx___sys_sendto+0x10/0x10 [ 586.307669][ T30] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 586.307698][ T30] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 586.307724][ T30] ? exc_page_fault+0x590/0x8c0 [ 586.307747][ T30] __x64_sys_sendto+0xde/0x100 [ 586.307776][ T30] do_syscall_64+0xf3/0x230 [ 586.307798][ T30] ? clear_bhb_loop+0x35/0x90 [ 586.307825][ T30] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 586.307848][ T30] RIP: 0033:0x7f2fe577ed8c [ 586.307866][ T30] RSP: 002b:00007ffef7195c50 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 586.307887][ T30] RAX: ffffffffffffffda RBX: 00007f2fe6464620 RCX: 00007f2fe577ed8c [ 586.307904][ T30] RDX: 0000000000000028 RSI: 00007f2fe6464670 RDI: 0000000000000003 [ 586.307919][ T30] RBP: 0000000000000000 R08: 00007ffef7195ca4 R09: 000000000000000c [ 586.307934][ T30] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003 [ 586.307948][ T30] R13: 0000000000000000 R14: 00007f2fe6464670 R15: 0000000000000000 [ 586.307981][ T30] [ 586.307990][ T30] Future hung task reports are suppressed, see sysctl kernel.hung_task_warnings [ 586.308001][ T30] INFO: task syz-executor:16220 blocked for more than 143 seconds. [ 586.308016][ T30] Not tainted 6.11.0-rc6-syzkaller-00026-g88fac17500f4 #0 [ 586.308029][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 586.308039][ T30] task:syz-executor state:D stack:24992 pid:16220 tgid:16220 ppid:1 flags:0x00000004 [ 586.308076][ T30] Call Trace: [ 586.308084][ T30] [ 586.308098][ T30] __schedule+0x17ae/0x4a10 [ 586.308150][ T30] ? __pfx___schedule+0x10/0x10 [ 586.308180][ T30] ? __pfx_lock_release+0x10/0x10 [ 586.308207][ T30] ? __mutex_trylock_common+0x92/0x2e0 [ 586.308240][ T30] ? schedule+0x90/0x320 [ 586.308266][ T30] schedule+0x14b/0x320 [ 586.308296][ T30] schedule_preempt_disabled+0x13/0x30 [ 586.308322][ T30] __mutex_lock+0x6a4/0xd70 [ 586.308347][ T30] ? __mutex_lock+0x527/0xd70 [ 586.308371][ T30] ? rtnetlink_rcv_msg+0x6e6/0xcf0 [ 586.308393][ T30] ? __pfx___mutex_lock+0x10/0x10 [ 586.308439][ T30] rtnetlink_rcv_msg+0x6e6/0xcf0 [ 586.308458][ T30] ? rtnetlink_rcv_msg+0x1a7/0xcf0 [ 586.308480][ T30] ? __lock_acquire+0x137a/0x2040 [ 586.308507][ T30] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 586.308550][ T30] netlink_rcv_skb+0x1e3/0x430 [ 586.308573][ T30] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 586.308596][ T30] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 586.308642][ T30] ? netlink_deliver_tap+0x2e/0x1b0 [ 586.308667][ T30] netlink_unicast+0x7f6/0x990 [ 586.308704][ T30] ? __pfx_netlink_unicast+0x10/0x10 [ 586.308730][ T30] ? __virt_addr_valid+0x183/0x530 [ 586.308753][ T30] ? __check_object_size+0x49c/0x900 [ 586.308775][ T30] ? bpf_lsm_netlink_send+0x9/0x10 [ 586.308802][ T30] netlink_sendmsg+0x8e4/0xcb0 [ 586.308837][ T30] ? __pfx_netlink_sendmsg+0x10/0x10 [ 586.308868][ T30] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 586.308891][ T30] ? security_socket_sendmsg+0x87/0xb0 [ 586.308915][ T30] ? __pfx_netlink_sendmsg+0x10/0x10 [ 586.308935][ T30] __sock_sendmsg+0x221/0x270 [ 586.308960][ T30] __sys_sendto+0x3a4/0x4f0 [ 586.308990][ T30] ? __pfx___sys_sendto+0x10/0x10 [ 586.309042][ T30] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 586.309071][ T30] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 586.309098][ T30] ? exc_page_fault+0x590/0x8c0 [ 586.309121][ T30] __x64_sys_sendto+0xde/0x100 [ 586.309149][ T30] do_syscall_64+0xf3/0x230 [ 586.309171][ T30] ? clear_bhb_loop+0x35/0x90 [ 586.309233][ T30] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 586.309256][ T30] RIP: 0033:0x7f47c617ed8c [ 586.309273][ T30] RSP: 002b:00007ffe0a866f00 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 586.309296][ T30] RAX: ffffffffffffffda RBX: 00007f47c6e64620 RCX: 00007f47c617ed8c [ 586.309312][ T30] RDX: 0000000000000028 RSI: 00007f47c6e64670 RDI: 0000000000000003 [ 586.309327][ T30] RBP: 0000000000000000 R08: 00007ffe0a866f54 R09: 000000000000000c [ 586.309342][ T30] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003 [ 586.309357][ T30] R13: 0000000000000000 R14: 00007f47c6e64670 R15: 0000000000000000 [ 586.309389][ T30] [ 586.309398][ T30] Future hung task reports are suppressed, see sysctl kernel.hung_task_warnings [ 586.309436][ T30] [ 586.309436][ T30] Showing all locks held in the system: [ 586.309447][ T30] 1 lock held by pool_workqueue_/3: [ 586.309461][ T30] #0: ffffffff8e73d6f8 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x451/0x830 [ 586.309527][ T30] 7 locks held by kworker/0:0/8: [ 586.309541][ T30] 2 locks held by kworker/u8:0/11: [ 586.309557][ T30] 1 lock held by khungtaskd/30: [ 586.309570][ T30] #0: ffffffff8e738320 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x55/0x2a0 [ 586.309634][ T30] 5 locks held by kworker/0:2/58: [ 586.309658][ T30] 4 locks held by kworker/u8:7/1302: [ 586.309671][ T30] #0: ffff88801b6e3148 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 586.309730][ T30] #1: ffffc90004747d00 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 586.309787][ T30] #2: ffffffff8fa6cc90 (pernet_ops_rwsem){++++}-{3:3}, at: cleanup_net+0x16a/0xcc0 [ 586.309842][ T30] #3: ffffffff8fa79848 (rtnl_mutex){+.+.}-{3:3}, at: wg_netns_pre_exit+0x1f/0x1e0 [ 586.309912][ T30] 5 locks held by kworker/u9:1/4614: [ 586.309926][ T30] #0: ffff88802598e148 ((wq_completion)hci8){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 586.309983][ T30] #1: ffffc9000d85fd00 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 586.310040][ T30] #2: ffff8880323acd80 (&hdev->req_lock){+.+.}-{3:3}, at: hci_cmd_sync_work+0x1ec/0x400 [ 586.310094][ T30] #3: ffff8880323ac078 (&hdev->lock){+.+.}-{3:3}, at: hci_abort_conn_sync+0x1ea/0xde0 [ 586.310151][ T30] #4: ffffffff8fbe5328 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_conn_failed+0x185/0x340 [ 586.310207][ T30] 2 locks held by getty/4975: [ 586.310220][ T30] #0: ffff88802ff8f0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 586.310279][ T30] #1: ffffc90002f162f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x6ac/0x1e00 [ 586.310335][ T30] 4 locks held by kworker/u9:3/5227: [ 586.310349][ T30] #0: ffff8880628ef148 ((wq_completion)hci12#2){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 586.310418][ T30] #1: ffffc90003d97d00 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 586.310476][ T30] #2: ffff888011860078 (&hdev->lock){+.+.}-{3:3}, at: hci_remote_features_evt+0x97/0xaf0 [ 586.310533][ T30] #3: ffffffff8fbe5328 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_remote_features_evt+0x4c3/0xaf0 [ 586.310591][ T30] 5 locks held by kworker/u9:9/5237: [ 586.310603][ T30] #0: ffff88805e86c148 ((wq_completion)hci3#2){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 586.310666][ T30] #1: ffffc90003ee7d00 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 586.310724][ T30] #2: ffff888032700d80 (&hdev->req_lock){+.+.}-{3:3}, at: hci_cmd_sync_work+0x1ec/0x400 [ 586.310776][ T30] #3: ffff888032700078 (&hdev->lock){+.+.}-{3:3}, at: hci_abort_conn_sync+0x1ea/0xde0 [ 586.310834][ T30] #4: ffffffff8fbe5328 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_conn_failed+0x185/0x340 [ 586.310890][ T30] 3 locks held by kworker/1:3/5304: [ 586.310903][ T30] #0: ffff88801a880948 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 586.310961][ T30] #1: ffffc90004177d00 (deferred_process_work){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 586.311018][ T30] #2: ffffffff8fa79848 (rtnl_mutex){+.+.}-{3:3}, at: switchdev_deferred_process_work+0xe/0x20 [ 586.311076][ T30] 1 lock held by syz.4.766/7022: [ 586.311089][ T30] #0: ffffffff8fa79848 (rtnl_mutex){+.+.}-{3:3}, at: tun_chr_close+0x3e/0x1b0 [ 586.311145][ T30] 1 lock held by syz.1.1707/9114: [ 586.311161][ T30] 1 lock held by syz.2.3197/12545: [ 586.311174][ T30] #0: ffffffff8fa79848 (rtnl_mutex){+.+.}-{3:3}, at: tun_chr_close+0x3e/0x1b0 [ 586.311230][ T30] 3 locks held by kworker/u8:2/15340: [ 586.311243][ T30] #0: ffff88802fe38148 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 586.311302][ T30] #1: ffffc900097c7d00 ((work_completion)(&(&ifa->dad_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 586.311360][ T30] #2: ffffffff8fa79848 (rtnl_mutex){+.+.}-{3:3}, at: addrconf_dad_work+0xd0/0x16f0 [ 586.311424][ T30] 3 locks held by syz-executor/15908: [ 586.311438][ T30] #0: ffffffff8fadefb0 (cb_lock){++++}-{3:3}, at: genl_rcv+0x19/0x40 [ 586.311494][ T30] #1: ffffffff8fadee68 (genl_mutex){+.+.}-{3:3}, at: genl_rcv_msg+0x121/0xec0 [ 586.311551][ T30] #2: ffffffff8fa79848 (rtnl_mutex){+.+.}-{3:3}, at: ieee80211_register_hw+0x2c4e/0x3e10 [ 586.311613][ T30] 2 locks held by syz.3.4792/16198: [ 586.311626][ T30] #0: ffffffff8fadefb0 (cb_lock){++++}-{3:3}, at: genl_rcv+0x19/0x40 [ 586.311681][ T30] #1: ffffffff8fa79848 (rtnl_mutex){+.+.}-{3:3}, at: nl80211_pre_doit+0x5f/0x8b0 [ 586.311742][ T30] 1 lock held by syz.2.4793/16194: [ 586.311755][ T30] #0: ffffffff8fa79848 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6e6/0xcf0 [ 586.311808][ T30] 2 locks held by syz.4.4797/16202: [ 586.311821][ T30] #0: ffffffff8fa7c888 (bpf_dispatcher_xdp.mutex){+.+.}-{3:3}, at: bpf_dispatcher_change_prog+0xa0/0xf10 [ 586.311874][ T30] #1: ffffffff8e73d6f8 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x451/0x830 [ 586.311935][ T30] 2 locks held by kworker/1:8/16205: [ 586.311947][ T30] #0: ffff88801a880948 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 586.312004][ T30] #1: ffffc90009b07d00 (free_ipc_work){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 586.312061][ T30] 1 lock held by syz-executor/16213: [ 586.312074][ T30] #0: ffffffff8fa79848 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6e6/0xcf0 [ 586.312127][ T30] 1 lock held by syz-executor/16215: [ 586.312140][ T30] #0: ffffffff8fa79848 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6e6/0xcf0 [ 586.312192][ T30] 1 lock held by syz-executor/16217: [ 586.312206][ T30] #0: ffffffff8fa79848 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6e6/0xcf0 [ 586.312258][ T30] 1 lock held by syz-executor/16220: [ 586.312271][ T30] #0: ffffffff8fa79848 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6e6/0xcf0 [ 586.312323][ T30] 1 lock held by syz-executor/16223: [ 586.312337][ T30] #0: ffffffff8fa79848 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6e6/0xcf0 [ 586.312389][ T30] 1 lock held by dhcpcd/16225: [ 586.312401][ T30] #0: ffff88806f100258 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x32/0xcb0 [ 586.312468][ T30] 1 lock held by dhcpcd/16226: [ 586.312481][ T30] #0: ffff8880511fa258 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x32/0xcb0 [ 586.312540][ T30] 1 lock held by dhcpcd/16227: [ 586.312553][ T30] #0: ffff88802f782258 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x32/0xcb0 [ 586.312613][ T30] 1 lock held by dhcpcd/16228: [ 586.312624][ T30] #0: ffff88806a664258 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x32/0xcb0 [ 586.312683][ T30] 1 lock held by syz-executor/16231: [ 586.312696][ T30] #0: ffffffff8fa79848 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6e6/0xcf0 [ 586.312749][ T30] 4 locks held by kworker/u9:0/16234: [ 586.312762][ T30] #0: ffff88802fd86148 ((wq_completion)hci13#2){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 586.312825][ T30] #1: ffffc90005927d00 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 586.312883][ T30] #2: ffff888050920078 (&hdev->lock){+.+.}-{3:3}, at: hci_remote_features_evt+0x97/0xaf0 [ 586.312940][ T30] #3: ffffffff8fbe5328 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_remote_features_evt+0x4c3/0xaf0 [ 586.312997][ T30] 1 lock held by syz-executor/16235: [ 586.313010][ T30] #0: ffffffff8fa79848 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6e6/0xcf0 [ 586.313062][ T30] 4 locks held by kworker/u9:2/16237: [ 586.313075][ T30] #0: ffff88807b492148 ((wq_completion)hci14#2){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 586.313138][ T30] #1: ffffc90004de7d00 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 586.313195][ T30] #2: ffff88806a13c078 (&hdev->lock){+.+.}-{3:3}, at: hci_remote_features_evt+0x97/0xaf0 [ 586.313252][ T30] #3: ffffffff8fbe5328 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_remote_features_evt+0x4c3/0xaf0 [ 586.313309][ T30] 1 lock held by syz-executor/16238: [ 586.313323][ T30] #0: ffffffff8fa79848 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6e6/0xcf0 [ 586.313375][ T30] 4 locks held by kworker/u9:4/16239: [ 586.313388][ T30] #0: ffff888046240948 ((wq_completion)hci15#2){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 586.313457][ T30] #1: ffffc90004affd00 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 586.313514][ T30] #2: ffff888029b84078 (&hdev->lock){+.+.}-{3:3}, at: hci_remote_features_evt+0x97/0xaf0 [ 586.313572][ T30] #3: ffffffff8fbe5328 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_remote_features_evt+0x4c3/0xaf0 [ 586.313630][ T30] 1 lock held by syz-executor/16242: [ 586.313642][ T30] #0: ffffffff8fa79848 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6e6/0xcf0 [ 586.313694][ T30] 4 locks held by kworker/u9:5/16243: [ 586.313706][ T30] #0: ffff88802ea75148 ((wq_completion)hci16#2){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 586.313768][ T30] #1: ffffc90004897d00 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 586.313821][ T30] #2: ffff888066560078 (&hdev->lock){+.+.}-{3:3}, at: hci_remote_features_evt+0x97/0xaf0 [ 586.313878][ T30] #3: ffffffff8fbe5328 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_remote_features_evt+0x4c3/0xaf0 [ 586.313936][ T30] 1 lock held by syz-executor/16246: [ 586.313949][ T30] #0: ffffffff8fa79848 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6e6/0xcf0 [ 586.314002][ T30] 5 locks held by kworker/u9:6/16247: [ 586.314015][ T30] #0: ffff888031dee148 ((wq_completion)hci6){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 586.314072][ T30] #1: ffffc90004617d00 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 586.314129][ T30] #2: ffff888062b7cd80 (&hdev->req_lock){+.+.}-{3:3}, at: hci_cmd_sync_work+0x1ec/0x400 [ 586.314182][ T30] #3: ffff888062b7c078 (&hdev->lock){+.+.}-{3:3}, at: hci_abort_conn_sync+0x1ea/0xde0 [ 586.314239][ T30] #4: ffffffff8fbe5328 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_conn_failed+0x185/0x340 [ 586.314292][ T30] 5 locks held by kworker/u9:7/16249: [ 586.314305][ T30] #0: ffff88801db47948 ((wq_completion)hci4#3){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 586.314367][ T30] #1: ffffc90004347d00 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 586.314430][ T30] #2: ffff88804bd24d80 (&hdev->req_lock){+.+.}-{3:3}, at: hci_cmd_sync_work+0x1ec/0x400 [ 586.314484][ T30] #3: ffff88804bd24078 (&hdev->lock){+.+.}-{3:3}, at: hci_abort_conn_sync+0x1ea/0xde0 [ 586.314541][ T30] #4: ffffffff8fbe5328 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_conn_failed+0x185/0x340 [ 586.314594][ T30] 5 locks held by kworker/u9:8/16252: [ 586.314608][ T30] #0: ffff88807c697148 ((wq_completion)hci10){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 586.314664][ T30] #1: ffffc90000be7d00 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 586.314721][ T30] #2: ffff88804baa4d80 (&hdev->req_lock){+.+.}-{3:3}, at: hci_cmd_sync_work+0x1ec/0x400 [ 586.314774][ T30] #3: ffff88804baa4078 (&hdev->lock){+.+.}-{3:3}, at: hci_abort_conn_sync+0x1ea/0xde0 [ 586.314832][ T30] #4: ffffffff8fbe5328 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_conn_failed+0x185/0x340 [ 586.314885][ T30] 4 locks held by kworker/u9:10/16253: [ 586.314898][ T30] #0: ffff888033606948 ((wq_completion)hci17#2){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 586.314961][ T30] #1: ffffc9000422fd00 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 586.315018][ T30] #2: ffff88807c760078 (&hdev->lock){+.+.}-{3:3}, at: hci_remote_features_evt+0x97/0xaf0 [ 586.315075][ T30] #3: ffffffff8fbe5328 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_remote_features_evt+0x4c3/0xaf0 [ 586.315133][ T30] 1 lock held by syz-executor/16254: [ 586.315146][ T30] #0: ffffffff8fa79848 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6e6/0xcf0 [ 586.315198][ T30] 1 lock held by syz-executor/16255: [ 586.315211][ T30] #0: ffffffff8fa79848 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6e6/0xcf0 [ 586.315264][ T30] 4 locks held by kworker/u9:11/16258: